Har jeg virus?

PCBerg · 28. desember 2007

Noen ganger når jeg sitter på datan, så bare stopper den helt opp. Da må jeg slå den av, og så slår jeg den opp igjen.

Har søkt etter virus men finner bare trojanere, og den blir satt i karantene.

Har jeg virus???

brukerenerslettet · 28. desember 2007

nei du har trojaner. Finn ut hvor de kommer fra (via antivirus programmet, den pleier å fortelle hvor filen(e) ligger) slett dem manuelt.

[kan hende]Du kan også sjekke task manger/Oppgave handling hvilket programmer som tar så mye cpu at du stopper opp. trykk ctrl+alt+delete og sjekk prosesser

Endret 28. desember 2007 av xninja92

norbat · 28. desember 2007

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix (c:\combofix.txt). Den kan si noe mer ...

PCBerg · 28. desember 2007

Har flere spm.:

1. Hva er en trojaner?

2. Er det normalt å ha over 10000 trojaner filer?

3. Det står at de ligger i WINDOWS/ Fonts/, men der er det bare fonts. De heter alt mulig.

4. Prosessoren er på 100%

5. Klarer ikke slette flere av trojanerne. Hvordan sletter jeg de?

PCBerg · 28. desember 2007

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix (c:\combofix.txt). Den kan si noe mer ...

Åssen poster jeg den?

norbat · 28. desember 2007

Kjør Combofix og legg ut loggen. Du åpner loggfila og kopierer innholdet. Deretter limer du det inn i din neste post.

Hvilket prog. er det som sier at du har 10000 trojanere?

Endret 28. desember 2007 av norbat

PCBerg · 29. desember 2007

Kjør Combofix og legg ut loggen. Du åpner loggfila og kopierer innholdet. Deretter limer du det inn i din neste post.

Hvilket prog. er det som sier at du har 10000 trojanere?

Norman Antivirus.

Søkte på hardisken, og der var det over 10000 trojanere og filer.

Men mange av filene fins ikke.

ComboFix 07-12-21.4 - Per-Christian 2007-12-28 22:43:12.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.412 [GMT 1:00]

Running from: C:\Documents and Settings\Per-Christian\Skrivebord\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Programdata\OnlineHelpmate

C:\Documents and Settings\All Users\Programdata\OnlineHelpmate\Abbr

C:\Documents and Settings\All Users\Programdata\OnlineHelpmate\ProdCode

C:\Documents and Settings\Caroline\Programdata\OnlineHelpmate

C:\Documents and Settings\Caroline\Programdata\OnlineHelpmate\Logs\update.log

C:\Documents and Settings\Caroline\Programdata\storageprotector

C:\Documents and Settings\Caroline\Programdata\storageprotector\Logs\update.log

C:\Documents and Settings\Per-Christian\Mine dokumenter\TSKS~1

C:\Documents and Settings\Per-Christian\Mine dokumenter\TSKS~1\chkntfs.exe

C:\Documents and Settings\Per-Christian\Mine dokumenter\TSKS~1\T?sks\

C:\Documents and Settings\Per-Christian\Programdata\OnlineHelpmate

C:\Documents and Settings\Per-Christian\Programdata\OnlineHelpmate\Logs\update.log

C:\Documents and Settings\Per-Christian\Start-meny\Programmer\Outerinfo

C:\Documents and Settings\Per-Christian\Start-meny\Programmer\Outerinfo\Terms.lnk

C:\Documents and Settings\Per-Christian\Start-meny\Programmer\Outerinfo\Uninstall.lnk

C:\Documents and Settings\Rolf Håvard\Programdata\storageprotector

C:\Documents and Settings\Rolf Håvard\Programdata\storageprotector\Logs\update.log

C:\Programfiler\Fellesfiler\OnlineHelpmate

C:\Programfiler\Fellesfiler\StorageProtector

C:\Programfiler\Fellesfiler\StorageProtector\strpmon.exe

C:\Programfiler\Fellesfiler\Yazzle1560OinAdmin.exe

C:\Programfiler\Fellesfiler\Yazzle1560OinUninstaller.exe

C:\Programfiler\FunWebProducts

C:\Programfiler\inetget2

C:\Programfiler\Insider

C:\Programfiler\Insider\Insider.exe

C:\Programfiler\Insider\UnInstall.exe

C:\Programfiler\MyWebSearch

C:\Programfiler\outerinfo

C:\Programfiler\outerinfo\FF\chrome.manifest

C:\Programfiler\outerinfo\FF\components\OuterinfoAds.xpt

C:\Programfiler\outerinfo\FF\install.rdf

C:\Programfiler\outerinfo\Terms.rtf

C:\Programfiler\StorageProtector

C:\Programfiler\StorageProtector\sr.log

C:\Programfiler\Temporary

C:\Programfiler\WinAble

C:\Programfiler\WinAble\winable.exe.lzma

C:\WINDOWS\b122.exe

C:\WINDOWS\cookies.ini

C:\WINDOWS\dobe~1

C:\WINDOWS\dobe~1\r?gedit.exe

C:\WINDOWS\Fonts\a.zip

C:\WINDOWS\system32\aiyxgiqs.dll

C:\WINDOWS\system32\bevsrsfr.dll

C:\WINDOWS\system32\blfaxxbv.ini

C:\WINDOWS\system32\bvssjutg.ini

C:\WINDOWS\system32\cbmexnqe.dll

C:\WINDOWS\system32\cjweoqxf.dllbox

C:\WINDOWS\system32\cnubqxsh.dll

C:\WINDOWS\system32\dximpjtw.dll

C:\WINDOWS\system32\fefkcrrf.ini

C:\WINDOWS\system32\fhtltrff.dll

C:\WINDOWS\system32\fjjnftvt.dll

C:\WINDOWS\system32\frrckfef.dll

C:\WINDOWS\system32\gosrnaii.dll

C:\WINDOWS\system32\gtujssvb.dll

C:\WINDOWS\system32\hajyxwlc.dll

C:\WINDOWS\system32\hqamfuea.dll

C:\WINDOWS\system32\hsxqbunc.ini

C:\WINDOWS\system32\httyifsm.dll

C:\WINDOWS\system32\icjjkgpm.ini

C:\WINDOWS\system32\jkklj.dll

C:\WINDOWS\system32\jlkkj.bak1

C:\WINDOWS\system32\jlkkj.bak2

C:\WINDOWS\system32\jlkkj.ini

C:\WINDOWS\system32\jlkkj.ini2

C:\WINDOWS\system32\jlkkj.tmp

C:\WINDOWS\system32\kbeycmvn.dll

C:\WINDOWS\system32\mpgkjjci.dll

C:\WINDOWS\system32\mpryuorp.dll

C:\WINDOWS\system32\msfiytth.ini

C:\WINDOWS\system32\okospwfk.dll

C:\WINDOWS\system32\qitlnjqr.dll

C:\WINDOWS\system32\rdcfseao.dll

C:\WINDOWS\system32\sqigxyia.ini

C:\WINDOWS\system32\vbxxaflb.dll

C:\WINDOWS\system32\voccwohg.dll

C:\WINDOWS\system32\wtjpmixd.ini

C:\WINDOWS\Fonts\'

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_DOMAINSERVICE

-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))

.

2007-12-28 23:01 . 2007-12-28 23:03 134 ---hs---- C:\WINDOWS\system32\cjweoqxf.dllbox

2007-12-28 22:38 . 2007-12-28 22:38 14,033 --a------ C:\pos3D0E.tmp

2007-12-28 22:37 . 2007-12-28 22:37 14,033 --a------ C:\pos3C90.tmp

2007-12-28 22:36 . 2007-12-28 22:37 14,033 --a------ C:\pos3B48.tmp

2007-12-28 22:13 . 2007-12-28 22:13 14,033 --a------ C:\pos3B0F.tmp

2007-12-28 22:12 . 2007-12-28 22:12 14,033 --a------ C:\pos3AA9.tmp

2007-12-28 22:11 . 2007-12-28 22:11 14,033 --a------ C:\pos3985.tmp

2007-12-28 21:28 . 2007-12-28 21:29 14,033 --a------ C:\pos36CB.tmp

2007-12-28 21:27 . 2007-12-28 21:28 14,033 --a------ C:\pos3594.tmp

2007-12-28 20:43 . 2007-12-28 20:43 14,033 --a------ C:\pos3535.tmp

2007-12-28 20:42 . 2007-12-28 20:43 5,033 --a------ C:\pos327A.tmp

2007-12-28 17:46 . 2007-12-28 17:47 14,033 --a------ C:\pos376A.tmp

2007-12-28 16:44 . 2007-12-28 16:44 15 --a------ C:\WINDOWS\system32\8c303c19

2007-12-28 15:52 . 2007-12-28 15:53 14,033 --a------ C:\pos3324.tmp

2007-12-28 10:07 . 2007-12-28 10:07 14,033 --a------ C:\pos3139.tmp

2007-12-28 10:06 . 2007-12-28 10:06 14,033 --a------ C:\pos30AA.tmp

2007-12-28 10:05 . 2007-12-28 10:06 14,033 --a------ C:\pos2F78.tmp

2007-12-28 00:30 . 2007-12-28 22:31 7,168 --a------ C:\WINDOWS\system32\windows

2007-12-27 22:56 . 2007-12-27 22:56 14,033 --a------ C:\pos2D50.tmp

2007-12-27 22:55 . 2007-12-27 22:55 14,033 --a------ C:\pos2CAA.tmp

2007-12-27 22:54 . 2007-12-27 22:55 11,033 --a------ C:\pos2B7B.tmp

2007-12-27 22:54 . 2007-12-27 22:55 10,033 --a------ C:\pos2B80.tmp

2007-12-27 22:54 . 2007-12-27 22:55 10,033 --a------ C:\pos2B7D.tmp

2007-12-27 22:54 . 2007-12-27 22:55 8,033 --a------ C:\pos2B7E.tmp

2007-12-27 22:54 . 2007-12-27 22:55 8,033 --a------ C:\pos2B7A.tmp

2007-12-27 22:54 . 2007-12-27 22:54 8,033 --a------ C:\pos2B78.tmp

2007-12-27 22:54 . 2007-12-27 22:55 7,033 --a------ C:\pos2B81.tmp

2007-12-27 22:54 . 2007-12-27 22:55 7,033 --a------ C:\pos2B79.tmp

2007-12-27 22:54 . 2007-12-27 22:55 5,033 --a------ C:\pos2B7F.tmp

2007-12-27 22:54 . 2007-12-27 22:55 5,033 --a------ C:\pos2B7C.tmp

2007-12-27 21:42 . 2007-12-27 21:42 14,033 --a------ C:\pos2983.tmp

2007-12-27 21:15 . 2007-12-27 21:15 14,033 --a------ C:\pos277F.tmp

2007-12-27 21:14 . 2007-12-27 21:14 14,033 --a------ C:\pos2744.tmp

2007-12-27 21:13 . 2007-12-27 21:13 14,033 --a------ C:\pos25D4.tmp

2007-12-27 20:51 . 2007-12-27 20:51 14,033 --a------ C:\pos2591.tmp

2007-12-27 20:50 . 2007-12-27 20:50 14,033 --a------ C:\pos2451.tmp

2007-12-27 20:26 . 2007-12-27 20:26 14,033 --a------ C:\pos2399.tmp

2007-12-27 20:25 . 2007-12-27 20:25 14,033 --a------ C:\pos2293.tmp

2007-12-27 20:07 . 2007-12-27 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet

2007-12-27 20:01 . 2007-12-27 20:01 <DIR> d-------- C:\Programfiler\Bonjour

2007-12-27 19:40 . 2007-12-27 19:40 14,033 --a------ C:\pos21B2.tmp

2007-12-27 19:39 . 2007-12-27 19:40 14,033 --a------ C:\pos219E.tmp

2007-12-27 19:28 . 2007-12-27 19:28 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

2007-12-27 17:44 . 2007-12-27 17:44 14,033 --a------ C:\pos1FAA.tmp

2007-12-27 17:43 . 2007-12-27 17:43 14,033 --a------ C:\pos1F1E.tmp

2007-12-27 17:42 . 2007-12-27 17:42 14,033 --a------ C:\pos1DE5.tmp

2007-12-27 17:11 . 2007-12-27 17:11 14,033 --a------ C:\pos1DCE.tmp

2007-12-27 17:10 . 2007-12-27 17:11 14,033 --a------ C:\pos1D7F.tmp

2007-12-27 17:09 . 2007-12-27 17:09 14,033 --a------ C:\pos1C08.tmp

2007-12-27 16:34 . 2007-12-27 16:34 14,033 --a------ C:\pos1BC4.tmp

2007-12-27 16:33 . 2007-12-27 16:33 14,033 --a------ C:\pos1AA9.tmp

2007-12-27 16:32 . 2007-12-27 16:32 14,033 --a------ C:\pos1A48.tmp

2007-12-27 14:52 . 2007-12-27 14:52 14,033 --a------ C:\pos19E1.tmp

2007-12-27 14:51 . 2007-12-27 14:51 14,033 --a------ C:\pos1834.tmp

2007-12-27 14:28 . 2007-12-27 14:28 14,033 --a------ C:\pos17EB.tmp

2007-12-27 13:00 . 2007-12-27 13:00 14,033 --a------ C:\pos15EF.tmp

2007-12-27 12:13 . 2007-12-27 12:13 14,033 --a------ C:\pos1404.tmp

2007-12-27 12:12 . 2007-12-27 12:13 14,033 --a------ C:\pos12C0.tmp

2007-12-26 21:59 . 2007-12-26 21:59 14,033 --a------ C:\posFE4.tmp

2007-12-26 21:58 . 2007-12-26 21:58 14,033 --a------ C:\posFCD.tmp

2007-12-26 21:57 . 2007-12-26 21:57 14,033 --a------ C:\posE9C.tmp

2007-12-26 18:31 . 2007-12-26 18:31 14,033 --a------ C:\pos1248.tmp

2007-12-26 18:30 . 2007-12-26 18:30 14,033 --a------ C:\pos1185.tmp

2007-12-26 18:29 . 2007-12-26 18:30 14,033 --a------ C:\pos1068.tmp

2007-12-26 17:31 . 2007-12-26 17:31 14,033 --a------ C:\posE2A.tmp

2007-12-26 17:30 . 2007-12-26 17:30 14,033 --a------ C:\posD96.tmp

2007-12-26 16:12 . 2007-12-26 16:12 14,033 --a------ C:\posC39.tmp

2007-12-26 16:11 . 2007-12-26 16:11 14,033 --a------ C:\posBFC.tmp

2007-12-26 16:10 . 2007-12-26 16:10 14,033 --a------ C:\posAA5.tmp

2007-12-26 15:21 . 2007-12-26 15:21 14,033 --a------ C:\posA3F.tmp

2007-12-26 15:20 . 2007-12-26 15:20 14,033 --a------ C:\pos7D6.tmp

2007-12-26 14:40 . 2007-12-26 15:22 1,025,128 ---hs---- C:\WINDOWS\system32\cehfcbex.ini

2007-12-26 14:33 . 2007-12-26 14:34 14,033 --a------ C:\pos42C.tmp

2007-12-26 13:08 . 2007-12-26 13:08 14,033 --a------ C:\pos9C5.tmp

2007-12-26 12:59 . 2007-12-26 12:59 77,376 --a------ C:\WINDOWS\system32\jshipilw.dll

2007-12-26 12:56 . 2007-12-26 12:56 1,021,026 ---hs---- C:\WINDOWS\system32\cfsifetv.ini

2007-12-26 12:56 . 2007-12-26 12:56 87,104 --a------ C:\WINDOWS\system32\vtefisfc.dll

2007-12-26 12:26 . 2007-12-26 12:26 78,400 --a------ C:\WINDOWS\system32\kqvxcfgr.dll

2007-12-26 12:17 . 2007-12-26 12:17 14,033 --a------ C:\pos2BD.tmp

2007-12-25 23:34 . 2007-12-25 23:34 14,033 --a------ C:\pos1F8.tmp

2007-12-25 23:33 . 2007-12-25 23:33 14,033 --a------ C:\posF6.tmp

2007-12-25 23:32 . 2007-12-25 23:32 14,033 --a------ C:\posB.tmp

2007-12-25 18:26 . 2007-12-25 23:33 1,018,622 ---hs---- C:\WINDOWS\system32\kosswpjo.ini

2007-12-25 17:49 . 2007-12-25 17:49 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\Printer Info Cache

2007-12-25 17:31 . 2007-12-25 18:00 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\U3

2007-12-25 17:13 . 2007-12-25 17:13 14,033 --a------ C:\pos57EA.tmp

2007-12-25 17:12 . 2007-12-25 17:13 14,033 --a------ C:\pos56B4.tmp

2007-12-25 16:50 . 2007-12-25 16:50 14,033 --a------ C:\pos538C.tmp

2007-12-25 16:49 . 2007-12-25 16:49 14,033 --a------ C:\pos531E.tmp

2007-12-25 12:45 . 2007-12-25 16:49 1,012,586 ---hs---- C:\WINDOWS\system32\oolqfomd.ini

2007-12-25 12:41 . 2007-12-25 13:03 14,033 --a------ C:\pos511E.tmp

2007-12-25 11:13 . 2007-12-25 11:13 1,010,086 ---hs---- C:\WINDOWS\system32\nvjiqgym.ini

2007-12-25 11:13 . 2007-12-25 11:13 87,104 --a------ C:\WINDOWS\system32\mygqijvn.dll

2007-12-25 11:09 . 2007-12-25 11:09 78,400 --a------ C:\WINDOWS\system32\oxtmfjhl.dll

2007-12-25 01:25 . 2007-12-25 11:07 1,010,026 ---hs---- C:\WINDOWS\system32\ooamdwct.ini

2007-12-25 01:22 . 2007-12-25 01:22 75,840 --a------ C:\WINDOWS\system32\wjuopcyl.dll

2007-12-25 01:22 . 2007-12-25 01:22 13,033 --a------ C:\pos501B.tmp

2007-12-25 01:22 . 2007-12-25 01:22 12,033 --a------ C:\pos500B.tmp

2007-12-25 01:22 . 2007-12-25 01:22 11,033 --a------ C:\pos500A.tmp

2007-12-25 01:22 . 2007-12-25 01:22 10,033 --a------ C:\pos500F.tmp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-27 19:01 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2007-12-16 13:18 --------- d-----w C:\Programfiler\NCH Swift Sound

2007-12-13 12:38 --------- d-----w C:\Documents and Settings\Caroline\Programdata\AdobeUM

2007-11-24 19:08 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\Image Zone Express

2007-11-16 14:44 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\Nokia

2007-11-13 17:53 --------- d-----w C:\Programfiler\Morpheus

2007-11-13 17:04 --------- d-----w C:\Documents and Settings\Caroline\Programdata\Nokia Multimedia Player

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-12 17:23 --------- d-----w C:\Documents and Settings\Caroline\Programdata\PC Suite

2007-11-11 14:52 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\Nokia Multimedia Player

2007-11-11 14:51 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\DataLayer

2007-11-11 14:49 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\PC Suite

2007-10-21 21:04 3,032,828 ----a-w C:\mc.exe

2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

2007-12-20 15:06 165472 --a------ C:\WINDOWS\system32\cjweoqxf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1ABD21F-17A1-6059-D25D-4AE6048E5893}]

C:\WINDOWS\system32\gkxnvxn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6ABD21B-17A8-635B-D22E-39E6078758E0}]

C:\WINDOWS\system32\gkxnvxn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cuckoo Clock"="C:\PROGRA~1\PARALL~1\Cuckoo.exe" []

"Cmta"="C:\DOCUME~1\PER-CH~1\MINEDO~1\TSKS~1\chkntfs.exe" []

"Jhkzkcke"="C:\WINDOWS\?dobe\r?gedit.exe" []

"Router"="C:\Programfiler\Router\Router.exe" [2007-12-24 11:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 C:\WINDOWS\SkyTel.exe]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]

"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 15:58 C:\WINDOWS\RTHDCPL.EXE]

"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-12-25 22:37]

"UIUCU"="C:\DOCUME~1\CHRIST~1\LOKALE~1\Temp\UIUCU.exe" []

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23]

"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

C:\Documents and Settings\Per-Christian\Start-meny\Programmer\Oppstart\

PowerReg Scheduler V3.exe [2007-12-21 21:54:34]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]

HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20]

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

Mobilt bredb†nd.lnk - C:\Programfiler\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2007-07-27 11:50:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cjweoqxf]

cjweoqxf.dll 2007-12-20 15:06 165472 C:\WINDOWS\system32\cjweoqxf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifebca]

iifebca.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkklj.dll

R2 GtFlashSwitch;GtFlashSwitch;C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 14:48]

R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]

R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 05:05]

R3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-04-14 05:05]

R3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-04-14 05:06]

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-07-09 10:50]

R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-07-12 11:38]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]

S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows [2007-12-28 22:31]

S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]

S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]

S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]

S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]

S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 15:38]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 15:38]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 15:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

"2007-12-28 21:36:25 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-28 23:02:15

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\cjweoqxf.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\WINDOWS\system32\cjweoqxf.dll

.

Completion time: 2007-12-28 23:05:22 - machine was rebooted [Per-Christian]

.

2007-12-22 11:39:30 --- E O F ---

Endret 31. desember 2007 av Skagen

norbat · 29. desember 2007

Du er rimelig nedlesset med skrammel så det er ikke rart at PC-en stopper opp noen ganger, nei. Vi skal nok få tatt det, men vil allikevel anbefale deg å ta backup av data du ønsker å ta vare på (bilder, dokumenter etc).

Vi rydder litt til:

Last ned Vundofix, start programmet og klikk "Scan for Vundo"-knappen.

Når programmet er kjørt ferdig, klikker du på knappen "Remove vundo".

Last ned SAS, installer, oppdater og kjør en full (Complete) scan.

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster sammen med de andre loggene det spørres om (se under)

Post følgende logger:

Vundofix: Vanligvis å finne på C:\vundofix.txt

SAS-loggen: Preferences->statistics/logs

HJT-loggen

Endret 29. desember 2007 av norbat

PCBerg · 29. desember 2007

Du er rimelig nedlesset med skrammel så det er ikke rart at PC-en stopper opp noen ganger, nei. Vi skal nok få tatt det, men vil allikevel anbefale deg å ta backup av data du ønsker å ta vare på (bilder, dokumenter etc).

Vi rydder litt til:

Last ned Vundofix, start programmet og klikk "Scan for Vundo"-knappen.

Når programmet er kjørt ferdig, klikker du på knappen "Remove vundo".

Last ned SAS, installer, oppdater og kjør en full (Complete) scan.

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster sammen med de andre loggene det spørres om (se under)

Post følgende logger:

Vundofix: Vanligvis å finne på C:\vundofix.txt

SAS-loggen: Preferences->statistics/logs

HJT-loggen

VundoFix V6.7.7

Checking Java version...

Sun Java not detected

Scan started at 14:34:00 29.12.2007

Listing files found while scanning....

C:\windows\system32\cjweoqxf.dll

C:\windows\system32\cjweoqxf.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\cjweoqxf.dll

C:\windows\system32\cjweoqxf.dll Has been deleted!

Attempting to delete C:\windows\system32\cjweoqxf.dllbox

C:\windows\system32\cjweoqxf.dllbox Has been deleted!

Performing Repairs to the registry.

Done!

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 12/29/2007 at 02:59 PM

Application Version : 3.9.1008

Core Rules Database Version : 3143

Trace Rules Database Version: 1159

Scan type : Complete Scan

Total Scan Time : 00:02:39

Memory items scanned : 636

Memory threats detected : 0

Registry items scanned : 4978

Registry threats detected : 0

File items scanned : 654

File threats detected : 0

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:05:39, on 29.12.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe

C:\WINDOWS\system32\svchost.exe

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Norman\Npm\bin\ZLH.EXE

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE

C:\Programfiler\Router\Router.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\Nvc\bin\cclaw.exe

C:\Programfiler\Telenor\Mobilt bredbånd\Mobilt bredbånd.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\msiexec.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hardware.no/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {B1ABD21F-17A1-6059-D25D-4AE6048E5893} - C:\WINDOWS\system32\gkxnvxn.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {C6ABD21B-17A8-635B-D22E-39E6078758E0} - C:\WINDOWS\system32\gkxnvxn.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\CHRIST~1\LOKALE~1\Temp\UIUCU.EXE -CLEAN_UP -S

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [Cuckoo Clock] "C:\PROGRA~1\PARALL~1\Cuckoo.exe"

O4 - HKCU\..\Run: [Cmta] "C:\DOCUME~1\PER-CH~1\MINEDO~1\TSKS~1\chkntfs.exe" -vt yazb

O4 - HKCU\..\Run: [Jhkzkcke] C:\WINDOWS\?dobe\r?gedit.exe

O4 - HKCU\..\Run: [Router] C:\Programfiler\Router\Router.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Mobilt bredbånd.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168520710563

O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: iifebca - iifebca.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GtFlashSwitch - OptionNV - C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 8718 bytes

Endret 31. desember 2007 av Skagen

norbat · 29. desember 2007

Tror ikke SAS fikk scannet hele PC-en da den normalt bruker mer en 3 minutter på dette, men la oss fortsette:

Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O2 - BHO: (no name) - {B1ABD21F-17A1-6059-D25D-4AE6048E5893} - C:\WINDOWS\system32\gkxnvxn.dll (file missing)

O2 - BHO: (no name) - {C6ABD21B-17A8-635B-D22E-39E6078758E0} - C:\WINDOWS\system32\gkxnvxn.dll (file missing)

O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\CHRIST~1\LOKALE~1\Temp\UIUCU.EXE -CLEAN_UP -S

O4 - HKCU\..\Run: [Cmta] "C:\DOCUME~1\PER-CH~1\MINEDO~1\TSKS~1\chkntfs.exe" -vt yazb

O4 - HKCU\..\Run: [Jhkzkcke] C:\WINDOWS\?dobe\r?gedit.exe

O4 - HKCU\..\Run: [Router] C:\Programfiler\Router\Router.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O20 - Winlogon Notify: iifebca - iifebca.dll (file missing)

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

-------

Åpne Utforsker og gå til C: , Ordne filene etter Type, finn og merk alle Pos***.tmp filene. (*** = tall/bokstaver). Slett dem

------

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

File::

C:\Programfiler\Router\Router.exe

C:\WINDOWS\system32\cehfcbex.ini

C:\WINDOWS\system32\jshipilw.dll

C:\WINDOWS\system32\cfsifetv.ini

C:\WINDOWS\system32\vtefisfc.dll

C:\WINDOWS\system32\kqvxcfgr.dll

C:\WINDOWS\system32\kosswpjo.ini

C:\WINDOWS\system32\oolqfomd.ini

C:\WINDOWS\system32\nvjiqgym.ini

C:\WINDOWS\system32\mygqijvn.dll

C:\WINDOWS\system32\oxtmfjhl.dll

C:\WINDOWS\system32\ooamdwct.ini

C:\WINDOWS\system32\wjuopcyl.dll

Folder::

C:\Programfiler\Router

C:\WINDOWS\?dobe

Endret 31. desember 2007 av norbat

PCBerg · 30. desember 2007

Tror ikke SAS fikk scannet hele PC-en da den normalt bruker mer en 3 minutter på dette, men la oss fortsette:

Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O2 - BHO: (no name) - {B1ABD21F-17A1-6059-D25D-4AE6048E5893} - C:\WINDOWS\system32\gkxnvxn.dll (file missing)

O2 - BHO: (no name) - {C6ABD21B-17A8-635B-D22E-39E6078758E0} - C:\WINDOWS\system32\gkxnvxn.dll (file missing)

O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\CHRIST~1\LOKALE~1\Temp\UIUCU.EXE -CLEAN_UP -S

O4 - HKCU\..\Run: [Cmta] "C:\DOCUME~1\PER-CH~1\MINEDO~1\TSKS~1\chkntfs.exe" -vt yazb

O4 - HKCU\..\Run: [Jhkzkcke] C:\WINDOWS\?dobe\r?gedit.exe

O4 - HKCU\..\Run: [Router] C:\Programfiler\Router\Router.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O20 - Winlogon Notify: iifebca - iifebca.dll (file missing)

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

-------

Åpne Utforsker og gå til C: , Ordne filene etter Type, finn og merk alle Pos***.tmp filene. (*** = tall/bokstaver). Slett dem

------

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

File::

C:\Programfiler\Router\Router.exe

C:\WINDOWS\system32\cehfcbex.ini

C:\WINDOWS\system32\jshipilw.dll

C:\WINDOWS\system32\cfsifetv.ini

C:\WINDOWS\system32\vtefisfc.dll

C:\WINDOWS\system32\kqvxcfgr.dll

C:\WINDOWS\system32\kosswpjo.ini

C:\WINDOWS\system32\oolqfomd.ini

C:\WINDOWS\system32\nvjiqgym.ini

C:\WINDOWS\system32\mygqijvn.dll

C:\WINDOWS\system32\oxtmfjhl.dll

C:\WINDOWS\system32\ooamdwct.ini

C:\WINDOWS\system32\wjuopcyl.dll

Folder::

C:\Programfiler\Router

C:\WINDOWS\?dobe

ComboFix 07-12-21.4 - Per-Christian 2007-12-30 14:26:25.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.386 [GMT 1:00]

Running from: C:\Documents and Settings\Per-Christian\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Per-Christian\Skrivebord\CFScript.txt

* Created a new restore point

FILE

C:\Programfiler\Router\Router.exe

C:\WINDOWS\system32\cehfcbex.ini

C:\WINDOWS\system32\cfsifetv.ini

C:\WINDOWS\system32\jshipilw.dll

C:\WINDOWS\system32\kosswpjo.ini

C:\WINDOWS\system32\kqvxcfgr.dll

C:\WINDOWS\system32\mygqijvn.dll

C:\WINDOWS\system32\nvjiqgym.ini

C:\WINDOWS\system32\ooamdwct.ini

C:\WINDOWS\system32\oolqfomd.ini

C:\WINDOWS\system32\oxtmfjhl.dll

C:\WINDOWS\system32\vtefisfc.dll

C:\WINDOWS\system32\wjuopcyl.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Programfiler\Router

C:\Programfiler\Router\Router.exe

C:\Programfiler\Router\UnInstall.exe

C:\WINDOWS\system32\cehfcbex.ini

C:\WINDOWS\system32\cfsifetv.ini

C:\WINDOWS\system32\jshipilw.dll

C:\WINDOWS\system32\kosswpjo.ini

C:\WINDOWS\system32\kqvxcfgr.dll

C:\WINDOWS\system32\mygqijvn.dll

C:\WINDOWS\system32\nvjiqgym.ini

C:\WINDOWS\system32\ooamdwct.ini

C:\WINDOWS\system32\oolqfomd.ini

C:\WINDOWS\system32\oxtmfjhl.dll

C:\WINDOWS\system32\vtefisfc.dll

C:\WINDOWS\system32\wjuopcyl.dll

.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))

.

2007-12-30 14:18 . 2007-12-30 14:23 <DIR> dr-h----- C:\Documents and Settings\Per-Christian\Siste

2007-12-30 14:17 . 2007-12-30 14:17 <DIR> d-------- C:\Programfiler\CCleaner

2007-12-29 15:05 . 2007-12-29 15:05 <DIR> d-------- C:\Programfiler\Trend Micro

2007-12-29 14:55 . 2007-12-29 15:33 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2007-12-29 14:55 . 2007-12-29 14:55 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\SUPERAntiSpyware.com

2007-12-29 14:55 . 2007-12-29 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2007-12-29 14:34 . 2007-12-29 14:34 <DIR> d-------- C:\VundoFix Backups

2007-12-28 23:26 . 2007-12-29 15:47 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\gtk-2.0

2007-12-28 23:25 . 2007-12-28 23:25 <DIR> d-------- C:\Documents and Settings\Per-Christian\.thumbnails

2007-12-28 23:21 . 2007-12-29 15:49 <DIR> d-------- C:\Documents and Settings\Per-Christian\.gimp-2.4

2007-12-28 23:20 . 2007-12-28 23:21 <DIR> d-------- C:\Programfiler\GIMP-2.0

2007-12-28 23:06 . <DIR> C:\Documents and Settings\Rolf HÕvard\Lokale innstillinger

2007-12-28 23:06 . <DIR> C:\Documents and Settings\M°yfrid\Lokale innstillinger

2007-12-28 16:44 . 2007-12-28 16:44 15 --a------ C:\WINDOWS\system32\8c303c19

2007-12-28 00:30 . 2007-12-29 14:47 7,168 --a------ C:\WINDOWS\system32\windows

2007-12-27 20:07 . 2007-12-27 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet

2007-12-25 17:49 . 2007-12-25 17:49 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\Printer Info Cache

2007-12-25 17:31 . 2007-12-25 18:00 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\U3

2007-12-25 00:50 . 2007-12-25 00:50 75,840 --a------ C:\WINDOWS\system32\nmyyyhsu.dll

2007-12-24 23:41 . 2007-12-24 23:41 75,840 --a------ C:\WINDOWS\system32\flilnrhx.dll

2007-12-24 14:58 . 2007-12-24 14:58 128 --a------ C:\Documents and Settings\Per-Christian\services.exe

2007-12-24 13:33 . 2007-12-24 13:33 75,840 --a------ C:\WINDOWS\system32\kilaoeao.dll

2007-12-24 13:30 . 2007-12-24 13:32 992,656 ---hs---- C:\WINDOWS\system32\iqjwiolv.ini

2007-12-24 13:30 . 2007-12-24 13:30 87,104 --a------ C:\WINDOWS\system32\vloiwjqi.dll

2007-12-24 13:27 . 2007-12-24 13:27 75,840 --a------ C:\WINDOWS\system32\gddkpcpw.dll

2007-12-24 11:53 . 2007-12-24 12:11 988,631 ---hs---- C:\WINDOWS\system32\ursbbham.ini

2007-12-24 11:20 . 2007-12-24 11:48 988,511 ---hs---- C:\WINDOWS\system32\famdqleq.ini

2007-12-24 02:18 . 2007-12-24 02:19 990,810 ---hs---- C:\WINDOWS\system32\wndklwhn.ini

2007-12-24 02:18 . 2007-12-24 02:18 87,104 --a------ C:\WINDOWS\system32\nhwlkdnw.dll

2007-12-24 02:01 . 2007-12-24 02:01 78,912 --a------ C:\WINDOWS\system32\jvifbakv.dll

2007-12-24 01:05 . 2007-12-24 02:19 990,750 ---hs---- C:\WINDOWS\system32\qnmfpbqt.ini

2007-12-24 01:05 . 2007-12-24 01:05 78,912 --a------ C:\WINDOWS\system32\lgelbahg.dll

2007-12-23 23:48 . 2007-12-24 00:59 990,690 ---hs---- C:\WINDOWS\system32\gyaiipea.ini

2007-12-23 19:48 . 2007-12-23 19:49 990,690 ---hs---- C:\WINDOWS\system32\kswwvofr.ini

2007-12-23 19:48 . 2007-12-23 19:48 87,104 --a------ C:\WINDOWS\system32\rfovwwsk.dll

2007-12-23 19:46 . 2007-12-23 19:46 78,912 --a------ C:\WINDOWS\system32\ednqtgga.dll

2007-12-23 19:39 . 2007-12-23 19:39 78,912 --a------ C:\WINDOWS\system32\lsddkhik.dll

2007-12-23 18:44 . 2007-12-23 18:45 78,912 --a------ C:\WINDOWS\system32\etvgncge.dll

2007-12-23 18:42 . 2007-12-23 18:42 990,630 ---hs---- C:\WINDOWS\system32\icjndasf.ini

2007-12-23 18:42 . 2007-12-23 18:42 87,104 --------- C:\WINDOWS\system32\fsadnjci.dll

2007-12-23 17:58 . 2007-12-23 17:58 534 ---hs---- C:\WINDOWS\system32\xicicemo.ini

2007-12-23 17:29 . 2007-12-23 17:53 474 ---hs---- C:\WINDOWS\system32\qyovepua.ini

2007-12-23 16:30 . 2007-12-23 17:24 354 ---hs---- C:\WINDOWS\system32\dtksocsh.ini

2007-12-23 14:51 . 2007-12-23 14:51 87,104 --a------ C:\WINDOWS\system32\icnjypoq.dll

2007-12-23 14:51 . 2007-12-23 14:51 78,400 --a------ C:\WINDOWS\system32\cpxhuthl.dll

2007-12-23 14:51 . 2007-12-23 14:51 294 ---hs---- C:\WINDOWS\system32\qopyjnci.ini

2007-12-23 13:50 . 2007-12-23 13:50 534 ---hs---- C:\WINDOWS\system32\bmqghukg.ini

2007-12-23 12:47 . 2007-12-23 12:47 474 ---hs---- C:\WINDOWS\system32\sjidvmks.ini

2007-12-23 09:56 . 2007-12-23 12:39 414 ---hs---- C:\WINDOWS\system32\ixnvusur.ini

2007-12-22 20:57 . 2007-12-22 20:57 87,104 --a------ C:\WINDOWS\system32\qrodapiy.dll

2007-12-22 20:57 . 2007-12-22 20:57 78,400 --a------ C:\WINDOWS\system32\ybbcrity.dll

2007-12-22 20:57 . 2007-12-22 20:57 414 ---hs---- C:\WINDOWS\system32\yipadorq.ini

2007-12-22 20:54 . 2007-12-22 20:54 354 ---hs---- C:\WINDOWS\system32\tubrdqel.ini

2007-12-22 20:53 . 2007-12-22 20:53 78,400 --a------ C:\WINDOWS\system32\wklduoog.dll

2007-12-22 20:53 . 2007-12-22 20:53 294 ---hs---- C:\WINDOWS\system32\jnmkmuwp.ini

2007-12-22 19:37 . 2007-12-22 19:37 990,630 ---hs---- C:\WINDOWS\system32\hvntktty.ini

2007-12-22 19:36 . 2007-12-22 19:36 87,104 --a------ C:\WINDOWS\system32\yttktnvh.dll

2007-12-22 19:36 . 2007-12-22 19:36 78,400 --a------ C:\WINDOWS\system32\yqaxtljr.dll

2007-12-22 17:28 . 2007-12-22 17:28 414 ---hs---- C:\WINDOWS\system32\bhkiyurd.ini

2007-12-22 16:17 . 2007-12-22 17:19 354 ---hs---- C:\WINDOWS\system32\xhmdnvtc.ini

2007-12-22 14:32 . 2007-12-22 14:34 991,602 ---hs---- C:\WINDOWS\system32\kkkpfngx.ini

2007-12-22 13:35 . 2007-12-22 13:36 991,542 ---hs---- C:\WINDOWS\system32\kroiqtrw.ini

2007-12-22 13:04 . 2007-12-22 13:05 991,902 ---hs---- C:\WINDOWS\system32\ipbypbjc.ini

2007-12-22 12:35 . 2007-12-22 12:59 991,842 ---hs---- C:\WINDOWS\system32\iyolxmef.ini

2007-12-21 23:27 . 2007-12-22 12:36 991,722 ---hs---- C:\WINDOWS\system32\ayeociiv.ini

2007-12-21 22:31 . 2007-12-21 23:24 991,602 ---hs---- C:\WINDOWS\system32\psxlribv.ini

2007-12-21 21:54 . 2007-12-21 21:54 0 --a------ C:\WINDOWS\PowerReg.dat

2007-12-21 17:43 . 2007-12-21 18:09 990,494 ---hs---- C:\WINDOWS\system32\ayouujaw.ini

2007-12-21 15:46 . 2007-12-21 17:34 987,601 ---hs---- C:\WINDOWS\system32\rgbnxxru.ini

2007-12-21 15:44 . 2007-12-21 15:44 987,454 ---hs---- C:\WINDOWS\system32\eqexrrwd.ini

2007-12-21 14:09 . 2007-12-21 14:09 987,754 ---hs---- C:\WINDOWS\system32\gctrmxnk.ini

2007-12-21 10:10 . 2007-12-21 14:03 987,694 ---hs---- C:\WINDOWS\system32\sooyubjm.ini

2007-12-21 00:03 . 2007-12-21 10:04 987,574 ---hs---- C:\WINDOWS\system32\nhgarajg.ini

2007-12-20 23:57 . 2007-12-30 14:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-20 23:57 . 2007-12-30 14:29 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-20 23:48 . 2007-12-20 22:53 987,574 --ahs---- C:\WINDOWS\system32\qjslqgma.ini

2007-12-20 22:53 . 2007-12-20 22:53 987,574 ---hs---- C:\WINDOWS\system32\yavteagn.ini

2007-12-20 21:15 . 2007-12-20 22:45 987,514 ---hs---- C:\WINDOWS\system32\bevytorv.ini

2007-12-20 20:13 . 2007-12-20 20:13 128 --a------ C:\Documents and Settings\Caroline\services.exe

2007-12-20 17:55 . 2007-12-20 17:55 987,454 ---hs---- C:\WINDOWS\system32\tjwoiyab.ini

2007-12-20 16:55 . 2007-12-20 16:56 987,694 ---hs---- C:\WINDOWS\system32\njwhxunv.ini

2007-12-20 15:11 . 2007-12-20 16:47 987,634 ---hs---- C:\WINDOWS\system32\lhxdcddt.ini

2007-12-20 15:05 . 2007-12-20 15:06 165,472 --a------ C:\WINDOWS\system32\yuitlhuo.dll

2007-12-19 23:32 . 2007-12-20 15:03 992,929 ---hs---- C:\WINDOWS\system32\jtpvnjpr.ini

2007-12-19 15:48 . 2007-12-19 16:33 988,656 ---hs---- C:\WINDOWS\system32\fwcoamlv.ini

2007-12-18 22:06 . 2007-12-19 15:39 986,034 ---hs---- C:\WINDOWS\system32\lmosuunj.ini

2007-12-18 21:34 . 2007-12-18 21:34 985,974 ---hs---- C:\WINDOWS\system32\ridybrfg.ini

2007-12-18 19:41 . 2007-12-18 19:41 986,094 ---hs---- C:\WINDOWS\system32\ndngpclg.ini

2007-12-18 17:41 . 2007-12-18 19:32 984,600 ---hs---- C:\WINDOWS\system32\cxnfixuf.ini

2007-12-18 16:10 . 2007-12-18 16:11 981,628 ---hs---- C:\WINDOWS\system32\dstcfaka.ini

2007-12-17 23:36 . 2007-12-18 16:07 971,069 ---hs---- C:\WINDOWS\system32\gmgrxulu.ini

2007-12-17 22:40 . 2007-12-17 22:40 970,949 ---hs---- C:\WINDOWS\system32\lkboinxr.ini

2007-12-17 21:57 . 2007-12-17 21:57 971,429 ---hs---- C:\WINDOWS\system32\lemyybji.ini

2007-12-17 21:32 . 2007-12-17 21:51 971,369 ---hs---- C:\WINDOWS\system32\xprcmcem.ini

2007-12-17 20:32 . 2007-12-17 20:32 971,249 ---hs---- C:\WINDOWS\system32\jrubsjmo.ini

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-29 14:25 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2007-12-26 19:29 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\LimeWire

2007-12-26 12:23 --------- d-----w C:\Programfiler\BitLord

2007-12-24 00:16 --------- d-----w C:\Programfiler\LimeWire

2007-12-21 20:48 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\Azureus

2007-12-18 19:35 --------- d-----w C:\Programfiler\Azureus