hjelp til fjerning av virus!

viuldriftking · 9. mars 2008

fins det noen programer son fjerner virus? norton klarer ikke!

Leeroymonster · 9. mars 2008

AVG har aldri svikta meg..

Skagen · 9. mars 2008

Tråden var feilpostet og har blitt flyttet til riktig kategori.

(Vennligst ikke kommenter dette innlegget. Reaksjoner på moderering gjøres pr. PM/melding)

snippsat · 9. mars 2008

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

viuldriftking · 10. mars 2008

skal jeg legge inn loggfilen her?

r2d290 · 10. mars 2008

"Loggfilen kopierer du og limer inn i posten din."

så vidt jeg vet, er dette din post, så ja

viuldriftking · 10. mars 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:01:49, on 10.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\WINDOWS\System32\alg.exe

C:\Norman\npm\bin\niu.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\VIAudioi\SBADeck\ADeck.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe

C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\Sony Ericsson\Mobile2\File Manager\SendToDevice.exe

C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Programfiler\Grisoft\AVG7\avgcc.exe

C:\Programfiler\Grisoft\AVG7\avgwb.dat

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programfiler\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Glenn Birger\programer-inst\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: FINBHO - {5C472352-90D0-4214-BF20-8E4A2B82F980} - C:\Programfiler\Telenor\Online Start\modules\BrowserHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programfiler\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [AudioDeck] C:\Programfiler\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [bearShare] "C:\Documents and Settings\jan\Mine dokumenter\My Music\BearShare.exe" /pause

O4 - HKLM\..\Run: [Telenor] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LVCOMSX] "C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [MSN] lssas.exe

O4 - HKLM\..\Run: [svchosts] C:\Lewlk10.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Glenn Birger\programer-inst\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Glenn Birger\programer-inst\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v902/Navigram.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar ) - http://img.pvw.od2.com/installation/Plugin...nagerPlugin.CAB

O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - C:\Programfiler\Telenor\Online Start\modules\BrowserHelper.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 11410 bytes

norbat · 10. mars 2008

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Post loggfilen fra combofix (c:\combofix.txt)

viuldriftking · 10. mars 2008

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Post loggfilen fra combofix (c:\combofix.txt)

ComboFix 08-03-10.1 - jan 2008-03-10 22:29:48.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.141 [GMT 1:00]Running from: C:\Documents and Settings\jan\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\images.zip

.

((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))

.

2008-03-10 22:00 . 2008-03-10 22:01 <DIR> d-------- C:\Documents and Settings\jan\Programdata\AVG7

2008-03-10 21:59 . 2008-03-10 21:59 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7

2008-03-10 21:59 . 2008-03-10 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft

2008-03-10 21:59 . 2008-03-10 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7

2008-03-10 21:48 . 2008-03-10 21:48 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-05 18:24 . 2008-03-05 18:24 <DIR> d-------- C:\Programfiler\Bonjour

2008-03-05 18:20 . 2008-03-05 18:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-03-05 18:20 . 2008-03-05 18:20 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-03-05 18:20 . 2008-03-05 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-03-05 18:15 . 2008-03-05 18:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-05 18:15 . 2008-03-05 18:15 1,409 --a------ C:\WINDOWS\QTFont.for

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-08 13:25 --------- d-----w C:\Programfiler\QuickTime

2008-03-08 13:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-03-01 14:27 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-02-14 02:08 --------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared

2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys

2008-02-07 17:24 --------- d-----w C:\Programfiler\Fellesfiler\Sony Ericsson Shared

2008-02-07 17:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Teleca

2008-02-07 17:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony Ericsson

2008-02-07 17:23 --------- d-----w C:\Programfiler\Sony Ericsson

2008-02-06 17:04 --------- d-----w C:\Programfiler\Java

2008-02-06 17:00 --------- d-----w C:\Documents and Settings\jan\Programdata\Sony Ericsson

2008-02-06 16:44 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-02-06 16:44 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2008-02-06 16:39 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys

2008-02-06 16:39 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys

2008-02-06 16:39 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-02-02 14:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\Winamp Toolbar

2008-02-01 16:10 --------- d-----w C:\Programfiler\Winamp

2008-02-01 16:03 --------- d-----w C:\Programfiler\ElastoManiaRegistered

2008-02-01 14:25 --------- d-----w C:\Programfiler\Fellesfiler\Logitech

2008-02-01 14:23 --------- d-----w C:\Programfiler\GameBiz2

2008-01-29 21:22 --------- d-----w C:\Programfiler\TVersity

2008-01-29 21:20 --------- d-----w C:\Programfiler\Haali

2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-12-19 22:58 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-02-01 16:57 1,256,528 ----a-w C:\Programfiler\NSupInfoInstall.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 13:36 68856]

"updateMgr"="C:\Glenn Birger\programer-inst\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="C:\Programfiler\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 10:10 450560]

"VTTimer"="VTTimer.exe" [2005-03-08 02:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-08-03 14:32 163840 C:\WINDOWS\system32\VTTrayp.exe]

"Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]

"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]

"BearShare"="C:\Documents and Settings\jan\Mine dokumenter\My Music\BearShare.exe" [ ]

"Telenor"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-02-03 12:25 94208]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" []

"LogitechCommunicationsManager"="C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe" [2006-08-03 08:44 529968]

"LVCOMSX"="C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe" [2006-08-03 12:29 244520]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712]

"svchosts"="C:\Lewlk10.exe" [ ]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-10 21:59 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-10 21:59 219136]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - C:\Glenn Birger\programer-inst\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"41952:TCP"= 41952:TCP:mediaserver...1

"41952:UDP"= 41952:UDP:mediaserver...2

R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 03:42]

R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56]

R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-06 17:39]

S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]

S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]

S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]

S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]

S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]

S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9685284-9be6-11da-b9eb-0013d39f544d}]

\Shell\AutoRun\command - J:\setupSNK.exe

*Newly Created Service* - AVG7ALRT

*Newly Created Service* - AVG7CORE

*Newly Created Service* - AVG7RSW

*Newly Created Service* - AVG7RSXP

*Newly Created Service* - AVG7UPDSVC

*Newly Created Service* - AVGCLEAN

*Newly Created Service* - AVGEMS

*Newly Created Service* - AVGTDI

.

Contents of the 'Scheduled Tasks' folder

"2008-03-07 16:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-03-10 21:15:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-10 22:34:57

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

svchosts = C:\Lewlk10.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-10 22:36:42

ComboFix-quarantined-files.txt 2008-03-10 21:36:31

.

2008-02-14 02:02:58 --- E O F ---

norbat · 10. mars 2008

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\Lewlk10.exe

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"svchosts"=-

Post ny HJT-logg.

viuldriftking · 10. mars 2008

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.
Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\Lewlk10.exe

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"svchosts"=-

Post ny HJT-logg.

ComboFix 08-03-10.1 - jan 2008-03-10 22:56:02.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.111 [GMT 1:00]

Running from: C:\Documents and Settings\jan\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\jan\Skrivebord\CFScript.txt..txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\Lewlk10.exe