Gå til innhold

[LØST] hjelp til fjerning av Trojan søppel

kong_haakon

Av kong_haakon
i IKT-drift og sikkerhet

Anbefalte innlegg

kong_haakon

kong_haakon

Skrevet
Skrevet (endret)

Hei!

 

Har fått noe dritt gjennom nettverket til en jeg bor med tror jeg..

 

Han hadde visst akkurat hatt noe som ligna og tipsa meg om at dere var magikere med sånt..

 

Har kjørt hele langversjonen på første sida og her er loggene mine.. håper dere kan hjelpe meg!

 

 

CombofixLog:

 

[skjult]ComboFix 08-04-28.2 - Ola Håkon 2008-04-29 19:46:28.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1451 [GMT 2:00]

Running from: C:\Documents and Settings\Ola Håkon\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\BHjlknmp.ini

C:\WINDOWS\system32\BHjlknmp.ini2

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\thtwmcjk.dll

C:\WINDOWS\system32\wwrkgxep.ini

C:\WINDOWS\system32\yhwonsyx.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))

.

 

2008-04-29 18:51 . 2008-04-29 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-04-29 18:50 . 2008-04-29 18:50 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-04-29 18:47 . 2008-04-29 18:47 <DIR> d-------- C:\Programfiler\CCleaner

2008-04-28 23:51 . 2008-04-29 11:13 109,747 --a------ C:\WINDOWS\BM47b1b7ed.xml

2008-04-27 19:13 . 2005-05-13 09:21 120,832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL

2008-04-27 19:13 . 2001-07-16 02:06 12,288 --a------ C:\WINDOWS\system32\APFMON40.DLL

2008-04-27 13:51 . 2008-04-27 13:51 413 --a------ C:\WINDOWS\BRWMARK.INI

2008-04-27 13:51 . 2008-04-27 13:51 34 --a------ C:\WINDOWS\system32\BD2030.DAT

2008-04-22 00:00 . 2008-04-22 00:01 <DIR> d-------- C:\Programfiler\CLUE

2008-04-20 00:18 . 2008-04-20 00:18 <DIR> d--h----- C:\WINDOWS\PIF

2008-04-13 21:09 . 2004-03-08 20:30 609,824 --a------ C:\WINDOWS\system32\ComCtl32.ocx

2008-04-13 21:09 . 2005-07-15 12:49 245,760 --a------ C:\WINDOWS\system32\aUpdateNow.ocx

2008-04-13 21:09 . 2004-03-08 18:00 132,880 --a------ C:\WINDOWS\system32\msinet.ocx

2008-04-12 00:58 . 2008-04-12 00:58 <DIR> d-------- C:\Programfiler\MySpace Views Increaser

2008-04-11 23:27 . 2008-04-14 11:49 <DIR> d-------- C:\Programfiler\Badder Adder

2008-04-11 23:27 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2008-04-07 11:08 . 2008-04-07 11:08 <DIR> d-------- C:\Programfiler\iPod

2008-03-31 22:11 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-03-31 22:11 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-29 16:49 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-04-28 22:28 --------- d-----w C:\Programfiler\VideoLAN

2008-04-11 23:27 --------- d-----w C:\Programfiler\BitComet

2008-04-07 09:11 --------- d-----w C:\Programfiler\Free CD-DA Extractor 4.8

2008-04-07 09:09 --------- d-----w C:\Programfiler\iTunes

2008-04-07 09:07 --------- d-----w C:\Programfiler\QuickTime

2008-03-14 09:10 --------- d-----w C:\Programfiler\Java

2007-06-10 06:52 168 --sh--r C:\WINDOWS\system32\B320DFEDC0.sys

2007-06-10 06:54 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{990602cd-6671-4369-8217-37d438de5cee}]

C:\WINDOWS\system32\ymregjqd.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]

"Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2007-02-20 13:29 1191936]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]

"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 19:04 802816]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 18:58 696320]

"PCMService"="C:\Programfiler\Dell\MediaDirect\PCMService.exe" [2006-08-22 16:32 184320]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"Ad-Watch"="C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-07-06 13:12 2224128]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

"H2O"="C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]

"Resume copy"="copyfstq.exe" [2007-10-15 19:29 73728 C:\WINDOWS\copyfstq.exe]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"44828471"="C:\WINDOWS\system32\pexgkrww.dll" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-10 16:16:37 113664]

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2007-06-01 17:45:04 24576]

M-Audio Ozone Control Panel Launcher.lnk - C:\Programfiler\M-Audio Ozone\OZTask.exe [2003-01-31 19:34:50 98304]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi2"= usbnz1x1.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Dell Network Assistant\\ezi_hnm2.exe"=

"C:\\Programfiler\\Dell\\MediaDirect\\PCMService.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\BitComet\\BitComet.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

"15267:TCP"= 15267:TCP:BitComet 15267 TCP

"15267:UDP"= 15267:UDP:BitComet 15267 UDP

"22321:TCP"= 22321:TCP:BitComet 22321 TCP

"22321:UDP"= 22321:UDP:BitComet 22321 UDP

 

R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]

S3 ma763008;M-Audio Ozone;C:\WINDOWS\system32\drivers\MA763008.sys [2007-08-05 17:42]

S3 MADFU008;MADFU008;C:\WINDOWS\system32\DRIVERS\MADFU008.sys [2007-08-05 17:42]

S3 USBNZ1X1;M-Audio Ozone Midi;C:\WINDOWS\system32\drivers\usbnz1x1.sys [2007-08-05 17:42]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

*Newly Created Service* - AD-WATCH_REAL-TIME_SCANNER

*Newly Created Service* - AD-WATCH_REGISTRY_FILTER

.

Contents of the 'Scheduled Tasks' folder

"2008-04-19 14:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-04-25 01:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"

- C:\Programfiler\RegClean\RegClean.ex

- C:\Programfiler\RegClea

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-29 19:50:59

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Intel\Wireless\Bin\WLKEEPER.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Documents and Settings\All Users\Programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\Programfiler\Dell Network Assistant\hnm_svc.exe

C:\Programfiler\M-Audio Ozone\Install\ozinst.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\verclsid.exe

.

**************************************************************************

.

Completion time: 2008-04-29 19:54:30 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-29 17:54:26

 

Pre-Run: 10,136,899,584 byte ledig

Post-Run: 10,070,020,096 byte ledig

 

165 --- E O F --- 2008-04-11 05:49:40 [/skjult]

 

 

 

 

 

 

 

Her er SAS logg:

 

 

[skjult]

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/29/2008 at 07:20 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3450

Trace Rules Database Version: 1442

 

Scan type : Complete Scan

Total Scan Time : 00:20:37

 

Memory items scanned : 679

Memory threats detected : 4

Registry items scanned : 5328

Registry threats detected : 10

File items scanned : 12661

File threats detected : 4

 

Trojan.Vundo-Variant/F

C:\WINDOWS\SYSTEM32\AWTROFDE.DLL

C:\WINDOWS\SYSTEM32\AWTROFDE.DLL

C:\WINDOWS\SYSTEM32\PEXGKRWW.DLL

C:\WINDOWS\SYSTEM32\PEXGKRWW.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}

HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}

HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}\InprocServer32

HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awtrOfde

 

Adware.Vundo Variant/Resident

C:\WINDOWS\SYSTEM32\PMNKLJHB.DLL

C:\WINDOWS\SYSTEM32\PMNKLJHB.DLL

 

Trojan.Downloader-NewJuan/VM

C:\WINDOWS\SYSTEM32\YMREGJQD.DLL

C:\WINDOWS\SYSTEM32\YMREGJQD.DLL

 

Adware.Vundo-Variant

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73B4F597-4145-4299-9D14-8C7C3E7A5C32}

HKCR\CLSID\{73B4F597-4145-4299-9D14-8C7C3E7A5C32}

HKCR\CLSID\{73B4F597-4145-4299-9D14-8C7C3E7A5C32}\InprocServer32

HKCR\CLSID\{73B4F597-4145-4299-9D14-8C7C3E7A5C32}\InprocServer32#ThreadingModel [/skjult]

 

 

 

 

og til sist hijackthis loggen:

 

[skjult]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:00:16, on 29.04.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Documents and Settings\All Users\Programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\Programfiler\Dell Network Assistant\hnm_svc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\M-Audio Ozone\Install\Ozinst.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\Dell\QuickSet\quickset.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programfiler\Dell\MediaDirect\PCMService.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Digital Line Detect\DLG.exe

C:\Programfiler\M-Audio Ozone\OZTask.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Ola Håkon\Skrivebord\HiJackThis\test.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=6070601

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=no&s=gen

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=6070601

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.no/ig/dell?hl=no&cli...amp;ibd=6070601

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: {eec5ed83-4d73-7128-9634-1766dc206099} - {990602cd-6671-4369-8217-37d438de5cee} - C:\WINDOWS\system32\ymregjqd.dll (file missing)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Ad-Watch] C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [44828471] rundll32.exe "C:\WINDOWS\system32\pexgkrww.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Programfiler\M-Audio Ozone\OZTask.exe

O8 - Extra context menu item: Download all links using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programfiler\Dell Network Assistant\hnm_svc.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: Ozone Installer (OzoneInstallerService) - Nemesis - C:\Programfiler\M-Audio Ozone\Install\Ozinst.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 9443 bytes [/skjult]

Endret av kong_haakon
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O2 - BHO: {eec5ed83-4d73-7128-9634-1766dc206099} - {990602cd-6671-4369-8217-37d438de5cee} - C:\WINDOWS\system32\ymregjqd.dll (file missing)

O4 - HKLM\..\Run: [44828471] rundll32.exe "C:\WINDOWS\system32\pexgkrww.dll",b

 

Bruk utforsker til å finne og slette følgende fil (i fet skrift):

C:\WINDOWS\BM47b1b7ed.xml

 

Ut over dette ser loggene fine ut. Hvordan kjører PC-en?

Lenke til kommentar
kong_haakon

kong_haakon

Skrevet
  • Forfatter
Skrevet
Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O2 - BHO: {eec5ed83-4d73-7128-9634-1766dc206099} - {990602cd-6671-4369-8217-37d438de5cee} - C:\WINDOWS\system32\ymregjqd.dll (file missing)

O4 - HKLM\..\Run: [44828471] rundll32.exe "C:\WINDOWS\system32\pexgkrww.dll",b

 

Bruk utforsker til å finne og slette følgende fil (i fet skrift):

C:\WINDOWS\BM47b1b7ed.xml

 

Ut over dette ser loggene fine ut. Hvordan kjører PC-en?

 

 

 

 

 

 

Nå er det som en drøm her i forhold til i stad ihvertfall!

 

Tusen hjertelig takk for hjelpen!! Magisk!

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet (endret)

Du kan godt oppdatere til IE 7 (vil tro du har mulighet til å få den gjennom windows update).

 

Du kan også avinstallere combofix. Det gjøres ved å skrive combofix /u fra kjør-feltet (start->kjør)

Dette nullstiller også systemgjenopprettingen slik at du ikke blir infisert ved en evt. systemgjenoppretting senere.

 

Surf trygt.

Endret av norbat
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...