Gjest Bruker-95147 Skrevet 19. mai 2008 Del Skrevet 19. mai 2008 (endret) Heisann! Har fått et eller annet dritt som gradvis tar over kontrollen med maskinen. Det begynte for et par dager siden, og har som sagt blitt gradvist verre. Nå styrer den hvilke sider som browser skal vise (Opera), samt har låst autoupdate og antivirus og brannmur. Her er loggfilen, og håper såklart på kyndig hjelp fra noen av dere utdannete pcdoktorer. Logfile of HijackThis v1.99.1 Scan saved at 16:36:47, on 19.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Norman\npm\bin\nvoy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Launch Manager\CtrlVol.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\ltmoh\Ltmoh.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\VIAudioi\SBADeck\ADeck.exe C:\Documents and Settings\Bruker\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\limewire\limewire.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\unzipped\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file) O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [salestart] "C:\Programfiler\Fellesfiler\MinneSparere\strpmon.exe" dm=http://minnesparere.com ad=http://minnesparere.com sd=http://gehrig.minnesparere.com O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AudioDeck] C:\Programfiler\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Bruker\svchost.exe O4 - HKLM\..\Run: [20c25f53] rundll32.exe "C:\WINDOWS\system32\weaybtyv.dll",b O4 - HKLM\..\Run: [bM23f16ccf] Rundll32.exe "C:\WINDOWS\system32\gaciaket.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &ieSpell Options - res://C:\Programfiler\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Check &Spelling - res://C:\Programfiler\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Programfiler\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Programfiler\ieSpell\wikipedia.HTM O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programfiler\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programfiler\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programfiler\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programfiler\ieSpell\iespell.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Endret 20. mai 2008 av Bruker-95147 Lenke til kommentar
norbat Skrevet 19. mai 2008 Del Skrevet 19. mai 2008 (endret) Ja, du har litt malware, så kjør gjennom langversjonen i følgende tråd: https://www.diskusjon.no/index.php?showtopic=691246 Loggene det spørres etter, poster du her i din egen tråd Edit: mulig Norman melder om noe suspect når du kjører combofix, men det er det bare å se bort ifra. Blir det problemer å kjøre combo, så slå av Norman midlertidig. Endret 19. mai 2008 av norbat Lenke til kommentar
Gjest Bruker-95147 Skrevet 20. mai 2008 Del Skrevet 20. mai 2008 Her følger loggene for SAS, Combofix og HJT. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/19/2008 at 07:24 PM Application Version : 4.0.1154 Core Rules Database Version : 3463 Trace Rules Database Version: 1454 Scan type : Complete Scan Total Scan Time : 00:38:40 Memory items scanned : 467 Memory threats detected : 5 Registry items scanned : 5450 Registry threats detected : 51 File items scanned : 23031 File threats detected : 15 Trojan.Vundo-Variant/Small-GEN C:\WINDOWS\SYSTEM32\EFCCURJI.DLL C:\WINDOWS\SYSTEM32\EFCCURJI.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4EA83634-0AC6-4F1B-AFD8-E80559AC1922} HKCR\CLSID\{4EA83634-0AC6-4F1B-AFD8-E80559AC1922} HKCR\CLSID\{4EA83634-0AC6-4F1B-AFD8-E80559AC1922}\InprocServer32 HKCR\CLSID\{4EA83634-0AC6-4F1B-AFD8-E80559AC1922}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A290466-39BD-419B-93DB-0E9599506654} HKCR\CLSID\{8A290466-39BD-419B-93DB-0E9599506654} HKCR\CLSID\{8A290466-39BD-419B-93DB-0E9599506654}\InprocServer32 HKCR\CLSID\{8A290466-39BD-419B-93DB-0E9599506654}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{8A290466-39BD-419B-93DB-0E9599506654} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\efcCuRjI Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\VTUOMJCY.DLL C:\WINDOWS\SYSTEM32\VTUOMJCY.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\WEFICVTQ.DLL C:\WINDOWS\SYSTEM32\WEFICVTQ.DLL Adware.Vundo-Variant/I C:\WINDOWS\SYSTEM32\WEAYBTYV.DLL C:\WINDOWS\SYSTEM32\GACIAKET.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053732c6-615e-4271-b176-b99276d21b38} HKCR\CLSID\{053732C6-615E-4271-B176-B99276D21B38} HKCR\CLSID\{053732C6-615E-4271-B176-B99276D21B38}\InprocServer32 HKCR\CLSID\{053732C6-615E-4271-B176-B99276D21B38}\InprocServer32#ThreadingModel C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E0D0954-9646-4A46-9FB4-1CB25C783F5F}\RP203\A0045944.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E0D0954-9646-4A46-9FB4-1CB25C783F5F}\RP204\A0045975.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E0D0954-9646-4A46-9FB4-1CB25C783F5F}\RP205\A0046028.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E0D0954-9646-4A46-9FB4-1CB25C783F5F}\RP205\A0046029.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E0D0954-9646-4A46-9FB4-1CB25C783F5F}\RP205\A0046031.DLL C:\WINDOWS\SYSTEM32\GACIAKET.DLL C:\WINDOWS\SYSTEM32\WEAYBTYV.DLL Adware.AdsSite HKLM\Software\Classes\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}#AppID HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\InprocServer32 HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\InprocServer32#ThreadingModel HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\ProgID HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\Programmable HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\TypeLib HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\VersionIndependentProgID C:\WINDOWS\SYSTEM32\ADSSITE_SIDEBAR.DLL HKLM\Software\Classes\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB} HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB} HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB} HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}#AppID HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\Implemented Categories HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\InprocServer32 HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\InprocServer32#ThreadingModel HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\ProgID HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\Programmable HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\TypeLib HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\VersionIndependentProgID HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} HKU\S-1-5-21-436374069-1592454029-725345543-1004\Software\Microsoft\Internet Explorer\Explorer Bars\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant#NoModify HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant#NoRepair HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant#DisplayIcon Adware.Tracking Cookie C:\Documents and Settings\Bruker\Cookies\bruker@clickbank[2].txt C:\Documents and Settings\Bruker\Cookies\bruker@adnetserver[1].txt Malware.LocusSoftware Inc/ConfidentSurf HKLM\Software\Microsoft\Windows\CurrentVersion\Run#Salestart [ "C:\Programfiler\Fellesfiler\MinneSparere\strpmon.exe" dm=http://minnesparere.com ad=http://minnesparere.com sd=http://gehrig.minnesparere.com ] Malware.LocusSoftware Inc/PCPrivacyTool HKLM\Software\Purchased Products HKLM\Software\Purchased Products\System Error Repair HKLM\Software\Purchased Products\System Error Repair#domain HKLM\Software\Purchased Products\System Error Repair#pname HKLM\Software\Purchased Products\System Error Repair#cname Trojan.Unclassified/SVCHost-Fake C:\DOCUMENTS AND SETTINGS\BRUKER\SVCHOST.EXE Adware.AdRotator/AdsSite C:\WINDOWS\SYSTEM32\ADSSITE_SIDEBAR_UNINSTALL.EXE ComboFix 08-05-15.3 - Bruker 2008-05-20 4:50:57.2 - NTFSx86 Running from: C:\Documents and Settings\Bruker\Mine dokumenter\Programmer\combofix\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\hmndjihn.ini C:\WINDOWS\system32\kwpkcobq.ini C:\WINDOWS\system32\vytbyaew.ini C:\WINDOWS\system32\ycJmoUtv.ini C:\WINDOWS\system32\ycJmoUtv.ini2 . ---- Previous Run ------- . C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\dFrnx05 C:\WINDOWS\system32\dFrnx05\dFrnx051080.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\pac.txt . ((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))) . 2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Programfiler\SUPERAntiSpyware 2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Documents and Settings\Bruker\Programdata\SUPERAntiSpyware.com 2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-05-19 18:42 . 2008-05-19 18:42 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-19 18:37 . 2008-05-19 18:37 dr-h----- C:\Documents and Settings\Bruker\Siste 2008-05-19 14:44 . 2007-06-15 14:16 dr------- C:\Documents and Settings\Administrator\Start-meny 2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\Siste 2008-05-19 14:44 . 2007-06-15 14:16 dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-05-19 14:44 . 2007-06-15 13:33 d--h----- C:\Documents and Settings\Administrator\Maler 2008-05-19 14:44 . 2008-05-20 04:54 d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Favoritter 2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-05-19 14:44 . 2008-05-19 14:44 d-------- C:\Documents and Settings\Administrator 2008-05-19 14:44 . 2008-05-19 21:12 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG 2008-05-18 20:44 . 2008-05-19 14:35 109,846 --a------ C:\WINDOWS\BM23f16ccf.xml 2008-05-17 16:39 . 2008-05-17 17:10 d--hs---- C:\Documents and Settings\Bruker\! 2008-05-17 16:39 . 2008-05-17 16:39 0 --a------ C:\WINDOWS\system32\taskkill.exe 2008-05-17 16:38 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\emL1 2008-05-17 16:38 . 2008-05-18 18:35 d-------- C:\Programfiler\winvi 2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\rDA 2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\dbW 2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\3056v 2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\Temp\tmpvc14 2008-05-17 16:37 . 2008-05-19 21:49 d-------- C:\Temp 2008-05-17 16:12 . 2008-05-17 16:12 d-------- C:\Programfiler\Conduit 2008-05-17 16:11 . 2008-05-17 16:12 d-------- C:\Programfiler\Answers.com 2008-05-17 15:44 . 2008-05-17 15:44 d-------- C:\Programfiler\CCleaner 2008-05-08 11:13 . 2007-09-17 15:24 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr 2008-05-08 09:09 . 2008-01-23 15:01 42,552 --a------ C:\WINDOWS\system32\drivers\ale_nf.sys 2008-05-07 10:07 . 2008-05-07 10:07 d-------- C:\WINDOWS\system32\CatRoot_bak 2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\system32\no 2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\system32\bits 2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\l2schemas 2008-05-07 09:39 . 2007-10-25 18:44 8,466,432 --a------ C:\WINDOWS\system32\dllcache\shell32.dll 2008-05-07 09:38 . 2007-02-28 18:05 2,182,144 --a------ C:\WINDOWS\system32\ntoskrnl.exe 2008-05-07 09:22 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\005408_.tmp 2008-04-30 16:23 . 2008-04-30 16:25 d-------- C:\Documents and Settings\Bruker\Programdata\Windows Live Writer 2008-04-29 12:58 . 2008-04-29 12:58 d-------- C:\Documents and Settings\Bruker\Programdata\pdf995 2008-04-29 12:58 . 2008-04-29 12:58 28 --a------ C:\WINDOWS\pdf995.ini 2008-04-29 12:56 . 2008-04-29 12:56 d-------- C:\Programfiler\pdf995 2008-04-29 12:56 . 2008-04-29 12:59 d-------- C:\Documents and Settings\All Users\Programdata\pdf995 2008-04-29 12:56 . 2008-04-29 12:56 249,856 --a------ C:\WINDOWS\system32\pdfmona.dll 2008-04-29 12:56 . 2008-04-29 12:56 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll 2008-04-29 12:56 . 2008-04-29 12:59 59 --a------ C:\WINDOWS\wpd99.drv . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-19 19:50 --------- d-----w C:\Programfiler\Norman 2008-05-19 19:49 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-05-19 12:51 --------- d-----w C:\Documents and Settings\Bruker\Programdata\LimeWire 2008-05-19 12:33 --------- d-----w C:\Programfiler\Opera 2008-05-19 10:31 --------- d-----w C:\Programfiler\LimeWire 2008-05-19 07:26 --------- d-----w C:\Programfiler\Deirdra Kiai Productions 2008-05-16 03:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-05-08 07:10 5 ----a-w C:\NPF_USER.DAT 2008-04-29 10:21 --------- d-----w C:\Programfiler\Java 2008-04-14 16:23 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe 2008-03-28 15:13 --------- d-----w C:\Documents and Settings\Bruker\Programdata\mIRC 2008-03-28 15:11 --------- d-----w C:\Programfiler\mIRC 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "WinUpdater"="C:\Program Files\winvi\update.exe" [ ] "WebSUpdater"="C:\Program Files\winvi\wupda.exe" [ ] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2004-01-28 17:48 184320] "AGRSMMSG"="AGRSMMSG.exe" [2003-07-25 11:22 88363 C:\WINDOWS\AGRSMMSG.exe] "LtMoh"="C:\Programfiler\ltmoh\Ltmoh.exe" [2002-11-25 10:23 172032] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 10:25 7122944] "nwiz"="nwiz.exe" [2005-12-15 10:25 1519616 C:\WINDOWS\system32\nwiz.exe] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-12-17 14:37 273520] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "AudioDeck"="C:\Programfiler\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 17:44 7916032] "20c25f53"="C:\WINDOWS\system32\weaybtyv.dll" [ ] "BM23f16ccf"="C:\WINDOWS\system32\gaciaket.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360] C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\ Stardock ObjectDock.lnk - C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe [2007-06-26 16:30:17 3581680] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bruker^Start-meny^Programmer^Oppstart^OneNote 2007 Screen Clipper og Launcher.lnk] path=C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\OneNote 2007 Screen Clipper og Launcher.lnk backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] --a------ 2004-04-19 17:44 7916032 C:\Programfiler\VIAudioi\SBADeck\ADeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k] --a------ 2007-11-14 07:10 56325 C:\Documents and Settings\Bruker\Mine dokumenter\Programmer\Glass2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2007-08-22 12:25 1838592 C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp] --a------ 2004-08-06 14:04 32768 C:\Programfiler\Launch Manager\LaunchAp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2004-07-15 17:24 49152 C:\Programfiler\Launch Manager\HotkeyApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD] --a------ 2004-08-06 13:30 49152 C:\Programfiler\Launch Manager\OSDCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2007-10-23 23:18 443968 C:\Programfiler\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey] --a------ 2002-08-30 15:02 94208 C:\Programfiler\Launch Manager\PowerKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton] --a------ 2004-08-13 22:40 73728 C:\Programfiler\Launch Manager\Wbutton.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2008-01-24 11:23] R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R1 NPROSEC;Norman Security driver;C:\Programfiler\Norman\Ngs\bin\nprosec.sys [2007-09-06 08:37] R1 TDI_RD;Norman Firewall TDI driver;C:\WINDOWS\system32\drivers\tdi_rd.sys [2007-05-14 10:51] R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 11:55] R2 NPFSvc32;Norman Personal Firewall Service;"C:\Programfiler\Norman\npf\bin\npfsvc32.exe" [2008-01-28 10:21] R2 NPROSECSVC;Norman Security service;"C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE" [2007-11-27 15:13] R2 NVOY;Norman's Very Own supplY of resources;"C:\Programfiler\Norman\npm\bin\nvoy.exe" [2008-01-22 15:04] R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-03-29 17:23] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56] R3 nvcoas;Norman Virus Control on-access component;"C:\Programfiler\Norman\Nvc\bin\nvcoas.exe" [2007-12-10 14:36] R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 11:41] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 POWERKEY;POWERKEY;C:\Programfiler\Launch Manager\POWERKEY.sys [2000-12-19 18:29] . Contents of the 'Scheduled Tasks' folder "2008-05-19 21:04:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE "2008-05-20 02:55:04 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EE815CFE-AB85-41DC-AA6C-CB93C7D1DBAC}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-20 04:55:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-20 4:58:07 ComboFix-quarantined-files.txt 2008-05-20 02:58:03 Pre-Run: 14,761,803,776 byte ledig Post-Run: 14,986,469,376 byte ledig 210 --- E O F --- 2008-05-19 19:49:40 Logfile of HijackThis v1.99.1 Scan saved at 05:37:45, on 20.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Norman\npm\bin\nvoy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Launch Manager\CtrlVol.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\ltmoh\Ltmoh.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\Programfiler\VIAudioi\SBADeck\ADeck.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\Opera\Opera.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\unzipped\hijackthis\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file) O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AudioDeck] C:\Programfiler\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [20c25f53] rundll32.exe "C:\WINDOWS\system32\weaybtyv.dll",b O4 - HKLM\..\Run: [bM23f16ccf] Rundll32.exe "C:\WINDOWS\system32\gaciaket.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &ieSpell Options - res://C:\Programfiler\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Check &Spelling - res://C:\Programfiler\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Programfiler\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Programfiler\ieSpell\wikipedia.HTM O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programfiler\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programfiler\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programfiler\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programfiler\ieSpell\iespell.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Lenke til kommentar
r2d290 Skrevet 20. mai 2008 Del Skrevet 20. mai 2008 (endret) Før vi fortsetter: combofix.exe skulle kjøres fra skrivebordet. Last ned combofix.exe på nytt, og lagre den på skrivebordet. kjør ny runde med combofix. Endret 20. mai 2008 av r2d290 Lenke til kommentar
Gjest Bruker-95147 Skrevet 20. mai 2008 Del Skrevet 20. mai 2008 (endret) Fillern! Her er ny logg: Edit: Dobbelt fillern!! Skulle vel kanskje ta en ny HJT også ...? Kommer snarligen tilbake! Klikk for å se/fjerne spoilerteksten nedenfor ComboFix 08-05-19.4 - Bruker 2008-05-20 7:31:59.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.266 [GMT 2:00] Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))) . 2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Programfiler\SUPERAntiSpyware 2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Documents and Settings\Bruker\Programdata\SUPERAntiSpyware.com 2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-05-19 18:42 . 2008-05-19 18:42 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-19 18:37 . 2008-05-20 05:33 dr-h----- C:\Documents and Settings\Bruker\Siste 2008-05-19 14:44 . 2007-06-15 14:16 dr------- C:\Documents and Settings\Administrator\Start-meny 2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\Siste 2008-05-19 14:44 . 2007-06-15 14:16 dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-05-19 14:44 . 2007-06-15 13:33 d--h----- C:\Documents and Settings\Administrator\Maler 2008-05-19 14:44 . 2008-05-20 07:34 d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Favoritter 2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-05-19 14:44 . 2008-05-19 14:44 d-------- C:\Documents and Settings\Administrator 2008-05-19 14:44 . 2008-05-20 07:31 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG 2008-05-18 20:44 . 2008-05-19 14:35 109,846 --a------ C:\WINDOWS\BM23f16ccf.xml 2008-05-17 16:39 . 2008-05-17 17:10 d--hs---- C:\Documents and Settings\Bruker\! 2008-05-17 16:39 . 2008-05-17 16:39 0 --a------ C:\WINDOWS\system32\taskkill.exe 2008-05-17 16:38 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\emL1 2008-05-17 16:38 . 2008-05-18 18:35 d-------- C:\Programfiler\winvi 2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\rDA 2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\dbW 2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\3056v 2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\Temp\tmpvc14 2008-05-17 16:37 . 2008-05-19 21:49 d-------- C:\Temp 2008-05-17 16:12 . 2008-05-17 16:12 d-------- C:\Programfiler\Conduit 2008-05-17 16:11 . 2008-05-17 16:12 d-------- C:\Programfiler\Answers.com 2008-05-17 15:44 . 2008-05-17 15:44 d-------- C:\Programfiler\CCleaner 2008-05-08 11:13 . 2007-09-17 15:24 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr 2008-05-08 09:09 . 2008-01-23 15:01 42,552 --a------ C:\WINDOWS\system32\drivers\ale_nf.sys 2008-05-07 10:07 . 2008-05-07 10:07 d-------- C:\WINDOWS\system32\CatRoot_bak 2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\system32\no 2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\system32\bits 2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\l2schemas 2008-05-07 09:39 . 2007-10-25 18:44 8,466,432 --a------ C:\WINDOWS\system32\dllcache\shell32.dll 2008-05-07 09:38 . 2007-02-28 18:05 2,182,144 --a------ C:\WINDOWS\system32\ntoskrnl.exe 2008-05-07 09:22 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS Endret 20. mai 2008 av Bruker-95147 Lenke til kommentar
Gjest Bruker-95147 Skrevet 20. mai 2008 Del Skrevet 20. mai 2008 (endret) Flott med dobbeltposter ... Edit: Tok en omstart og fikk disse tre feilmeldingene: "apfwiz.exe har et problem og må lukkes", og "feil ved innlasting av c:\windows.sys32\gaciaket.dll" og "weaybtyv.dll". Klikk for å se/fjerne spoilerteksten nedenforLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:49:41, on 20.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Norman\npm\bin\nvoy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Launch Manager\CtrlVol.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\ltmoh\Ltmoh.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\Programfiler\VIAudioi\SBADeck\ADeck.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Norman\npf\bin\npfuser.exe C:\programfiler\opera\opera.exe C:\Documents and Settings\Bruker\Skrivebord\Ny mappe\test.exe.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file) O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AudioDeck] C:\Programfiler\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [20c25f53] rundll32.exe "C:\WINDOWS\system32\weaybtyv.dll",b O4 - HKLM\..\Run: [bM23f16ccf] Rundll32.exe "C:\WINDOWS\system32\gaciaket.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &ieSpell Options - res://C:\Programfiler\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Check &Spelling - res://C:\Programfiler\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Programfiler\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Programfiler\ieSpell\wikipedia.HTM O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programfiler\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programfiler\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programfiler\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programfiler\ieSpell\iespell.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 10014 bytes Endret 20. mai 2008 av Bruker-95147 Lenke til kommentar
r2d290 Skrevet 20. mai 2008 Del Skrevet 20. mai 2008 (endret) Hmm, er ikke helt bra enda. Mangler siste delen av combofix, men jeg er litt usikker på om det kommer til å bli noen forandring i forhold til den første loggen du postet (den første posten er komplett). Kan kanskje vente til en av de andre kommer inn og sier om det trengs enda en ny logg. Et tips for å full logg, kan være å slette c:/combofix.txt og deretter restarte maskinen, og så kjøre combofix på nytt. Du kan gjøre det hvis du føler for det, og poste ny combofix-logg. trenger ikke noen hijackthis-logg etter at du har fått til combofix. Combofix skal avslutte med ---EOF--- (end of file) og det ser du at den første combofix-loggen din har. edit: første du gjør, er selvsagt å se at problemet ikke bare var at du glemte å markere hele teksten (bruk ctrl+a) Endret 20. mai 2008 av r2d290 Lenke til kommentar
Gjest Bruker-95147 Skrevet 20. mai 2008 Del Skrevet 20. mai 2008 (endret) Gjør som du foreslår! Edit: Her er forhåpentligvis en fullstendig logg: ComboFix 08-05-19.4 - Bruker 2008-05-20 8:24:17.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.108 [GMT 2:00] Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))) . 2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Programfiler\SUPERAntiSpyware 2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Documents and Settings\Bruker\Programdata\SUPERAntiSpyware.com 2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-05-19 18:42 . 2008-05-19 18:42 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-19 18:37 . 2008-05-20 08:17 dr-h----- C:\Documents and Settings\Bruker\Siste 2008-05-19 14:44 . 2007-06-15 14:16 dr------- C:\Documents and Settings\Administrator\Start-meny 2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\Siste 2008-05-19 14:44 . 2007-06-15 14:16 dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-05-19 14:44 . 2007-06-15 13:33 d--h----- C:\Documents and Settings\Administrator\Maler 2008-05-19 14:44 . 2008-05-20 08:28 d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Favoritter 2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-05-19 14:44 . 2008-05-19 14:44 d-------- C:\Documents and Settings\Administrator 2008-05-19 14:44 . 2008-05-20 07:31 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG 2008-05-18 20:44 . 2008-05-19 14:35 109,846 --a------ C:\WINDOWS\BM23f16ccf.xml 2008-05-17 16:39 . 2008-05-17 17:10 d--hs---- C:\Documents and Settings\Bruker\! 2008-05-17 16:39 . 2008-05-17 16:39 0 --a------ C:\WINDOWS\system32\taskkill.exe 2008-05-17 16:38 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\emL1 2008-05-17 16:38 . 2008-05-18 18:35 d-------- C:\Programfiler\winvi 2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\rDA 2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\dbW 2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\3056v 2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\Temp\tmpvc14 2008-05-17 16:37 . 2008-05-19 21:49 d-------- C:\Temp 2008-05-17 16:12 . 2008-05-17 16:12 d-------- C:\Programfiler\Conduit 2008-05-17 16:11 . 2008-05-17 16:12 d-------- C:\Programfiler\Answers.com 2008-05-17 15:44 . 2008-05-17 15:44 d-------- C:\Programfiler\CCleaner 2008-05-08 11:13 . 2007-09-17 15:24 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr 2008-05-08 09:09 . 2008-01-23 15:01 42,552 --a------ C:\WINDOWS\system32\drivers\ale_nf.sys 2008-05-07 10:07 . 2008-05-07 10:07 d-------- C:\WINDOWS\system32\CatRoot_bak 2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\system32\no 2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\system32\bits 2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\l2schemas 2008-05-07 09:39 . 2007-10-25 18:44 8,466,432 --a------ C:\WINDOWS\system32\dllcache\shell32.dll 2008-05-07 09:38 . 2007-02-28 18:05 2,182,144 --a------ C:\WINDOWS\system32\ntoskrnl.exe 2008-05-07 09:22 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\005408_.tmp 2008-04-30 16:23 . 2008-04-30 16:25 d-------- C:\Documents and Settings\Bruker\Programdata\Windows Live Writer 2008-04-29 12:58 . 2008-04-29 12:58 d-------- C:\Documents and Settings\Bruker\Programdata\pdf995 2008-04-29 12:58 . 2008-04-29 12:58 28 --a------ C:\WINDOWS\pdf995.ini 2008-04-29 12:56 . 2008-04-29 12:56 d-------- C:\Programfiler\pdf995 2008-04-29 12:56 . 2008-04-29 12:59 d-------- C:\Documents and Settings\All Users\Programdata\pdf995 2008-04-29 12:56 . 2008-04-29 12:56 249,856 --a------ C:\WINDOWS\system32\pdfmona.dll 2008-04-29 12:56 . 2008-04-29 12:56 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll 2008-04-29 12:56 . 2008-04-29 12:59 59 --a------ C:\WINDOWS\wpd99.drv . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-20 06:21 --------- d-----w C:\Programfiler\Norman 2008-05-19 19:49 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-05-19 12:51 --------- d-----w C:\Documents and Settings\Bruker\Programdata\LimeWire 2008-05-19 12:33 --------- d-----w C:\Programfiler\Opera 2008-05-19 10:31 --------- d-----w C:\Programfiler\LimeWire 2008-05-19 07:26 --------- d-----w C:\Programfiler\Deirdra Kiai Productions 2008-05-16 03:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-05-08 07:10 5 ----a-w C:\NPF_USER.DAT 2008-04-29 10:21 --------- d-----w C:\Programfiler\Java 2008-04-14 16:23 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe 2008-03-28 15:13 --------- d-----w C:\Documents and Settings\Bruker\Programdata\mIRC 2008-03-28 15:11 --------- d-----w C:\Programfiler\mIRC 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-20_ 4.57.45.54 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-19 19:50:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-20 06:21:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-19 19:56:10 59,978 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-05-20 06:27:22 59,978 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-05-19 19:56:10 68,272 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-05-20 06:27:23 68,272 ----a-w C:\WINDOWS\system32\perfc014.dat - 2008-05-19 19:56:10 397,758 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-05-20 06:27:23 397,758 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-05-19 19:56:10 402,016 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-05-20 06:27:23 402,016 ----a-w C:\WINDOWS\system32\perfh014.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "WinUpdater"="C:\Program Files\winvi\update.exe" [ ] "WebSUpdater"="C:\Program Files\winvi\wupda.exe" [ ] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2004-01-28 17:48 184320] "AGRSMMSG"="AGRSMMSG.exe" [2003-07-25 11:22 88363 C:\WINDOWS\AGRSMMSG.exe] "LtMoh"="C:\Programfiler\ltmoh\Ltmoh.exe" [2002-11-25 10:23 172032] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 10:25 7122944] "nwiz"="nwiz.exe" [2005-12-15 10:25 1519616 C:\WINDOWS\system32\nwiz.exe] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-12-17 14:37 273520] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "AudioDeck"="C:\Programfiler\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 17:44 7916032] "20c25f53"="C:\WINDOWS\system32\weaybtyv.dll" [ ] "BM23f16ccf"="C:\WINDOWS\system32\gaciaket.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360] C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\ Stardock ObjectDock.lnk - C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe [2007-06-26 16:30:17 3581680] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bruker^Start-meny^Programmer^Oppstart^OneNote 2007 Screen Clipper og Launcher.lnk] path=C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\OneNote 2007 Screen Clipper og Launcher.lnk backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] --a------ 2004-04-19 17:44 7916032 C:\Programfiler\VIAudioi\SBADeck\ADeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k] --a------ 2007-11-14 07:10 56325 C:\Documents and Settings\Bruker\Mine dokumenter\Programmer\Glass2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2007-08-22 12:25 1838592 C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp] --a------ 2004-08-06 14:04 32768 C:\Programfiler\Launch Manager\LaunchAp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2004-07-15 17:24 49152 C:\Programfiler\Launch Manager\HotkeyApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD] --a------ 2004-08-06 13:30 49152 C:\Programfiler\Launch Manager\OSDCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2007-10-23 23:18 443968 C:\Programfiler\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey] --a------ 2002-08-30 15:02 94208 C:\Programfiler\Launch Manager\PowerKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton] --a------ 2004-08-13 22:40 73728 C:\Programfiler\Launch Manager\Wbutton.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2008-01-24 11:23] R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R1 NPROSEC;Norman Security driver;C:\Programfiler\Norman\Ngs\bin\nprosec.sys [2007-09-06 08:37] R1 TDI_RD;Norman Firewall TDI driver;C:\WINDOWS\system32\drivers\tdi_rd.sys [2007-05-14 10:51] R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 11:55] R2 NPFSvc32;Norman Personal Firewall Service;"C:\Programfiler\Norman\npf\bin\npfsvc32.exe" [2008-01-28 10:21] R2 NPROSECSVC;Norman Security service;"C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE" [2007-11-27 15:13] R2 NVOY;Norman's Very Own supplY of resources;"C:\Programfiler\Norman\npm\bin\nvoy.exe" [2008-01-22 15:04] R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-03-29 17:23] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56] R3 nvcoas;Norman Virus Control on-access component;"C:\Programfiler\Norman\Nvc\bin\nvcoas.exe" [2007-12-10 14:36] R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 11:41] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 POWERKEY;POWERKEY;C:\Programfiler\Launch Manager\POWERKEY.sys [2000-12-19 18:29] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-05-20 06:04:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE "2008-05-20 06:30:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EE815CFE-AB85-41DC-AA6C-CB93C7D1DBAC}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-20 08:28:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Programfiler\Stardock\ObjectDock\DockShellHook.dll . Completion time: 2008-05-20 8:32:33 ComboFix-quarantined-files.txt 2008-05-20 06:32:24 ComboFix2.txt 2008-05-20 02:58:08 Pre-Run: 14,939,402,240 byte ledig Post-Run: 14,929,010,688 byte ledig 211 --- E O F --- 2008-05-19 19:49:40 Endret 20. mai 2008 av Bruker-95147 Lenke til kommentar
r2d290 Skrevet 20. mai 2008 Del Skrevet 20. mai 2008 Fint Du får respons iløpet av dagen... Lenke til kommentar
norbat Skrevet 20. mai 2008 Del Skrevet 20. mai 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: R3 - URLSearchHook: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file) O3 - Toolbar: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file) O4 - HKLM\..\Run: [20c25f53] rundll32.exe "C:\WINDOWS\system32\weaybtyv.dll",b O4 - HKLM\..\Run: [bM23f16ccf] Rundll32.exe "C:\WINDOWS\system32\gaciaket.dll",s O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background Hvis du ikke selv har satt noen restriksjoner i IE, så fixer du følgende to linjer også: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present Bruk utforsker til å finne og slett følgende fil: C:\WINDOWS\BM23f16ccf.xml Ut over dette ser ting og tang fint ut. Hvordan kjører PC-en? Lenke til kommentar
Gjest Bruker-95147 Skrevet 20. mai 2008 Del Skrevet 20. mai 2008 Fulgte disse siste rådene, og nå går maskinen som ei klokke. Tusen takk for hjelpen! Dere burde vært belagt med formstyrets eget bladgull! Kjempefine hjelpetråder som dere har lagd, og det på en slik måte at selv et gammelt fossil lærer noe. Ha en fortreffelig dag! Lenke til kommentar
r2d290 Skrevet 20. mai 2008 Del Skrevet 20. mai 2008 (endret) Hehe, fint at det løste seg Du kan nå avinstallere combofix: start->kjør skriv: combofix /u dette vil avinstallere combofix, slette midlertidige filer, og nullstille gjennoprettingsmappa di (så du kan gjenoprette til et tidspunkt der pc-en er ren). Til slutt: skriv rediger emnetittelen din. Rediger førsteinlegget ditt, og trykk "full redigering". skriv: [LØST] foran emnetittelen din (går ut ifra at du vet hvordan du gjør dette, men en viktig ting kan ikke sies for ofte ) edit: behold SAS, hold det oppdatert og kjør det av og til. ser at den slettet ganske mye... Endret 20. mai 2008 av r2d290 Lenke til kommentar
Gjest Bruker-95147 Skrevet 20. mai 2008 Del Skrevet 20. mai 2008 Utført! Takk igjen! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå