Vennligst hjelp meg å fjerne MSN virus.

Felander · 19. november 2007

Jeg har fikk beskjeden "OMG i found your client contact....." på MSN og var så "uheldig" å trykket på linken..

Har etter det scannet maskinen med flertallige antivirus og antispyware programmer. Har selv nyeste NIS2008, men hverken den eller andre antispyprogrammer har fjernet dette. Den sender ut samme beskjeden og "I found your picture as naked...." til andre på kontakt listen.

Nu har jeg fulgt oppskriften til norbat, og legger ved loggene.

Håper noen kan hjelpe.. Hvilke kan jeg fjerne? og hva mer skal til for å fjerne jævelskapet..

På forhånd takk!

-------------------------------------------

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 11/19/2007 at 08:07 PM

Application Version : 3.9.1008

Core Rules Database Version : 3346

Trace Rules Database Version: 1347

Scan type : Complete Scan

Total Scan Time : 00:48:19

Memory items scanned : 665

Memory threats detected : 0

Registry items scanned : 6426

Registry threats detected : 0

File items scanned : 49446

File threats detected : 11

Adware.Tracking Cookie

C:\Documents and Settings\BRUKER\Cookies\[email protected][1].txt

C:\Documents and Settings\BRUKER2\Cookies\BRUKER2@crackle[2].txt

C:\Documents and Settings\BRUKER2\Cookies\[email protected][3].txt

C:\Documents and Settings\BRUKER2\Cookies\[email protected][1].txt

C:\Documents and Settings\BRUKER2\Cookies\BRUKER2@imrworldwide[2].txt

C:\Documents and Settings\BRUKER2\Cookies\BRUKER2@fastclick[2].txt

C:\Documents and Settings\BRUKER2\Cookies\[email protected][1].txt

C:\Documents and Settings\BRUKER3\Cookies\[email protected][1].txt

---------------------------------------------------------------------------

ComboFix 07-11-08.3 - NAVN 2007-11-19 21:07:56.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.402 [GMT 1:00]

Running from: C:\Documents and Settings\BRUKER\Skrivebord\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\_000006_.tmp.dll

C:\WINDOWS\system32\_000007_.tmp.dll

C:\WINDOWS\system32\_000008_.tmp.dll

C:\WINDOWS\system32\_000009_.tmp.dll

C:\WINDOWS\system32\_000012_.tmp.dll

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\WanPacket.dll

C:\WINDOWS\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\NPF

((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))

.

2007-11-19 21:06 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-19 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2007-11-19 19:16 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2007-11-19 19:16 <DIR> d-------- C:\Documents and Settings\BRUKER\Programdata\SUPERAntiSpyware.com

2007-11-19 19:14 <DIR> dr-h----- C:\Documents and Settings\BRUKER\Siste

2007-11-19 10:34 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-11-18 12:46 <DIR> d-------- C:\Programfiler\Windows Live Safety Center

2007-11-15 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SecTaskMan

2007-11-13 19:50 <DIR> d-------- C:\Programfiler\Windows Defender

2007-11-13 12:16 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-11-13 12:15 <DIR> d-------- C:\Documents and Settings\BRUKER\.housecall6.6

2007-11-12 21:21 <DIR> d-------- C:\Programfiler\MSN Messenger

2007-11-12 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2007-11-12 14:29 <DIR> d-------- C:\Programfiler\Lavasoft

2007-11-12 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2007-11-12 14:28 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-11-08 20:19 <DIR> d-------- C:\Documents and Settings\BRUKER\Programdata\Symantec

2007-11-08 20:17 <DIR> d-------- C:\Programfiler\Windows Sidebar

2007-11-08 20:16 <DIR> d-------- C:\Programfiler\Norton Internet Security

2007-11-08 20:15 <DIR> d-------- C:\Programfiler\Symantec

2007-11-08 20:15 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-11-08 20:15 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2007-11-08 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files

2007-11-02 19:41 18,704 -ra------ C:\WINDOWS\system32\drivers\se44nd5.sys

2007-11-02 19:40 97,088 -ra------ C:\WINDOWS\system32\drivers\se44mdm.sys

2007-11-02 19:40 90,800 -ra------ C:\WINDOWS\system32\drivers\se44unic.sys

2007-11-02 19:40 88,624 -ra------ C:\WINDOWS\system32\drivers\se44mgmt.sys

2007-11-02 19:40 86,432 -ra------ C:\WINDOWS\system32\drivers\se44obex.sys

2007-11-02 19:40 9,360 -ra------ C:\WINDOWS\system32\drivers\se44mdfl.sys

2007-11-02 19:40 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cmnt.sys

2007-11-02 19:40 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cm.sys

2007-11-02 19:40 4,128 -ra------ C:\WINDOWS\system32\drivers\se44cr.sys

2007-11-02 19:39 61,536 -ra------ C:\WINDOWS\system32\drivers\se44bus.sys

2007-11-02 19:39 5,872 -ra------ C:\WINDOWS\system32\drivers\se44whnt.sys

2007-11-02 19:39 5,872 -ra------ C:\WINDOWS\system32\drivers\se44wh.sys

2007-11-02 19:25 <DIR> d-------- C:\Programfiler\Disc2Phone

2007-11-02 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sony Ericsson

2007-11-02 19:17 <DIR> d-------- C:\Programfiler\Sony Ericsson

2007-11-02 19:17 <DIR> d-------- C:\Programfiler\Fellesfiler\Teleca Shared

2007-11-02 19:17 <DIR> d-------- C:\Programfiler\Fellesfiler\Sony Ericsson Shared

2007-11-02 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Teleca

2007-10-28 12:58 <DIR> d-------- C:\Programfiler\PurePlay

2007-10-28 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PurePlay

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-12 15:07 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-11-12 15:07 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-11-12 13:31 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2007-11-12 13:31 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-08-29 13:18 577,928 ----a-w C:\WINDOWS\system32\SymNeti.dll

2007-08-23 23:57 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll

2007-08-21 07:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-21 07:18 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll

2007-08-20 11:03 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

2007-08-20 11:03 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

2007-08-20 11:03 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

2007-08-20 11:03 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2007-08-20 11:03 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-08-20 11:03 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-08-20 11:03 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-08-20 11:03 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll

2007-08-20 11:03 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-08-20 11:03 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-08-20 11:03 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-08-20 11:03 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-08-20 11:03 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

2007-08-20 11:03 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll

2007-08-20 11:03 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-08-20 11:03 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-08-20 11:03 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

2007-08-20 11:03 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-08-20 11:03 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-08-20 11:03 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll

2007-08-20 11:03 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll

2007-08-20 11:03 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll

2007-08-20 11:03 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-25 04:51 316784 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2007-11-08 20:17 116088 --a------ C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" []

"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 20:27 C:\WINDOWS\RTHDCPL.exe]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 16:17]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 16:16]

"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30]

"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 15:59]

"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 17:38]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00]

"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"HP Component Manager"="C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]

"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 12:11]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 12:13]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 12:10]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-10-23 16:18]

"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-08-25 05:53]

"Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-11-07 16:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Programfiler\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Programfiler\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

"C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys

R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

R1 OsaFsLoc;OsaFsLoc;\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys

R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys

R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys

R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon

R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys

R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys

R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys

R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys

R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys

S3 COH_Mon;COH_Mon;\??\C:\WINDOWS\system32\Drivers\COH_Mon.sys

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys

S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-11-16 16:39:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2007-11-16 19:47:16 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Marit Irene.job"

- C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exe

"2007-11-13 20:18:44 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE

"2007-11-19 19:15:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-19 21:12:41

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-19 21:14:50 - machine was rebooted

.

--- E O F ---

-----------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:26:50, on 19.11.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\acer\Empowering Technology\ePower\epm-dm.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe

C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Windows Defender\MSASCui.exe

C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programfiler\Symantec\LiveUpdate\AUPDATE.EXE

C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://CD-en.scan.onecare.live.com/resourc...lscbase4009.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155244519375

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 11730 bytes

Endret 19. november 2007 av Felander

norbat · 19. november 2007

Loggene ser greie ut.

Plages du fortsatt?

Felander · 19. november 2007

Loggene ser greie ut.
Plages du fortsatt?

Lastet ned loggen på http://hjt.networktechs.com/parse.php , de som var merket rødt:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)File Missing

When a file is missing, you should always have HijackThis fix the item.

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeCtfmon.exe