problemer med Trojansk hest - tilbake

[Troger]

Hei

 

jeg har nettopp fått meg norton 360, og det gir meg beskjed om at jeg har en trojansk hest på dataen, men det er ikke et virus så norton klarer ikke å ta det.

bakgrunnen min er helt svart, og uansett hva jeg gjør får jeg ikke til å skifte bakgrunn.

 

har fulgt instruksene

 

ComboFix

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-04-15.4 - Tor Eivind 2008-04-16 10:20:58.1 - NTFSx86

Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1044.18.831 [GMT 2:00]

Running from: C:\Users\Tor Eivind\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\PC-Cleaner

C:\Program Files\PC-Cleaner\PC-Cleaner.db

C:\Program Files\PC-Cleaner\pccleaner.pkg

C:\Program Files\PC-Cleaner\program.info

C:\Users\Tor Eivind\Desktopblackbird.jpg

C:\Users\Tor Eivind\DesktopEditorFKWP1.5.exe

C:\Users\Tor Eivind\DesktopEditorFKWP2.0.exe

C:\Users\Tor Eivind\Desktopfilemanagerclient.exe

C:\Users\Tor Eivind\Desktopfkwp1.5.exe

C:\Users\Tor Eivind\Desktopfkwp2.0.exe

C:\Users\Tor Eivind\Desktopfwebd.exe

C:\Users\Tor Eivind\DesktopFWebdEditor.exe

C:\Users\Tor Eivind\DesktopTrojan.Win32.BlackBird.exe

C:\Users\Tor Eivind\Desktopvirii

F:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-16 06:31 --------- d-----w C:\Users\Tor Eivind\AppData\Roaming\Hamachi

2008-04-15 16:27 --------- d-----w C:\Program Files\Steam

2008-04-15 15:57 --------- d-----w C:\ProgramData\ybynujoh

2008-04-15 15:57 --------- d-----w C:\ProgramData\ozlvtujx

2008-04-15 12:53 --------- d-----w C:\Users\Tor Eivind\AppData\Roaming\HouseCall 6.6

2008-04-15 10:34 --------- d-----w C:\Program Files\Trend Micro

2008-04-15 10:23 --------- d-----w C:\Users\Tor Eivind\AppData\Roaming\SUPERAntiSpyware.com

2008-04-15 10:23 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com

2008-04-15 10:23 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-04-15 10:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-04-15 10:18 --------- d-----w C:\ProgramData\Lavasoft

2008-04-10 05:29 --------- d-----w C:\Program Files\Java

2008-04-09 21:12 --------- d-----w C:\Program Files\Windows Mail

2008-04-09 17:26 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4

2008-04-09 17:00 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-07 12:18 --------- d-----w C:\ProgramData\Roxio

2008-04-07 12:18 --------- d-----w C:\Program Files\Common Files\Roxio Shared

2008-04-07 12:01 --------- d-----w C:\Users\Tor Eivind\AppData\Roaming\Roxio

2008-04-07 12:01 --------- d-----w C:\ProgramData\Sonic

2008-04-07 11:59 --------- d-----w C:\Program Files\SopCast

2008-04-07 11:27 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3

2008-04-07 10:55 --------- d-----w C:\Users\Tor Eivind\AppData\Roaming\Symantec

2008-04-07 10:53 --------- d-----w C:\ProgramData\Symantec

2008-04-07 10:53 --------- d-----w C:\Program Files\Norton 360

2008-04-07 10:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-07 10:46 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF

2008-04-07 10:46 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS

2008-04-07 10:46 10,563 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT

2008-04-07 10:46 --------- d-----w C:\Program Files\Symantec

2008-04-07 10:34 --------- d-----w C:\ProgramData\Symantec Temporary Files

2008-04-02 14:47 --------- d-----w C:\Program Files\Common Files\Steam

2008-03-31 17:56 --------- d-----w C:\Program Files\Windows Live

2008-03-31 17:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-31 17:49 --------- d-----w C:\ProgramData\WLInstaller

2008-03-31 10:43 --------- d-----w C:\Users\Tor Eivind\AppData\Roaming\Creative

2008-03-29 20:33 --------- d-----w C:\Program Files\Ea Games

2008-03-27 21:15 --------- d-----w C:\Users\Tor Eivind\AppData\Roaming\Comodo

2008-03-27 21:15 --------- d-----w C:\Program Files\COMODO

2008-03-26 17:31 --------- d-----w C:\Users\Tor Eivind\AppData\Roaming\FrostWire

2008-03-21 07:14 --------- d-----w C:\Program Files\DivX

2008-03-21 06:17 --------- d-----w C:\Users\Tor Eivind\AppData\Roaming\uTorrent

2008-03-13 19:45 --------- d-----w C:\Program Files\FrostWire

2008-03-10 10:34 --------- d-----w C:\Users\Tor Eivind\AppData\Roaming\JLC's Software

2008-03-10 10:34 --------- d-----w C:\Program Files\JLC's Software

2008-03-08 07:31 --------- d-----w C:\Program Files\Windows Live Toolbar

2008-03-07 00:08 --------- d-----w C:\Program Files\MSN Messenger

2008-03-06 19:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-03-06 19:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-03-06 19:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat

2008-03-04 14:04 --------- d-----w C:\Program Files\Project64 1.6

2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll

2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe

2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe

2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll

2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-02-27 12:13 --------- d-----w C:\Program Files\Microsoft Games

2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll

2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe

2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll

2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll

2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll

2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll

2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll

2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll

2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll

2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll

2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll

2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll

2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll

2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll

2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll

2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll

2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe

2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll

2008-02-20 01:06 24,112 ----a-w C:\Windows\system32\drivers\SymIMV.sys

2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll

2008-02-18 12:00 --------- d-----w C:\Program Files\CCleaner

2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe

2008-02-14 02:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-14 02:09 613,888 ----a-w C:\Windows\System32\wpd_ci.dll

2008-02-14 02:09 558,080 ----a-w C:\Windows\System32\oleaut32.dll

2008-02-14 02:09 35,328 ----a-w C:\Windows\System32\dispci.dll

2008-02-14 02:09 260,096 ----a-w C:\Windows\System32\dpx.dll

2008-02-14 02:09 224,824 ----a-w C:\Windows\System32\clfs.sys

2008-02-14 02:09 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll

2008-02-14 02:09 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll

2008-02-14 02:09 12,800 ----a-w C:\Windows\System32\batt.dll

2008-02-14 02:09 101,888 ----a-w C:\Windows\System32\drvinst.exe

2008-02-14 02:09 1,585,664 ----a-w C:\Windows\System32\setupapi.dll

2008-02-14 02:08 905,400 ----a-w C:\Windows\System32\winresume.exe

2008-02-14 02:08 595,456 ----a-w C:\Windows\System32\schedsvc.dll

2008-02-14 02:08 39,424 ----a-w C:\Windows\System32\lodctr.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2008-02-23 20:08 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-04-07 12:45 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll" [2008-02-23 20:08 349552]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-02-23 20:08 349552]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]

@={4433A54A-1AC8-432F-90FC-85F045CF383C}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]

@={F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]

@={476D0EA3-80F9-48B5-B70B-05E677C9C148}

 

[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]

2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

 

[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]

2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

 

[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]

2008-02-26 10:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 15:54 486856]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-29 21:01 1006264]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-10-17 16:55 1097728]

"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2006-12-14 15:22 330264]

"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 16:52 145184]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 15:36 827392]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 16:13 472776]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-01-20 09:41 159744]

"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 19:12 17920]

"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]

"CTRegRun"="C:\Windows\CTRegRun.EXE" [1999-10-10 19:00 41984]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 03:09 842584]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 13:37 51048]

"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 16:50 988512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"ST Recovery Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 12:27:40 719664]

DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-08-28 17:10:28 184320]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiSpywareOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{27A22CDB-1BEC-44DF-A91B-7283D5988244}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{E7B1FF4D-3CC2-42E9-B3DE-EE793F4BA80D}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{FB9E9FCD-70A1-43A2-8D53-58A073FD07BB}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{CC2ABD0F-6A84-4FEC-A4E1-713CDE81532A}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"{50D00BE1-0FFE-421B-9DF5-6473891C97A6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F3D2C692-0716-40B0-B79C-C163B7EA4B53}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{9A544504-FABA-4A58-B2A3-B9233F675F10}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher

"UDP Query User{E6E2442A-940B-4F35-B4C8-725122847ACD}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher

"TCP Query User{1A218B5B-493F-4BE3-9C17-324A58A63546}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher

"UDP Query User{37DC6875-00B2-4400-8EAA-EBA540291221}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher

"TCP Query User{112D20D9-B24B-4E1A-8F4A-1C49283E7C84}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{D5312BF2-F673-47F5-B2F9-A33D77BCC926}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application

"TCP Query User{24F2D1A2-89E2-4837-B3AB-F8A1D5253373}C:\\users\\tor eivind\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\tor eivind\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe

"UDP Query User{1AF7B950-F85D-47AA-9A84-0531BDCB6856}C:\\users\\tor eivind\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\tor eivind\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe

"TCP Query User{D1FDAAD2-080C-4508-9063-9743ADCBDE8F}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{AD1FA0DE-2387-4888-9F78-CD615CE8E7F7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{76BEBBF5-A506-4D5C-8D17-3DC400006471}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{ADAEAE2C-1B64-46ED-AB54-0328CE546821}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{8E362C32-B900-47D3-9F4C-E4792485C036}C:\\users\\tor eivind\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\tor eivind\program files\utorrent\utorrent.exe:utorrent.exe

"UDP Query User{A83DBA71-CF58-42B8-82E4-47E8379AFF9C}C:\\users\\tor eivind\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\tor eivind\program files\utorrent\utorrent.exe:utorrent.exe

"TCP Query User{FF588B04-7862-4D34-99FD-08BA9A06496D}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts

"UDP Query User{55521510-AB83-4129-A791-011C34AB7EB5}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts

"{D972CB1B-8FB2-4C7C-A34F-35D10F624FA4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{03FB16A2-28D1-49CF-B722-88959E343BAA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{61F489D0-C963-421D-95D4-7B26FF9212DA}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC

"UDP Query User{48174C46-02CB-43D0-B86F-785760EADAF1}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

"TCP Query User{3C8A84E4-437B-4786-8574-761E617B4242}C:\\program files\\steam\\steamapps\\doavegard\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\doavegard\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{152E6CB2-6305-4C56-806F-6C434422E4AA}C:\\program files\\steam\\steamapps\\doavegard\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\doavegard\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{8ACC8652-C257-4D4A-A35C-C0CB5E60FE2B}C:\\program files\\steam\\steamapps\\zeuz741\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\zeuz741\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{AC0E1F76-BAC7-49D1-A401-619809928EC8}C:\\program files\\steam\\steamapps\\zeuz741\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\zeuz741\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{BFC05772-8502-4A55-823D-CD0A87BE85EE}C:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion

"UDP Query User{3CFDB19C-A537-4151-A4A7-2651BD554F61}C:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion

"{5478CACA-8818-4FA8-AE0D-81F73CF77805}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{AC047546-519B-4B85-BD86-B00C4DA3561F}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"TCP Query User{29CDFB7B-4125-4BE2-A3DF-5FBBBC0A2D92}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"UDP Query User{1E4D90AB-97F3-4091-903D-586E3E88693A}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"TCP Query User{0FAF6F06-C57B-4DDD-B4CD-77C72DB353E6}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{23C224F1-BE43-46EF-9E47-E390ECBB6E60}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{C265534A-BCD6-438F-8B52-1CAF539ADEA9}C:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= UDP:C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion

"UDP Query User{D6C69B2A-EE88-4867-B930-40F1416D3CD4}C:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.exe"= TCP:C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe:Age of Empires II Expansion

"TCP Query User{94D4468F-EB24-4E2B-B1B0-3DBC9486B8DC}C:\\program files\\sports interactive\\football manager 2008\\fm.exe"= UDP:C:\program files\sports interactive\football manager 2008\fm.exe:Football Manager 2008

"UDP Query User{45FAD8AF-0834-46C0-863F-819C5A0FC192}C:\\program files\\sports interactive\\football manager 2008\\fm.exe"= TCP:C:\program files\sports interactive\football manager 2008\fm.exe:Football Manager 2008

"TCP Query User{339FC91C-DA4A-4090-AAEE-D90510C961F1}C:\\users\\tor eivind\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\tor eivind\program files\utorrent\utorrent.exe:utorrent.exe

"UDP Query User{58EFD358-5494-445C-BC7E-E655968823BE}C:\\users\\tor eivind\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\tor eivind\program files\utorrent\utorrent.exe:utorrent.exe

"TCP Query User{15B6ECB0-BD19-4186-B877-090137ABCA8F}C:\\program files\\steam\\steamapps\\zeuz741\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\zeuz741\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{6233366D-3018-4E17-BD74-DD069CD80D8E}C:\\program files\\steam\\steamapps\\zeuz741\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\zeuz741\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{C2FCEFF0-7871-441F-92A8-05DF58CA6C70}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"UDP Query User{E822892F-CCB2-418F-A419-E0D7642F8AB7}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"TCP Query User{2D751CFB-8C90-4C75-AEDB-605CF2028BD5}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire

"UDP Query User{DBF6EC44-AC97-4638-82E0-EE75AB52AEEA}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire

"{1E27FF47-C96D-473F-9A7F-E4B9D22EBB07}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{0233A12E-995B-4AA7-BC93-DCF69FAC7803}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV

"UDP Query User{1D079BEB-6F11-49CC-B2F1-97365D558D0A}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV

"TCP Query User{AD09F554-DF88-4741-B837-146D7147B34B}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV

"UDP Query User{5024BD38-73E7-43CC-A917-23DA771CF704}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV

"TCP Query User{AE99BEF2-5893-4C04-B0E3-C27B5644732F}C:\\program files\\steam\\steamapps\\zeuz741\\condition zero\\hl.exe"= UDP:C:\program files\steam\steamapps\zeuz741\condition zero\hl.exe:Half-Life Launcher

"UDP Query User{A4BEA85D-BF6E-4A4F-98FC-4F30B77A7932}C:\\program files\\steam\\steamapps\\zeuz741\\condition zero\\hl.exe"= TCP:C:\program files\steam\steamapps\zeuz741\condition zero\hl.exe:Half-Life Launcher

"TCP Query User{733AAE05-CEE7-4FD9-90B6-1E1A9D0C7523}C:\\program files\\steam\\steamapps\\zeuz741\\condition zero\\hl.exe"= UDP:C:\program files\steam\steamapps\zeuz741\condition zero\hl.exe:Half-Life Launcher

"UDP Query User{99C8C53F-BEF7-4C22-990C-A94B1CC2AD3D}C:\\program files\\steam\\steamapps\\zeuz741\\condition zero\\hl.exe"= TCP:C:\program files\steam\steamapps\zeuz741\condition zero\hl.exe:Half-Life Launcher

"TCP Query User{FCF8B0F9-163A-40DF-9AEE-36A34D0CE3A6}C:\\program files\\steam\\steamapps\\zeuz741\\condition zero deleted scenes\\hl.exe"= UDP:C:\program files\steam\steamapps\zeuz741\condition zero deleted scenes\hl.exe:Half-Life Launcher

"UDP Query User{8AF39589-A673-4937-9DB9-94747E438C10}C:\\program files\\steam\\steamapps\\zeuz741\\condition zero deleted scenes\\hl.exe"= TCP:C:\program files\steam\steamapps\zeuz741\condition zero deleted scenes\hl.exe:Half-Life Launcher

"TCP Query User{7886D273-DFDE-4226-B678-58F0B38A823C}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= UDP:C:\program files\ea games\battlefield 2\bf2.exe:BF2

"UDP Query User{744957DD-EF18-4EFE-9D0C-D8061CF26148}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= TCP:C:\program files\ea games\battlefield 2\bf2.exe:BF2

"TCP Query User{19341499-CF64-4F50-A39B-2E89F6F88ED4}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= UDP:C:\program files\ea games\battlefield 2\bf2.exe:BF2

"UDP Query User{4DABAFF0-4648-43FE-ADDB-D047091FE3B8}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= TCP:C:\program files\ea games\battlefield 2\bf2.exe:BF2

"TCP Query User{DA6171FA-0C78-4102-B0D8-D89344B0B805}C:\\program files\\mozilla firefox 3 beta 3\\firefox.exe"= UDP:C:\program files\mozilla firefox 3 beta 3\firefox.exe:Firefox

"UDP Query User{A85D46EC-E9A8-4CA4-8175-5E44CB95482F}C:\\program files\\mozilla firefox 3 beta 3\\firefox.exe"= TCP:C:\program files\mozilla firefox 3 beta 3\firefox.exe:Firefox

"{2AD72A3E-C029-4A10-B3A8-1D6602A315DC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{2CB1A74E-D1B9-4578-A7EF-0E769FA7D03A}C:\\users\\tor eivind\\downloads\\housecall66.exe"= UDP:C:\users\tor eivind\downloads\housecall66.exe:housecall66.exe

"UDP Query User{8D38EC58-3A26-49F0-830C-6E4DDBA94325}C:\\users\\tor eivind\\downloads\\housecall66.exe"= TCP:C:\users\tor eivind\downloads\housecall66.exe:housecall66.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"C:\\Program Files\\PPMate\\ppmate.exe"= C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate

"<NO NAME>"= "C:\Program Files\PPStream\PPStream.exe" "C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream"

 

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 12:23]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080411.002\IDSvix86.sys [2008-04-04 00:24]

R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 11:45]

R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 11:45]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2007-01-05 05:00]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2006-12-14 15:22]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-01-23 17:10]

R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 12:45]

R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 12:45]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 12:45]

R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 17:09]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-05 21:34]

S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2008-02-21 16:02]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-13 12:49]

S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-02 07:20]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

Cognizance REG_MULTI_SZ ASBroker ASChannel

GPSvcGroup REG_MULTI_SZ GPSvc

 

*Newly Created Service* - COMHOST

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {BD9D0E31-3B6D-27C5-91F5-6F30E577A0F9} /qb

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-16 10:30:11

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 12

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\Ati2evxx.exe

C:\Windows\System32\audiodg.exe

C:\Windows\System32\Ati2evxx.exe

C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe

C:\Windows\System32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Windows\System32\CTSVCCDA.EXE

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\System32\conime.exe

C:\Windows\SMINST\Scheduler.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Hamachi\hamachi.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\wbem\WMIADAP.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Completion time: 2008-04-16 10:34:41 - machine was rebooted [Tor Eivind]

ComboFix-quarantined-files.txt 2008-04-16 08:34:25

 

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

.

2008-04-15 18:40:11 --- E O F ---

 

SuperAntiSpyware

 

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/16/2008 at 10:09 AM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3438

Trace Rules Database Version: 1430

 

Scan type : Complete Scan

Total Scan Time : 00:32:03

 

Memory items scanned : 888

Memory threats detected : 0

Registry items scanned : 6691

Registry threats detected : 0

File items scanned : 27261

File threats detected : 0

 

Tidligere SuperAntiSpyware logg

 

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/15/2008 at 05:31 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3438

Trace Rules Database Version: 1430

 

Scan type : Complete Scan

Total Scan Time : 00:36:32

 

Memory items scanned : 922

Memory threats detected : 3

Registry items scanned : 6692

Registry threats detected : 2

File items scanned : 27283

File threats detected : 6

 

Adware.Vundo Variant/Resident

C:\USERS\TOREIV~1\APPDATA\LOCAL\TEMP\WVULMNKI.DLL

C:\USERS\TOREIV~1\APPDATA\LOCAL\TEMP\WVULMNKI.DLL

 

Trojan.Unclassified/Multi-Dropper

C:\PROGRAMDATA\OZLVTUJX\WBEBIVYJ.EXE

C:\PROGRAMDATA\OZLVTUJX\WBEBIVYJ.EXE

[ozlvtujx] C:\PROGRAMDATA\OZLVTUJX\WBEBIVYJ.EXE

C:\Windows\Prefetch\WBEBIVYJ.EXE-29B9A2C4.pf

 

Trojan.Unclassified/Multi-Dropper (Packed)

C:\PROGRAMDATA\YBYNUJOH\ABOVEFQF.EXE

[Q5fBQykdjk] C:\PROGRAMDATA\YBYNUJOH\ABOVEFQF.EXE

C:\PROGRAMDATA\YBYNUJOH\ABOVEFQF.EXE

C:\Windows\Prefetch\ABOVEFQF.EXE-E099AF3E.pf

 

Adware.Vundo-Variant

C:\USERS\TOR EIVIND\APPDATA\LOCAL\TEMP\WVULMNKI.DLL

 

HJT logg

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:45:15, on 16.04.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

 

Running processes:

C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hamachi\hamachi.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Tor Eivind\Desktop\Fotball\test.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Get 2 FREE Audiobooks.lnk = C:\Users\Tor Eivind\AppData\Local\Temp\HelpInstaller_StartUp.exe

O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe

O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab

O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O20 - AppInit_DLLs: APSHook.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 11344 bytes

 

En stund etter å ha gjort alt fikk jeg bluescreen, når pcen da startet igjen var bakgrunnsbildet der

Endret 19. mai 2008 av Troger

[norbat]

Åpne notisblokk, kopier og lim inn det som står i fet skrift under. Lagre fila på skrivebordet som

CFScript.txt

Dra fila over Combofix-iconet. Combofix vil starte igjen.

Folder::

C:\ProgramData\ybynujoh

C:\ProgramData\ozlvtujx

 

Du trenger ikke å poste loggen. Fortell hvordan PC-en kjører

[Troger]

gjorde som du sa og ComboFix loadet, men det ville ikke åpne seg noen vindu.

[norbat]

Ok,

Du kunne ha lastet ned combofix på nytt og prøvd cfscript-fila på nytt. Alt. så bruker du utforsker til å slette de to nevnte mappene.

[Troger]

fikk slettet filene nå.

problemet er vell ikke løst allerede?

[norbat]

Vel,

loggene dine vil etter dette se fine ut. Opplever du fortsatt noen problemer?

 

Hvis du tidligere brukte Comodo som brannmur (og du nå bruker Norton sin), så kan du fjerne programmet evt. mappene:

C:\Users\Tor Eivind\AppData\Roaming\Comodo

C:\Program Files\COMODO

[Troger]

takk

 

håper dette vil funke

[norbat]

Hvis PC-en kjører fint nå, så kan du avinstallere combofix ved å skrive combofix /u i kjør/søk-feltet. Dette fjerner progammet + nullstiller systemgjenopprettingen.[

[r2d290]

Bruk maskinen litt. Gi raport, både hvis alt fungerer som det skal, eller ikke.

 

Hvis alt er som det skal, kan du redigere emnetittelen din, ved å trykke på "rediger" i førsteposten din, og velge "full redigering".

 

skriv: [LØST]

 

Foran emnetittelen din.

Dette vil gjøre det mer oversiktlig på "antivirusprogrammer og datasikkerhet" delen av forumet