Har fått virus(Popup virus + trojaner)

[Kuuket]

Hei, har fått virus og er jo ikke den beste til og fjerne og fikse på akkurat detta:P

Jeg har i allefall fått virus som Popup og at explorer klikker.

Vis jeg kunne fått hjelp til og fjerne dette så hadde det vært fint : )

 

Her har dere Hijackthis loggen:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:34:52, on 23.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\System32\wltrysvc.exe

C:\windows\System32\bcmwltry.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\windows\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\windows\system32\uilecsad.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\windows\system32\nvsvc32.exe

C:\windows\system32\PnkBstrA.exe

C:\Programfiler\Silicon Image\3132-W-I32-R SATARAID5\SATARaid5ConfigService.exe

C:\windows\system32\svchost.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\windows\system32\wscntfy.exe

C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe

C:\windows\CTHELPER.EXE

C:\windows\system32\CTXFIHLP.EXE

C:\Programfiler\AGEIA Technologies\TrayIcon.exe

C:\Programfiler\Logitech\G-series Software\LGDCore.exe

C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Programfiler\Logitech\G-series Software\LCDMon.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm .exe

C:\Programfiler\Creative\Shared Files\Module Loader\DLLML .exe

C:\Programfiler\AGEIA Technologies\TrayIcon .exe

C:\Programfiler\Logitech\G-series Software\LGDCore .exe

C:\Programfiler\Logitech\Video\LogiTray.exe

C:\Programfiler\Logitech\G-series Software\LCDMon .exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm .exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe

C:\Programfiler\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

C:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Programfiler\Logitech\Video\LogiTray .exe

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Programfiler\iTunes\iTunesHelper .exe

C:\Programfiler\Winamp\winampa.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched .exe

C:\windows\system32\ctfmon.exe

C:\WINDOWS\system32\LVComsX.exe

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe

C:\Programfiler\Winamp\winampa .exe

C:\Programfiler\Logitech\Video\FxSvr2.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE

C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe

C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\BitTorrent\bittorrent.exe

C:\Programfiler\Winamp\winamp.exe

C:\Programfiler\BitTorrent\bittorrent .exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr .exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

E:\Programfiler\Steam\Steam.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\agent.exe

C:\windows\explorer.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hardware.no/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

F3 - REG:win.ini: load=C:\windows\system32\ddccc.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [VolPanel] "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Programfiler\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programfiler\ASUS\AI Booster\OverClk.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm .exe" -scheduler

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask .exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [38b51b0a] rundll32.exe "C:\windows\system32\fhlcmbye.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr .exe" /background

O4 - HKCU\..\Run: [MtdAcqu] "C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [igndlm.exe] C:\Programfiler\IGN\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent .exe" --force_start_minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Stefan Bakken\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Stefan Bakken\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180224437421

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180224428937

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: DomainService - - C:\windows\system32\uilecsad.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programfiler\WinPcap\rpcapd.exe

O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Programfiler\Silicon Image\3132-W-I32-R SATARAID5\SATARaid5ConfigService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\windows\System32\wltrysvc.exe

 

--

End of file - 13806 bytes

 

Jeg fant ikke noen feil på Hijackthis.de

 

Mvh Stefan

[Kuuket]

Fikk detta opp nå, se vedlegg

[snippsat]

last ned Vundofix

Scan for Vundo.

Når det er ferdig "Remove vundo"

Logg fra vundofix,vanligvis C:\vundofix.txt

Poster du.

-------------------

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

------------------

Last ned kjør SAS

Post logg.

-----------------

Last ned kjør CCleaner

-----------------

Etter dette restart og ny hjt-logg.

Endret 23. januar 2008 av SNIPPSAT

[Kuuket]

Driver på med det du sa nå;)men så fikk opp noe da jeg starta pcn i dag.(vedlegg)

[Kuuket]

HJT-loggen:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:17, on 2008-01-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\svchost.exe

C:\windows\System32\wltrysvc.exe

C:\windows\System32\bcmwltry.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\windows\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\windows\Explorer.EXE

C:\windows\CTHELPER.EXE

C:\windows\system32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\windows\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe

C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN

C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\windows\system32\nvsvc32.exe

C:\windows\system32\PnkBstrA.exe

C:\Programfiler\Silicon Image\3132-W-I32-R SATARAID5\SATARaid5ConfigService.exe

C:\windows\system32\svchost.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\windows\system32\wscntfy.exe

C:\windows\system32\wuauclt.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Winamp\winamp.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hardware.no/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: {7dd58b99-43f0-85ab-15f4-8e346bd20d37} - {73d02db6-43e8-4f51-ba58-0f3499b85dd7} - C:\windows\system32\alhvdlrp.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [VolPanel] "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Programfiler\AGEIA Technologies\TrayIcon.exe

O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programfiler\ASUS\AI Booster\OverClk.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm .exe" -scheduler

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask .exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MtdAcqu] "C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [igndlm.exe] C:\Programfiler\IGN\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent .exe" --force_start_minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Stefan Bakken\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Stefan Bakken\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180224437421

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180224428937

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\windows\system32\windows (file missing)

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programfiler\WinPcap\rpcapd.exe

O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Programfiler\Silicon Image\3132-W-I32-R SATARAID5\SATARaid5ConfigService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\windows\System32\wltrysvc.exe

 

--

End of file - 12365 bytes

 

VundoFix logg:

 

Klikk for å se/fjerne innholdet nedenfor

VundoFix V6.7.7

 

Checking Java version...

 

Sun Java not detected

Scan started at 15:18:33 24.01.2008

 

Listing files found while scanning....

 

C:\windows\system32\alhvdlrp.dll

C:\windows\system32\cbxvvst.dll

C:\windows\system32\cccdd.ini

C:\windows\system32\cccdd.ini2

C:\windows\system32\ddccc.dll

C:\windows\system32\ddccc.exe

C:\windows\system32\gagixsei.dll

C:\windows\system32\opnoolj.dll

C:\windows\system32\qomkjhi.dll

C:\windows\system32\sfrdipid.dll

C:\windows\system32\sfrdipid.dllbox

C:\windows\system32\uilecsad.exe

 

Beginning removal...

 

Attempting to delete C:\windows\system32\alhvdlrp.dll

C:\windows\system32\alhvdlrp.dll Has been deleted!

 

Attempting to delete C:\windows\system32\cbxvvst.dll

C:\windows\system32\cbxvvst.dll Has been deleted!

 

Attempting to delete C:\windows\system32\cccdd.ini

C:\windows\system32\cccdd.ini Has been deleted!

 

Attempting to delete C:\windows\system32\cccdd.ini2

C:\windows\system32\cccdd.ini2 Has been deleted!

 

Attempting to delete C:\windows\system32\ddccc.dll

C:\windows\system32\ddccc.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ddccc.exe

C:\windows\system32\ddccc.exe Has been deleted!

 

Attempting to delete C:\windows\system32\gagixsei.dll

C:\windows\system32\gagixsei.dll Has been deleted!

 

Attempting to delete C:\windows\system32\opnoolj.dll

C:\windows\system32\opnoolj.dll Could not be deleted.

 

Attempting to delete C:\windows\system32\qomkjhi.dll

C:\windows\system32\qomkjhi.dll Has been deleted!

 

Attempting to delete C:\windows\system32\sfrdipid.dll

C:\windows\system32\sfrdipid.dll Has been deleted!

 

Attempting to delete C:\windows\system32\sfrdipid.dllbox

C:\windows\system32\sfrdipid.dllbox Has been deleted!

 

Attempting to delete C:\windows\system32\uilecsad.exe

C:\windows\system32\uilecsad.exe Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\windows\system32\opnoolj.dll

C:\windows\system32\opnoolj.dll Could not be deleted.

 

Attempting to delete C:\windows\system32\uilecsad.exe

C:\windows\system32\uilecsad.exe Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

SAS logg:

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 01/24/2008 at 04:12 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3259

Trace Rules Database Version: 1270

 

Scan type : Quick Scan

Total Scan Time : 00:24:43

 

Memory items scanned : 472

Memory threats detected : 0

Registry items scanned : 920

Registry threats detected : 9

File items scanned : 42402

File threats detected : 226

 

Adware.Tracking Cookie

C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@clickbank[1].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan [email protected][2].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan [email protected][1].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@adbrite[2].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@atdmt[2].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@partypoker[2].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@tradedoubler[1].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan [email protected][1].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@counter-strike[1].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@bizadverts[1].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@adtech[1].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@advertising[1].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan [email protected][2].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@zedo[2].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@socialmedia[1].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan [email protected][2].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@doubleclick[1].txt

C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@ad[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@2adultflashgames[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@2o7[2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@adbrite[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@adlegend[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@adrevolver[2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][3].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@adtech[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@adultadworld[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@adultcheck[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@adultfriendfinder[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@advertising[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@apmebf[2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@atdmt[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@athomesexnetwork[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@atwola[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@belnk[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@bluestreak[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@burstnet[2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@casalemedia[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@click24[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@clickbank[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@clicktorrent[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@cpvfeed[2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@dhdmedia[2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@doubleclick[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@drivecleaner[2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@fastclick[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@findwhat[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@hitbox[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@homemadeporn[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@hotbar[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@hotlog[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@indexstats[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@indextools[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@kmpads[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@latinadultery[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@livesex[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@mediaplex[2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@optimost[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@overture[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@paycounter[2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@pornaccess[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@pornoarkivet[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@pornsickle[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@precisionclick[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@qksrv[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@questionmarket[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@revenue[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@revsci[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@serving-sys[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@serving-sys[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@sexlist[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@sexsearchcom[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@sextracker[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@sextv1[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@spylog[2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@statcounter[2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@tacoda[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@teenpinkvideos[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@teensforcash[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@toplist[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@toplist[2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@tradedoubler[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@trafficmp[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@tribalfusion[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@tripod[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@usenext[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@virginteenlesbians[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@weborama[1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][3].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][3].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][4].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][3].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt

F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@xiti[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@xxxcounter[1].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@yadro[2].txt

F:\Documents and Settings\Aleksander\Cookies\aleksander@zedo[1].txt

F:\Documents and Settings\Aleksander\Lokale innstillinger\Temp\Cookies\aleksander@atdmt[2].txt

F:\Documents and Settings\Aleksander\Lokale innstillinger\Temp\Cookies\aleksander@doubleclick[2].txt

F:\Documents and Settings\Aleksander\Lokale innstillinger\Temp\Cookies\[email protected][1].txt

F:\Documents and Settings\Aleksander\Lokale innstillinger\Temp\Cookies\aleksander@mediaplex[1].txt

F:\Documents and Settings\Aleksander\Lokale innstillinger\Temp\Cookies\[email protected][1].txt

 

Adware.RX Toolbar

HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}

HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\InprocServer32

HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\InprocServer32#ThreadingModel

HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\ProgID

HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\Programmable

HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\TypeLib

HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\VersionIndependentProgID

 

Adware.WhenU

HKCR\WUSE.1

HKCR\WUSE.1#WUSE_Id

 

Takker: )

 

Mvh Stefan

[r2d290]

bruk hijack this, og sett hake forran følgende linjer, og trykk på fix:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\windows\system32\windows (file missing)

 

det var det jeg kunne sile ut...

[Programvare]

I tillegg til r2d290 nevner, kan du også trykke fix checked på følgende:

 

O2 - BHO: {7dd58b99-43f0-85ab-15f4-8e346bd20d37} - {73d02db6-43e8-4f51-ba58-0f3499b85dd7} - C:\windows\system32\alhvdlrp.dll (file missing)

 

SAS tok med seg en del filer

[snippsat]

Viss du ikke kjenner til disse fix dem med hjt + linjer som nevnt over.

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

 

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

 

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

 

Ser greit ut nå.

Pcen kjører greit?

 

Kan godt ta en runde med combofix.

 

Gjør dette så du ikke blir infisert ved systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting[slå av restart]-*-[slå på igjen]

Endret 24. januar 2008 av SNIPPSAT

[Kuuket]

Tusen takk for all hjelpen : )

PCn er som før : ) Takker igjen : )

Mvh Stefan

[seruz]

har fått samme virus , her er Hijackthis loggen min ,noen som kan se på den??

 

Logfile of HijackThis v1.99.1

Scan saved at 22:04:17, on 07.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe

C:\Programfiler\ASUS\AI Gear\GearHelp.exe

C:\Programfiler\ASUS\AI Nap\AiNap.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\Rundll32.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Steam\Steam.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\seruz\Skrivebord\rw2_021_w02_enu.exe

c:\temp\HP All-in-One Series Web Release\Setup.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\iTunes\iTunes.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\distnoted.exe

C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Documents and Settings\seruz\Skrivebord\Ventrilo 2.1.4.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {39634E30-9C20-4B70-8B92-040B4D9A4C90} - C:\WINDOWS\system32\bat.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: superiorads - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - C:\WINDOWS\system32\sprt_ads.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [AsusStartupHelp] C:\Programfiler\ASUS\AASP\1.00.15\AsRunHelp.exe

O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programfiler\ASUS\AI Booster\OverClk.exe"

O4 - HKLM\..\Run: [Ai Gear Help] "C:\Programfiler\ASUS\AI Gear\GearHelp.exe"

O4 - HKLM\..\Run: [Ai Nap] "C:\Programfiler\ASUS\AI Nap\AiNap.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart

O4 - HKLM\..\Run: [sBCSTray] C:\Programfiler\Sunbelt Software\CounterSpy\SBCSTray.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe"

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programfiler\Sunbelt Software\CounterSpy\SBCSSvc.exe

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

[r2d290]

bruk hijack this, og sett hake forran følgende linjer, og trykk på fix:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart

 

 

last ned combofix link

Legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (vanligvis c:\combofix.txt).

og deretter en ny hijack this log.

[seruz]

takk ;D skal prøve

 

her er combifix loggen :

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39634E30-9C20-4B70-8B92-040B4D9A4C90}]

2004-08-04 13:00 84480 --a------ C:\WINDOWS\system32\bat.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"Steam"="C:\Programfiler\Steam\Steam.exe" [2008-01-15 22:47 1266936]

"DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2008-01-17 18:10 21686568]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]

"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 03:51 352256]

"AsusStartupHelp"="C:\Programfiler\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 07:25 363008]

"Launch Ai Booster"="C:\Programfiler\ASUS\AI Booster\OverClk.exe" [2006-11-28 17:20 3714048]

"Ai Gear Help"="C:\Programfiler\ASUS\AI Gear\GearHelp.exe" [2006-07-27 20:39 415744]

"Ai Nap"="C:\Programfiler\ASUS\AI Nap\AiNap.exe" [2006-11-30 11:23 1419776]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-13 06:58 7770112]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-13 06:58 81920]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-15 23:10 579072]

"PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

"SBCSTray"="C:\Programfiler\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17 699120]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-01-15 23:54 37376]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-15 23:10 219136]

 

R0 dglyfvkn;dglyfvkn;C:\WINDOWS\system32\drivers\xofvifhu.dat []

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-02-07 13:47]

R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 19:17]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a89d81-c387-11dc-b7ba-806d6172696f}]

\Shell\AutoRun\command - I:\AUTORUN.EXE

 

*Newly Created Service* - GTNDIS5

*Newly Created Service* - SBAPIFS

.

Contents of the 'Scheduled Tasks' folder

"2008-02-07 20:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-07 23:40:25

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-02-07 23:40:42

ComboFix-quarantined-files.txt 2008-02-07 22:40:40

.

2008-02-07 12:45:23 --- E O F ---

 

 

 

 

Og her er Hijack loggen :

Logfile of HijackThis v1.99.1

Scan saved at 23:42:08, on 07.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe

C:\Programfiler\ASUS\AI Gear\GearHelp.exe

C:\Programfiler\ASUS\AI Nap\AiNap.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Steam\Steam.exe

C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - {39634E30-9C20-4B70-8B92-040B4D9A4C90} - C:\WINDOWS\system32\bat.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [AsusStartupHelp] C:\Programfiler\ASUS\AASP\1.00.15\AsRunHelp.exe

O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programfiler\ASUS\AI Booster\OverClk.exe"

O4 - HKLM\..\Run: [Ai Gear Help] "C:\Programfiler\ASUS\AI Gear\GearHelp.exe"

O4 - HKLM\..\Run: [Ai Nap] "C:\Programfiler\ASUS\AI Nap\AiNap.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sBCSTray] C:\Programfiler\Sunbelt Software\CounterSpy\SBCSTray.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe"

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programfiler\Sunbelt Software\CounterSpy\SBCSSvc.exe

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Endret 7. februar 2008 av seruz

[r2d290]

nå får du bare vente på en raport fra geniene på forumet

 

Er problemet der fortsatt farresten?

[norbat]

Gå til nettstedet http://virusscan.jotti.org/ og last opp følgende fil for sjekk (i fet): C:\WINDOWS\system32\bat.dll

 

Last ned SAS (gratisversjonen), installer, oppdater og kjør en full (Complete) scan.

 

Gi tilbakemelding på fila bat.dll samt om SAS fant noe av betydning (preferences->statistics/logs)

[seruz]

her er scannen av bat fila > Scan taken on 09 Feb 2008 22:53:47 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found Win32:BHO-KD

AVG Antivirus Found nothing

BitDefender Found Trojan.Spy.Bzub.NGP (probable variant)

ClamAV Found nothing

CPsecure Found Troj.Downloader.W32.Delf.dzq

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found Trojan-PWS.Win32.Lmir

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found Mal/Behav-187

VirusBuster Found nothing

VBA32 Found nothing

 

 

 

men SaS merket ingenting da

[norbat]

Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked:

O2 - BHO: (no name) - {39634E30-9C20-4B70-8B92-040B4D9A4C90} - C:\WINDOWS\system32\bat.dll

 

Bruk utforsker og slett fila (i fet):

C:\WINDOWS\system32\bat.dll

 

Kjør gjerne combofix på nytt og post loggen, så tar vi en ekstra look

Endret 9. februar 2008 av norbat

[seruz]

når jeg trykker fix checked står det at jeg må gå ut av internett explorer og alle windows vinduer.... men det er jeg :S

[norbat]

Ja, du bør lukke nettleseren før du tar Fix checked.

[seruz]

jeg gjor det , men det kom fortsatt : / , ok va mener du me (i fet)?

[r2d290]

han mener den delen av linja han har skrevet, som har tykk skrift...