hjelp til fjerning av virus!

[viuldriftking]

fins det noen programer son fjerner virus? norton klarer ikke!

[Leeroymonster]

AVG har aldri svikta meg..

[Skagen]

Tråden var feilpostet og har blitt flyttet til riktig kategori.

 

(Vennligst ikke kommenter dette innlegget. Reaksjoner på moderering gjøres pr. PM/melding)

[snippsat]

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

[viuldriftking]

skal jeg legge inn loggfilen her?

[r2d290]

"Loggfilen kopierer du og limer inn i posten din."

 

så vidt jeg vet, er dette din post, så ja

[viuldriftking]

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:01:49, on 10.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\WINDOWS\System32\alg.exe

C:\Norman\npm\bin\niu.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\VIAudioi\SBADeck\ADeck.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe

C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\Sony Ericsson\Mobile2\File Manager\SendToDevice.exe

C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Programfiler\Grisoft\AVG7\avgcc.exe

C:\Programfiler\Grisoft\AVG7\avgwb.dat

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programfiler\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Glenn Birger\programer-inst\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: FINBHO - {5C472352-90D0-4214-BF20-8E4A2B82F980} - C:\Programfiler\Telenor\Online Start\modules\BrowserHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programfiler\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [AudioDeck] C:\Programfiler\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [bearShare] "C:\Documents and Settings\jan\Mine dokumenter\My Music\BearShare.exe" /pause

O4 - HKLM\..\Run: [Telenor] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [MSN] lssas.exe

O4 - HKLM\..\Run: [svchosts] C:\Lewlk10.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Glenn Birger\programer-inst\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Glenn Birger\programer-inst\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v902/Navigram.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar ) - http://img.pvw.od2.com/installation/Plugin...nagerPlugin.CAB

O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - C:\Programfiler\Telenor\Online Start\modules\BrowserHelper.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 11410 bytes

 

 

[norbat]

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

 

Post loggfilen fra combofix (c:\combofix.txt)

[viuldriftking]

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

 

Post loggfilen fra combofix (c:\combofix.txt)

 

 

 

ComboFix 08-03-10.1 - jan 2008-03-10 22:29:48.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.141 [GMT 1:00]Running from: C:\Documents and Settings\jan\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\images.zip

 

.

((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))

.

 

2008-03-10 22:00 . 2008-03-10 22:01 <DIR> d-------- C:\Documents and Settings\jan\Programdata\AVG7

2008-03-10 21:59 . 2008-03-10 21:59 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7

2008-03-10 21:59 . 2008-03-10 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft

2008-03-10 21:59 . 2008-03-10 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7

2008-03-10 21:48 . 2008-03-10 21:48 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-05 18:24 . 2008-03-05 18:24 <DIR> d-------- C:\Programfiler\Bonjour

2008-03-05 18:20 . 2008-03-05 18:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-03-05 18:20 . 2008-03-05 18:20 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-03-05 18:20 . 2008-03-05 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-03-05 18:15 . 2008-03-05 18:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-05 18:15 . 2008-03-05 18:15 1,409 --a------ C:\WINDOWS\QTFont.for

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-08 13:25 --------- d-----w C:\Programfiler\QuickTime

2008-03-08 13:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-03-01 14:27 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-02-14 02:08 --------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared

2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys

2008-02-07 17:24 --------- d-----w C:\Programfiler\Fellesfiler\Sony Ericsson Shared

2008-02-07 17:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Teleca

2008-02-07 17:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony Ericsson

2008-02-07 17:23 --------- d-----w C:\Programfiler\Sony Ericsson

2008-02-06 17:04 --------- d-----w C:\Programfiler\Java

2008-02-06 17:00 --------- d-----w C:\Documents and Settings\jan\Programdata\Sony Ericsson

2008-02-06 16:44 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-02-06 16:44 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2008-02-06 16:39 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys

2008-02-06 16:39 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys

2008-02-06 16:39 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-02-02 14:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\Winamp Toolbar

2008-02-01 16:10 --------- d-----w C:\Programfiler\Winamp

2008-02-01 16:03 --------- d-----w C:\Programfiler\ElastoManiaRegistered

2008-02-01 14:25 --------- d-----w C:\Programfiler\Fellesfiler\Logitech

2008-02-01 14:23 --------- d-----w C:\Programfiler\GameBiz2

2008-01-29 21:22 --------- d-----w C:\Programfiler\TVersity

2008-01-29 21:20 --------- d-----w C:\Programfiler\Haali

2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-12-19 22:58 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-02-01 16:57 1,256,528 ----a-w C:\Programfiler\NSupInfoInstall.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 13:36 68856]

"updateMgr"="C:\Glenn Birger\programer-inst\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="C:\Programfiler\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 10:10 450560]

"VTTimer"="VTTimer.exe" [2005-03-08 02:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-08-03 14:32 163840 C:\WINDOWS\system32\VTTrayp.exe]

"Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]

"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]

"BearShare"="C:\Documents and Settings\jan\Mine dokumenter\My Music\BearShare.exe" [ ]

"Telenor"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-02-03 12:25 94208]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" []

"LogitechCommunicationsManager"="C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe" [2006-08-03 08:44 529968]

"LVCOMSX"="C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe" [2006-08-03 12:29 244520]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712]

"svchosts"="C:\Lewlk10.exe" [ ]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-10 21:59 579072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-10 21:59 219136]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - C:\Glenn Birger\programer-inst\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"41952:TCP"= 41952:TCP:mediaserver...1

"41952:UDP"= 41952:UDP:mediaserver...2

 

R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 03:42]

R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56]

R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-06 17:39]

S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]

S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]

S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]

S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]

S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9685284-9be6-11da-b9eb-0013d39f544d}]

\Shell\AutoRun\command - J:\setupSNK.exe

 

*Newly Created Service* - AVG7ALRT

*Newly Created Service* - AVG7CORE

*Newly Created Service* - AVG7RSW

*Newly Created Service* - AVG7RSXP

*Newly Created Service* - AVG7UPDSVC

*Newly Created Service* - AVGCLEAN

*Newly Created Service* - AVGEMS

*Newly Created Service* - AVGTDI

.

Contents of the 'Scheduled Tasks' folder

"2008-03-07 16:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-03-10 21:15:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-10 22:34:57

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

svchosts = C:\Lewlk10.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-10 22:36:42

ComboFix-quarantined-files.txt 2008-03-10 21:36:31

.

2008-02-14 02:02:58 --- E O F ---

 

 

[norbat]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\Lewlk10.exe

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"svchosts"=-

 

Post ny HJT-logg.

[viuldriftking]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\Lewlk10.exe

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"svchosts"=-

 

Post ny HJT-logg.

 

 

 

ComboFix 08-03-10.1 - jan 2008-03-10 22:56:02.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.111 [GMT 1:00]

Running from: C:\Documents and Settings\jan\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\jan\Skrivebord\CFScript.txt..txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\Lewlk10.exe

.

 

((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))

.

 

2008-03-10 22:00 . 2008-03-10 22:01 <DIR> d-------- C:\Documents and Settings\jan\Programdata\AVG7

2008-03-10 21:59 . 2008-03-10 21:59 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7

2008-03-10 21:59 . 2008-03-10 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft

2008-03-10 21:59 . 2008-03-10 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7

2008-03-10 21:48 . 2008-03-10 21:48 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-05 18:24 . 2008-03-05 18:24 <DIR> d-------- C:\Programfiler\Bonjour

2008-03-05 18:20 . 2008-03-05 18:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-03-05 18:20 . 2008-03-05 18:20 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-03-05 18:20 . 2008-03-05 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-03-05 18:15 . 2008-03-05 18:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-05 18:15 . 2008-03-05 18:15 1,409 --a------ C:\WINDOWS\QTFont.for

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-08 13:25 --------- d-----w C:\Programfiler\QuickTime

2008-03-08 13:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-03-01 14:27 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-02-14 02:08 --------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared

2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys

2008-02-07 17:24 --------- d-----w C:\Programfiler\Fellesfiler\Sony Ericsson Shared

2008-02-07 17:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Teleca

2008-02-07 17:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony Ericsson

2008-02-07 17:23 --------- d-----w C:\Programfiler\Sony Ericsson

2008-02-06 17:04 --------- d-----w C:\Programfiler\Java

2008-02-06 17:00 --------- d-----w C:\Documents and Settings\jan\Programdata\Sony Ericsson

2008-02-06 16:44 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-02-06 16:44 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2008-02-06 16:39 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys

2008-02-06 16:39 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys

2008-02-06 16:39 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-02-02 14:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\Winamp Toolbar

2008-02-01 16:10 --------- d-----w C:\Programfiler\Winamp

2008-02-01 16:03 --------- d-----w C:\Programfiler\ElastoManiaRegistered

2008-02-01 14:25 --------- d-----w C:\Programfiler\Fellesfiler\Logitech

2008-02-01 14:23 --------- d-----w C:\Programfiler\GameBiz2

2008-01-29 21:22 --------- d-----w C:\Programfiler\TVersity

2008-01-29 21:20 --------- d-----w C:\Programfiler\Haali

2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-12-19 22:58 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-02-01 16:57 1,256,528 ----a-w C:\Programfiler\NSupInfoInstall.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 13:36 68856]

"updateMgr"="C:\Glenn Birger\programer-inst\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="C:\Programfiler\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 10:10 450560]

"VTTimer"="VTTimer.exe" [2005-03-08 02:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-08-03 14:32 163840 C:\WINDOWS\system32\VTTrayp.exe]

"Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]

"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]

"BearShare"="C:\Documents and Settings\jan\Mine dokumenter\My Music\BearShare.exe" [ ]

"Telenor"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-02-03 12:25 94208]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" []

"LogitechCommunicationsManager"="C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe" [2006-08-03 08:44 529968]

"LVCOMSX"="C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe" [2006-08-03 12:29 244520]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-10 21:59 579072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-10 21:59 219136]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - C:\Glenn Birger\programer-inst\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"41952:TCP"= 41952:TCP:mediaserver...1

"41952:UDP"= 41952:UDP:mediaserver...2

 

R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 03:42]

R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56]

R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-06 17:39]

S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]

S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]

S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]

S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]

S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9685284-9be6-11da-b9eb-0013d39f544d}]

\Shell\AutoRun\command - J:\setupSNK.exe

 

*Newly Created Service* - AVG7ALRT

*Newly Created Service* - AVG7CORE

*Newly Created Service* - AVG7RSW

*Newly Created Service* - AVG7RSXP

*Newly Created Service* - AVG7UPDSVC

*Newly Created Service* - AVGCLEAN

*Newly Created Service* - AVGEMS

*Newly Created Service* - AVGTDI

.

Contents of the 'Scheduled Tasks' folder

"2008-03-07 16:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-03-10 21:15:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-10 22:58:33

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-10 22:59:43

ComboFix-quarantined-files.txt 2008-03-10 21:59:27

ComboFix2.txt 2008-03-10 21:36:43

.

2008-02-14 02:02:58 --- E O F ---

 

 

[norbat]

- og en ny hjt-logg

[viuldriftking]

posta jeg ikke den nye loggen???

[norbat]

Ønsker å se en ny HJT-logg (ikke combofix-logg)

[viuldriftking]

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:42:48, on 11.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\WINDOWS\System32\alg.exe

C:\Programfiler\VIAudioi\SBADeck\ADeck.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe

C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Programfiler\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\explorer.exe

C:\Norman\npm\bin\niu.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programfiler\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Glenn Birger\programer-inst\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: FINBHO - {5C472352-90D0-4214-BF20-8E4A2B82F980} - C:\Programfiler\Telenor\Online Start\modules\BrowserHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programfiler\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [AudioDeck] C:\Programfiler\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [bearShare] "C:\Documents and Settings\jan\Mine dokumenter\My Music\BearShare.exe" /pause

O4 - HKLM\..\Run: [Telenor] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Glenn Birger\programer-inst\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Glenn Birger\programer-inst\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v902/Navigram.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar ) - http://img.pvw.od2.com/installation/Plugin...nagerPlugin.CAB

O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - C:\Programfiler\Telenor\Online Start\modules\BrowserHelper.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 10085 bytes

 

Ønsker å se en ny HJT-logg (ikke combofix-logg)

[norbat]

Du kjører med 2 antivirusprogram (Norman og AVG). Velg hvilket du vil beholde og avinstaller det andre.

 

Vurder om Bearshare og SweetIM er noe du må ha.

 

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programfiler\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)

O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programfiler\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)

 

Ut over dette ser ting og tang greit ut.

[viuldriftking]

så da skal alt vere i orden?

 

holder det med bare å avinstalere Bearshare og SweetIM eller må jeg slette filene også??

[norbat]

Ja, loggene dine viser ingen infeksjoner, så da skal alt være ok.

 

Vil tro det holder å avinstallere de to nevnte programmene, om du velger det.

[viuldriftking]

ok

 

tusen takk får hjelpen! var skikkelig bekymra her en stund!

 

hva skulle jeg gjort uten dere

 

Nå slipper alle på msn, å bli torturt av meldinger som sender linker til virus.

Endret 12. mars 2008 av viuldriftking