Hjelp til HJT logg

Ravenlord · 25. oktober 2007

Holder på å fikse en pc for en jeg kjenner, den var godt infisert.

HJT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:45:55, on 25.10.2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\regsvr32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\ehome\ehmsas.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://no.yahoo.com/" target="_blank">http://no.yahoo.com/</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop" target="_blank">http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop" target="_blank">http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop</a>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Online Start\IEFixItNowPlugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: (no name) - {61AB8A39-FCCB-47CC-BAF3-750D1834E773} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Program Files\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - <a href="http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab" target="_blank">http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab</a>

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: bxsbang - {6F0BAD0B-69DC-433F-8A02-BAE0C0577E43} - C:\Windows\bxsbang.dll

O21 - SSODL: ocgrep - {328B1253-5868-4FEB-8B07-2CED82C5628E} - C:\Windows\ocgrep.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10542 bytes

Combofix

ComboFix 07-10-25.4 - kyrre 2007-10-25 20:49:44.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.322 [GMT 2:00]

Running from: F:\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\ProgramData.\bexkbelm.dll

.

((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))

.

2007-10-25 20:32 51,200 --a------ C:\Windows\NirCmd.exe

2007-10-25 20:30 <DIR> d-------- C:\Program Files\Trend Micro

2007-10-25 20:04 <DIR> d-------- C:\Users\All Users\Lavasoft

2007-10-25 20:04 <DIR> d-------- C:\ProgramData\Lavasoft

2007-10-25 20:04 <DIR> d-------- C:\Program Files\Lavasoft

2007-10-25 17:30 <DIR> d-------- C:\Program Files\CCleaner

2007-10-25 16:11 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2007-10-25 16:11 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2007-10-25 16:10 <DIR> d-------- C:\Users\kyrre\AppData\Roaming\SUPERAntiSpyware.com

2007-10-25 16:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2007-10-25 16:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-10-25 16:08 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy

2007-10-25 16:08 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy

2007-10-22 13:05 <DIR> d-------- C:\Program Files\rdpwczkq

2007-10-22 12:58 284,160 --a------ C:\Windows\ocgrep.dll

2007-10-22 12:58 260,096 --a------ C:\Windows\bxsbang.dll

2007-10-22 12:58 107,520 --a------ C:\Windows\kthemup.exe

2007-10-18 18:54 0 --a------ C:\Windows\nsreg.dat

2007-10-18 18:53 <DIR> d-------- C:\Program Files\Real

2007-10-18 18:53 <DIR> d-------- C:\Program Files\Common Files\xing shared

2007-10-18 18:53 <DIR> d-------- C:\Program Files\Common Files\Real

2007-10-18 18:52 3,424 --a------ C:\Windows\mozver.dat

2007-10-18 17:49 <DIR> d-------- C:\Users\All Users\Adobe

2007-10-18 17:49 <DIR> d-------- C:\Program Files\Common Files\Adobe

2007-10-14 12:03 <DIR> d-a------ C:\Users\All Users\TEMP

2007-10-14 12:03 <DIR> d-a------ C:\ProgramData\TEMP

2007-10-14 12:02 <DIR> d-------- C:\Users\kyrre\AppData\Roaming\SpinTop

2007-10-14 12:02 <DIR> d-------- C:\Program Files\Chessmaster Challenge

2007-10-11 12:43 <DIR> d-------- C:\Users\kyrre\AppData\Roaming\AdobeUM

2007-10-11 03:02 788,992 --a------ C:\Windows\System32\rpcrt4.dll

2007-10-11 03:02 737,792 --a------ C:\Windows\System32\inetcomm.dll

2007-10-11 03:02 84,480 --a------ C:\Windows\System32\INETRES.dll

2007-10-04 02:22 <DIR> d-------- C:\Users\kyrre\AppData\Roaming\Symantec

2007-10-04 02:17 <DIR> d-------- C:\Program Files\Norton Internet Security

2007-10-04 02:15 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS

2007-10-03 01:40 2,048 --a------ C:\Windows\System32\tzres.dll

2007-10-03 01:38 1,191,936 --a------ C:\Windows\System32\msxml3.dll

2007-10-03 01:38 2,048 --a------ C:\Windows\System32\msxml3r.dll

2007-10-03 01:37 1,335,296 --a------ C:\Windows\System32\msxml6.dll

2007-10-03 01:37 2,048 --a------ C:\Windows\System32\msxml6r.dll

2007-10-03 01:34 750,080 --a------ C:\Windows\System32\qmgr.dll

2007-10-03 00:49 <DIR> d-------- C:\Windows\PCHEALTH

2007-10-03 00:49 <DIR> d-------- C:\Program Files\MSN Messenger

2007-10-02 15:57 1,712,984 --a------ C:\Windows\System32\wuaueng.dll

2007-10-02 15:57 1,524,224 --a------ C:\Windows\System32\wucltux.dll

2007-10-02 15:57 549,720 --a------ C:\Windows\System32\wuapi.dll

2007-10-02 15:57 80,896 --a------ C:\Windows\System32\wudriver.dll

2007-10-02 15:57 53,080 --a------ C:\Windows\System32\wuauclt.exe

2007-10-02 15:57 43,352 --a------ C:\Windows\System32\wups2.dll

2007-10-02 15:57 33,624 --a------ C:\Windows\System32\wups.dll

2007-10-02 15:56 163,000 --a------ C:\Windows\System32\wuwebv.dll

2007-10-02 15:56 31,232 --a------ C:\Windows\System32\wuapp.exe

2007-10-02 11:20 <DIR> d-------- C:\Program Files\Symantec

2007-10-02 11:13 <DIR> d-------- C:\Users\All Users\Telenor

2007-10-02 11:13 <DIR> d-------- C:\ProgramData\Telenor

2007-10-02 11:11 <DIR> d-------- C:\Program Files\Telenor

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-25 17:57 --------- d-----w C:\ProgramData\Symantec

2007-10-25 08:38 13,025 ----a-w C:\Users\kyrre\AppData\Roaming\nvModes.dat

2007-10-18 16:52 --------- d-----w C:\Program Files\Google

2007-10-15 22:37 --------- d-----w C:\Users\kyrre\AppData\Roaming\Azureus

2007-10-15 16:02 --------- d-----w C:\ProgramData\Roxio

2007-10-15 15:39 --------- d-----w C:\Users\kyrre\AppData\Roaming\Roxio

2007-10-11 17:40 --------- d-----w C:\Program Files\Java

2007-10-11 01:03 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-10-11 01:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-10-11 01:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-10-04 00:32 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF

2007-10-04 00:32 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT

2007-10-04 00:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-10-02 23:39 86,016 ----a-w C:\Windows\System32\icfupgd.dll

2007-10-02 23:39 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2007-10-02 23:39 7,680 ----a-w C:\Windows\System32\spwmp.dll

2007-10-02 23:39 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys

2007-10-02 23:39 61,952 ----a-w C:\Windows\System32\cmifw.dll

2007-10-02 23:39 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2007-10-02 23:39 396,800 ----a-w C:\Windows\System32\MPSSVC.dll

2007-10-02 23:39 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll

2007-10-02 23:39 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys

2007-10-02 23:39 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll

2007-10-02 23:39 16,896 ----a-w C:\Windows\System32\wfapigp.dll

2007-10-02 23:39 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS

2007-09-18 12:44 10,662 ----a-w C:\Windows\system32\drivers\srtspx.cat

2007-09-18 12:44 10,662 ----a-w C:\Windows\system32\drivers\srtspl.cat

2007-09-18 12:44 10,658 ----a-w C:\Windows\system32\drivers\srtsp.cat

2007-09-18 12:44 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf

2007-09-18 12:44 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf

2007-09-18 12:44 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf

2007-09-18 12:43 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys

2007-09-18 12:43 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys

2007-09-18 12:43 278,576 ----a-w C:\Windows\system32\drivers\srtsp.sys

2007-05-30 19:47 0 ----a-w C:\Users\kyrre\AppData\Roaming\wklnhst.dat

2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-25 05:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2007-10-04 02:18 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 05:51 316784]

[HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 05:51 316784]

[HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 14:34]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 06:25]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 06:25]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 06:25]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 08:02]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58]

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 10:56]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 10:32]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"Telenor Online Start"="C:\Program Files\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 07:07]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-18 18:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 C:\Windows\System32\oobefldr.dll]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"bxsbang"= {6F0BAD0B-69DC-433F-8A02-BAE0C0577E43} - C:\Windows\bxsbang.dll [2007-10-22 11:07 260096]

"ocgrep"= {328B1253-5868-4FEB-8B07-2CED82C5628E} - C:\Windows\ocgrep.dll [2007-10-22 11:07 284160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyShredder]

C:\Program Files\SpyShredder\SpyShredder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]

C:\Windows\xpupdate.exe

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20071020.001\IDSvix86.sys

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys

R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys

R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys

R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS

S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys

S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

bthsvcs BthServ

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-10-08 18:43:51 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - kyrre.job"

.

**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a>

Rootkit scan 2007-10-25 20:56:42

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-10-25 20:58:28 - machine was rebooted

.

--- E O F ---

Sletter hele tiden spyshredder og det fra oppstarten men de kommer bare tilbake.

Endret 25. oktober 2007 av Ravenlord

Gunnar B · 25. oktober 2007

http://www.bleepingcomputer.com/forums/topic98791.html

Ravenlord · 25. oktober 2007

Har fjernet alt slikt ved hjelp av SAS og spybot.

Ravenlord · 25. oktober 2007

Fjerna

O21 - SSODL: bxsbang - {6F0BAD0B-69DC-433F-8A02-BAE0C0577E43} - C:\Windows\bxsbang.dll

O21 - SSODL: ocgrep - {328B1253-5868-4FEB-8B07-2CED82C5628E} - C:\Windows\ocgrep.dll

Og sletta filene i safe mode.

norbat · 25. oktober 2007

Hei, Ravenlord.

Sier du har det nå er fikset eller sliter du fortsatt med at det kommer tilbake?

Logg inn

Hjelp til HJT logg

Anbefalte innlegg

Ravenlord

Lenke til kommentar

Videoannonse

Gunnar B

Lenke til kommentar

Ravenlord

Lenke til kommentar

Ravenlord

Lenke til kommentar

norbat

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Overrasket? Nei, det er FrP på gang igjen

Skal man selv avbryte sykemelding om man blir bedre under sykemelding? Selv om arbeidsgiver er grunnen

Hvem er aktive 0 medlemmer