Gå til innhold

(LØST)Har fått en liten bug som tar over maskinen.

Gjest Bruker-95147

Av Gjest Bruker-95147
i IKT-drift og sikkerhet

Anbefalte innlegg

Gjest Bruker-95147

Gjest Bruker-95147

Skrevet
Skrevet (endret)

Heisann! Har fått et eller annet dritt som gradvis tar over kontrollen med maskinen. Det begynte for et par dager siden, og har som sagt blitt gradvist verre. Nå styrer den hvilke sider som browser skal vise (Opera), samt har låst autoupdate og antivirus og brannmur.

 

Her er loggfilen, og håper såklart på kyndig hjelp fra noen av dere utdannete pcdoktorer.

 

Logfile of HijackThis v1.99.1

Scan saved at 16:36:47, on 19.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE

C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Norman\Npm\Bin\Zanda.exe

C:\Programfiler\Norman\npm\bin\nvoy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Norman\npf\bin\npfsvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE

C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Launch Manager\CtrlVol.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\ltmoh\Ltmoh.exe

C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\Norman\Npm\bin\ZLH.EXE

C:\Programfiler\Norman\Nvc\BIN\NIP.EXE

C:\Programfiler\VIAudioi\SBADeck\ADeck.exe

C:\Documents and Settings\Bruker\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Programfiler\Norman\Nvc\bin\cclaw.exe

C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\msiexec.exe

C:\Programfiler\Opera\Opera.exe

C:\Programfiler\limewire\limewire.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\unzipped\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O3 - Toolbar: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file)

O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [salestart] "C:\Programfiler\Fellesfiler\MinneSparere\strpmon.exe" dm=http://minnesparere.com ad=http://minnesparere.com sd=http://gehrig.minnesparere.com

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AudioDeck] C:\Programfiler\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Bruker\svchost.exe

O4 - HKLM\..\Run: [20c25f53] rundll32.exe "C:\WINDOWS\system32\weaybtyv.dll",b

O4 - HKLM\..\Run: [bM23f16ccf] Rundll32.exe "C:\WINDOWS\system32\gaciaket.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background

O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background

O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &ieSpell Options - res://C:\Programfiler\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Check &Spelling - res://C:\Programfiler\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Programfiler\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Programfiler\ieSpell\wikipedia.HTM

O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programfiler\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programfiler\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programfiler\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programfiler\ieSpell\iespell.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe

O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE

O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Endret av Bruker-95147
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet (endret)

Ja, du har litt malware, så kjør gjennom langversjonen i følgende tråd: https://www.diskusjon.no/index.php?showtopic=691246

 

Loggene det spørres etter, poster du her i din egen tråd :)

 

Edit: mulig Norman melder om noe suspect når du kjører combofix, men det er det bare å se bort ifra. Blir det problemer å kjøre combo, så slå av Norman midlertidig.

Endret av norbat
Lenke til kommentar
Gjest Bruker-95147

Gjest Bruker-95147

Skrevet
Skrevet

Her følger loggene for SAS, Combofix og HJT.

 

 

 

 

SUPERAntiSpyware Scan Log

 

http://www.superantispyware.com

 

 

 

Generated 05/19/2008 at 07:24 PM

 

 

 

Application Version : 4.0.1154

 

 

 

Core Rules Database Version : 3463

 

Trace Rules Database Version: 1454

 

 

 

Scan type : Complete Scan

 

Total Scan Time : 00:38:40

 

 

 

Memory items scanned : 467

 

Memory threats detected : 5

 

Registry items scanned : 5450

 

Registry threats detected : 51

 

File items scanned : 23031

 

File threats detected : 15

 

 

 

Trojan.Vundo-Variant/Small-GEN

 

C:\WINDOWS\SYSTEM32\EFCCURJI.DLL

 

C:\WINDOWS\SYSTEM32\EFCCURJI.DLL

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4EA83634-0AC6-4F1B-AFD8-E80559AC1922}

 

HKCR\CLSID\{4EA83634-0AC6-4F1B-AFD8-E80559AC1922}

 

HKCR\CLSID\{4EA83634-0AC6-4F1B-AFD8-E80559AC1922}\InprocServer32

 

HKCR\CLSID\{4EA83634-0AC6-4F1B-AFD8-E80559AC1922}\InprocServer32#ThreadingModel

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A290466-39BD-419B-93DB-0E9599506654}

 

HKCR\CLSID\{8A290466-39BD-419B-93DB-0E9599506654}

 

HKCR\CLSID\{8A290466-39BD-419B-93DB-0E9599506654}\InprocServer32

 

HKCR\CLSID\{8A290466-39BD-419B-93DB-0E9599506654}\InprocServer32#ThreadingModel

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{8A290466-39BD-419B-93DB-0E9599506654}

 

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\efcCuRjI

 

 

 

Adware.Vundo Variant/Resident

 

C:\WINDOWS\SYSTEM32\VTUOMJCY.DLL

 

C:\WINDOWS\SYSTEM32\VTUOMJCY.DLL

 

 

 

Trojan.Downloader-NewJuan/VM

 

C:\WINDOWS\SYSTEM32\WEFICVTQ.DLL

 

C:\WINDOWS\SYSTEM32\WEFICVTQ.DLL

 

 

 

Adware.Vundo-Variant/I

 

C:\WINDOWS\SYSTEM32\WEAYBTYV.DLL

 

C:\WINDOWS\SYSTEM32\GACIAKET.DLL

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053732c6-615e-4271-b176-b99276d21b38}

 

HKCR\CLSID\{053732C6-615E-4271-B176-B99276D21B38}

 

HKCR\CLSID\{053732C6-615E-4271-B176-B99276D21B38}\InprocServer32

 

HKCR\CLSID\{053732C6-615E-4271-B176-B99276D21B38}\InprocServer32#ThreadingModel

 

C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E0D0954-9646-4A46-9FB4-1CB25C783F5F}\RP203\A0045944.DLL

 

C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E0D0954-9646-4A46-9FB4-1CB25C783F5F}\RP204\A0045975.DLL

 

C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E0D0954-9646-4A46-9FB4-1CB25C783F5F}\RP205\A0046028.DLL

 

C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E0D0954-9646-4A46-9FB4-1CB25C783F5F}\RP205\A0046029.DLL

 

C:\SYSTEM VOLUME INFORMATION\_RESTORE{2E0D0954-9646-4A46-9FB4-1CB25C783F5F}\RP205\A0046031.DLL

 

C:\WINDOWS\SYSTEM32\GACIAKET.DLL

 

C:\WINDOWS\SYSTEM32\WEAYBTYV.DLL

 

 

 

Adware.AdsSite

 

HKLM\Software\Classes\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}

 

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}

 

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}

 

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}#AppID

 

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\InprocServer32

 

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\InprocServer32#ThreadingModel

 

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\ProgID

 

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\Programmable

 

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\TypeLib

 

HKCR\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}\VersionIndependentProgID

 

C:\WINDOWS\SYSTEM32\ADSSITE_SIDEBAR.DLL

 

HKLM\Software\Classes\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}

 

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}

 

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}

 

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}#AppID

 

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\Implemented Categories

 

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\Implemented Categories\{00021493-0000-0000-C000-000000000046}

 

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\InprocServer32

 

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\InprocServer32#ThreadingModel

 

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\ProgID

 

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\Programmable

 

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\TypeLib

 

HKCR\CLSID\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}\VersionIndependentProgID

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}

 

HKU\S-1-5-21-436374069-1592454029-725345543-1004\Software\Microsoft\Internet Explorer\Explorer Bars\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant#DisplayName

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant#UninstallString

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant#NoModify

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant#NoRepair

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant#DisplayVersion

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant#DisplayIcon

 

 

 

Adware.Tracking Cookie

 

C:\Documents and Settings\Bruker\Cookies\bruker@clickbank[2].txt

 

C:\Documents and Settings\Bruker\Cookies\bruker@adnetserver[1].txt

 

 

 

Malware.LocusSoftware Inc/ConfidentSurf

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run#Salestart [ "C:\Programfiler\Fellesfiler\MinneSparere\strpmon.exe" dm=http://minnesparere.com ad=http://minnesparere.com sd=http://gehrig.minnesparere.com ]

 

 

 

Malware.LocusSoftware Inc/PCPrivacyTool

 

HKLM\Software\Purchased Products

 

HKLM\Software\Purchased Products\System Error Repair

 

HKLM\Software\Purchased Products\System Error Repair#domain

 

HKLM\Software\Purchased Products\System Error Repair#pname

 

HKLM\Software\Purchased Products\System Error Repair#cname

 

 

 

Trojan.Unclassified/SVCHost-Fake

 

C:\DOCUMENTS AND SETTINGS\BRUKER\SVCHOST.EXE

 

 

 

Adware.AdRotator/AdsSite

 

C:\WINDOWS\SYSTEM32\ADSSITE_SIDEBAR_UNINSTALL.EXE

 

 

 

 

 

ComboFix 08-05-15.3 - Bruker 2008-05-20 4:50:57.2 - NTFSx86

 

Running from: C:\Documents and Settings\Bruker\Mine dokumenter\Programmer\combofix\ComboFix.exe

 

* Resident AV is active

 

 

 

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

.

 

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

 

 

C:\WINDOWS\system32\hmndjihn.ini

 

C:\WINDOWS\system32\kwpkcobq.ini

 

C:\WINDOWS\system32\vytbyaew.ini

 

C:\WINDOWS\system32\ycJmoUtv.ini

 

C:\WINDOWS\system32\ycJmoUtv.ini2

 

.

 

---- Previous Run -------

 

.

 

C:\Temp\1cb

 

C:\Temp\1cb\syscheck.log

 

C:\WINDOWS\cookies.ini

 

C:\WINDOWS\pskt.ini

 

C:\WINDOWS\system32\dFrnx05

 

C:\WINDOWS\system32\dFrnx05\dFrnx051080.exe

 

C:\WINDOWS\system32\MSINET.oca

 

C:\WINDOWS\system32\pac.txt

 

 

 

.

 

((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))

 

.

 

 

 

2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Programfiler\SUPERAntiSpyware

 

2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Documents and Settings\Bruker\Programdata\SUPERAntiSpyware.com

 

2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

 

2008-05-19 18:42 . 2008-05-19 18:42 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

 

2008-05-19 18:37 . 2008-05-19 18:37 dr-h----- C:\Documents and Settings\Bruker\Siste

 

2008-05-19 14:44 . 2007-06-15 14:16 dr------- C:\Documents and Settings\Administrator\Start-meny

 

2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\Skrivere

 

2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Skrivebord

 

2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\Siste

 

2008-05-19 14:44 . 2007-06-15 14:16 dr-h----- C:\Documents and Settings\Administrator\Programdata

 

2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Mine dokumenter

 

2008-05-19 14:44 . 2007-06-15 13:33 d--h----- C:\Documents and Settings\Administrator\Maler

 

2008-05-19 14:44 . 2008-05-20 04:54 d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

 

2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Favoritter

 

2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\AndrMask

 

2008-05-19 14:44 . 2008-05-19 14:44 d-------- C:\Documents and Settings\Administrator

 

2008-05-19 14:44 . 2008-05-19 21:12 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG

 

2008-05-18 20:44 . 2008-05-19 14:35 109,846 --a------ C:\WINDOWS\BM23f16ccf.xml

 

2008-05-17 16:39 . 2008-05-17 17:10 d--hs---- C:\Documents and Settings\Bruker\!

 

2008-05-17 16:39 . 2008-05-17 16:39 0 --a------ C:\WINDOWS\system32\taskkill.exe

 

2008-05-17 16:38 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\emL1

 

2008-05-17 16:38 . 2008-05-18 18:35 d-------- C:\Programfiler\winvi

 

2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\rDA

 

2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\dbW

 

2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\3056v

 

2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\Temp\tmpvc14

 

2008-05-17 16:37 . 2008-05-19 21:49 d-------- C:\Temp

 

2008-05-17 16:12 . 2008-05-17 16:12 d-------- C:\Programfiler\Conduit

 

2008-05-17 16:11 . 2008-05-17 16:12 d-------- C:\Programfiler\Answers.com

 

2008-05-17 15:44 . 2008-05-17 15:44 d-------- C:\Programfiler\CCleaner

 

2008-05-08 11:13 . 2007-09-17 15:24 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr

 

2008-05-08 09:09 . 2008-01-23 15:01 42,552 --a------ C:\WINDOWS\system32\drivers\ale_nf.sys

 

2008-05-07 10:07 . 2008-05-07 10:07 d-------- C:\WINDOWS\system32\CatRoot_bak

 

2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\system32\no

 

2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\system32\bits

 

2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\l2schemas

 

2008-05-07 09:39 . 2007-10-25 18:44 8,466,432 --a------ C:\WINDOWS\system32\dllcache\shell32.dll

 

2008-05-07 09:38 . 2007-02-28 18:05 2,182,144 --a------ C:\WINDOWS\system32\ntoskrnl.exe

 

2008-05-07 09:22 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\005408_.tmp

 

2008-04-30 16:23 . 2008-04-30 16:25 d-------- C:\Documents and Settings\Bruker\Programdata\Windows Live Writer

 

2008-04-29 12:58 . 2008-04-29 12:58 d-------- C:\Documents and Settings\Bruker\Programdata\pdf995

 

2008-04-29 12:58 . 2008-04-29 12:58 28 --a------ C:\WINDOWS\pdf995.ini

 

2008-04-29 12:56 . 2008-04-29 12:56 d-------- C:\Programfiler\pdf995

 

2008-04-29 12:56 . 2008-04-29 12:59 d-------- C:\Documents and Settings\All Users\Programdata\pdf995

 

2008-04-29 12:56 . 2008-04-29 12:56 249,856 --a------ C:\WINDOWS\system32\pdfmona.dll

 

2008-04-29 12:56 . 2008-04-29 12:56 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll

 

2008-04-29 12:56 . 2008-04-29 12:59 59 --a------ C:\WINDOWS\wpd99.drv

 

 

 

.

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

2008-05-19 19:50 --------- d-----w C:\Programfiler\Norman

 

2008-05-19 19:49 --------- d-----w C:\Programfiler\Microsoft Silverlight

 

2008-05-19 12:51 --------- d-----w C:\Documents and Settings\Bruker\Programdata\LimeWire

 

2008-05-19 12:33 --------- d-----w C:\Programfiler\Opera

 

2008-05-19 10:31 --------- d-----w C:\Programfiler\LimeWire

 

2008-05-19 07:26 --------- d-----w C:\Programfiler\Deirdra Kiai Productions

 

2008-05-16 03:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

 

2008-05-08 07:10 5 ----a-w C:\NPF_USER.DAT

 

2008-04-29 10:21 --------- d-----w C:\Programfiler\Java

 

2008-04-14 16:23 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe

 

2008-03-28 15:13 --------- d-----w C:\Documents and Settings\Bruker\Programdata\mIRC

 

2008-03-28 15:11 --------- d-----w C:\Programfiler\mIRC

 

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

 

2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll

 

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

 

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

 

2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

 

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

 

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

 

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

 

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

 

2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

 

.

 

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

*Note* empty entries & legit default entries are not shown

 

REGEDIT4

 

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

 

"WinUpdater"="C:\Program Files\winvi\update.exe" [ ]

 

"WebSUpdater"="C:\Program Files\winvi\wupda.exe" [ ]

 

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2004-01-28 17:48 184320]

 

"AGRSMMSG"="AGRSMMSG.exe" [2003-07-25 11:22 88363 C:\WINDOWS\AGRSMMSG.exe]

 

"LtMoh"="C:\Programfiler\ltmoh\Ltmoh.exe" [2002-11-25 10:23 172032]

 

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 10:25 7122944]

 

"nwiz"="nwiz.exe" [2005-12-15 10:25 1519616 C:\WINDOWS\system32\nwiz.exe]

 

"Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]

 

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

 

"Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-12-17 14:37 273520]

 

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

 

"AudioDeck"="C:\Programfiler\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 17:44 7916032]

 

"20c25f53"="C:\WINDOWS\system32\weaybtyv.dll" [ ]

 

"BM23f16ccf"="C:\WINDOWS\system32\gaciaket.dll" [ ]

 

 

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

 

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

 

 

 

C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\

 

Stardock ObjectDock.lnk - C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe [2007-06-26 16:30:17 3581680]

 

 

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

 

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

 

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

 

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

 

"VIDC.YV12"= yv12vfw.dll

 

 

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

 

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

 

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

 

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^WinZip Quick Pick.lnk]

 

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\WinZip Quick Pick.lnk

 

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

 

 

[HKLM\~\startupfolder\C:^Documents and Settings^Bruker^Start-meny^Programmer^Oppstart^OneNote 2007 Screen Clipper og Launcher.lnk]

 

path=C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\OneNote 2007 Screen Clipper og Launcher.lnk

 

backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]

 

--a------ 2004-04-19 17:44 7916032 C:\Programfiler\VIAudioi\SBADeck\ADeck.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]

 

--a------ 2007-11-14 07:10 56325 C:\Documents and Settings\Bruker\Mine dokumenter\Programmer\Glass2k.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

 

--a------ 2007-08-22 12:25 1838592 C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]

 

--a------ 2004-08-06 14:04 32768 C:\Programfiler\Launch Manager\LaunchAp.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

 

--a------ 2004-07-15 17:24 49152 C:\Programfiler\Launch Manager\HotkeyApp.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]

 

--a------ 2004-08-06 13:30 49152 C:\Programfiler\Launch Manager\OSDCtrl.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

 

--a------ 2007-10-18 12:34 5724184 C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

 

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

 

--a------ 2007-10-23 23:18 443968 C:\Programfiler\Picasa2\PicasaMediaDetector.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]

 

--a------ 2002-08-30 15:02 94208 C:\Programfiler\Launch Manager\PowerKey.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]

 

--a------ 2004-08-13 22:40 73728 C:\Programfiler\Launch Manager\Wbutton.exe

 

 

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

 

"EnableFirewall"= 0 (0x0)

 

 

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

 

"%windir%\\system32\\sessmgr.exe"=

 

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

 

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

 

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

 

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

 

 

R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2008-01-24 11:23]

 

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]

 

R1 NPROSEC;Norman Security driver;C:\Programfiler\Norman\Ngs\bin\nprosec.sys [2007-09-06 08:37]

 

R1 TDI_RD;Norman Firewall TDI driver;C:\WINDOWS\system32\drivers\tdi_rd.sys [2007-05-14 10:51]

 

R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 11:55]

 

R2 NPFSvc32;Norman Personal Firewall Service;"C:\Programfiler\Norman\npf\bin\npfsvc32.exe" [2008-01-28 10:21]

 

R2 NPROSECSVC;Norman Security service;"C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE" [2007-11-27 15:13]

 

R2 NVOY;Norman's Very Own supplY of resources;"C:\Programfiler\Norman\npm\bin\nvoy.exe" [2008-01-22 15:04]

 

R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-03-29 17:23]

 

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]

 

R3 nvcoas;Norman Virus Control on-access component;"C:\Programfiler\Norman\Nvc\bin\nvcoas.exe" [2007-12-10 14:36]

 

R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 11:41]

 

S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

 

S3 POWERKEY;POWERKEY;C:\Programfiler\Launch Manager\POWERKEY.sys [2000-12-19 18:29]

 

 

 

.

 

Contents of the 'Scheduled Tasks' folder

 

"2008-05-19 21:04:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

 

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

 

"2008-05-20 02:55:04 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EE815CFE-AB85-41DC-AA6C-CB93C7D1DBAC}.job"

 

- C:\WINDOWS\system32\msfeedssync.exe

 

.

 

**************************************************************************

 

 

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

 

Rootkit scan 2008-05-20 04:55:28

 

Windows 5.1.2600 Service Pack 2 NTFS

 

 

 

scanning hidden processes ...

 

 

 

scanning hidden autostart entries ...

 

 

 

scanning hidden files ...

 

 

 

scan completed successfully

 

hidden files: 0

 

 

 

**************************************************************************

 

.

 

Completion time: 2008-05-20 4:58:07

 

ComboFix-quarantined-files.txt 2008-05-20 02:58:03

 

 

 

Pre-Run: 14,761,803,776 byte ledig

 

Post-Run: 14,986,469,376 byte ledig

 

 

 

210 --- E O F --- 2008-05-19 19:49:40

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 05:37:45, on 20.05.2008

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

 

C:\WINDOWS\system32\csrss.exe

 

C:\WINDOWS\system32\winlogon.exe

 

C:\WINDOWS\system32\services.exe

 

C:\WINDOWS\system32\lsass.exe

 

C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE

 

C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\Programfiler\Norman\Npm\Bin\Zanda.exe

 

C:\Programfiler\Norman\npm\bin\nvoy.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\Programfiler\Norman\npf\bin\npfsvc32.exe

 

C:\WINDOWS\system32\spoolsv.exe

 

C:\Programfiler\Launch Manager\CtrlVol.exe

 

C:\WINDOWS\AGRSMMSG.exe

 

C:\Programfiler\ltmoh\Ltmoh.exe

 

C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

 

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

 

C:\Programfiler\Norman\Npm\bin\ZLH.EXE

 

C:\Programfiler\VIAudioi\SBADeck\ADeck.exe

 

C:\WINDOWS\system32\ctfmon.exe

 

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe

 

C:\Programfiler\Norman\Nvc\BIN\NIP.EXE

 

C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

 

C:\WINDOWS\system32\nvsvc32.exe

 

C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE

 

C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

 

C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\Programfiler\Norman\Nvc\bin\cclaw.exe

 

C:\WINDOWS\System32\alg.exe

 

C:\Programfiler\Opera\Opera.exe

 

C:\WINDOWS\system32\notepad.exe

 

C:\WINDOWS\explorer.exe

 

C:\WINDOWS\system32\notepad.exe

 

C:\unzipped\hijackthis\test.exe

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

 

R3 - URLSearchHook: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file)

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

 

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

 

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

 

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

 

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

 

O3 - Toolbar: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file)

 

O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe

 

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

 

O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

 

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

 

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH

 

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

O4 - HKLM\..\Run: [AudioDeck] C:\Programfiler\VIAudioi\SBADeck\ADeck.exe 1

 

O4 - HKLM\..\Run: [20c25f53] rundll32.exe "C:\WINDOWS\system32\weaybtyv.dll",b

 

O4 - HKLM\..\Run: [bM23f16ccf] Rundll32.exe "C:\WINDOWS\system32\gaciaket.dll",s

 

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

 

O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background

 

O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background

 

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

O8 - Extra context menu item: &ieSpell Options - res://C:\Programfiler\ieSpell\iespell.dll/SPELLOPTION.HTM

 

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

 

O8 - Extra context menu item: Check &Spelling - res://C:\Programfiler\ieSpell\iespell.dll/SPELLCHECK.HTM

 

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

 

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Programfiler\ieSpell\Merriam Webster.HTM

 

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Programfiler\ieSpell\wikipedia.HTM

 

O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

 

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programfiler\ieSpell\iespell.dll

 

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programfiler\ieSpell\iespell.dll

 

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programfiler\ieSpell\iespell.dll

 

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programfiler\ieSpell\iespell.dll

 

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

 

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

 

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

 

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

 

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm

 

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm

 

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

 

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

 

O11 - Options group: [iNTERNATIONAL] International*

 

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

 

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

 

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

 

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll

 

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

 

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\

 

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

 

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

 

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

 

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE

 

O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

 

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

 

O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

 

O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe

 

O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe

 

O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE

 

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

 

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE

 

O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe

 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

 

 

Lenke til kommentar
Gjest Bruker-95147

Gjest Bruker-95147

Skrevet
Skrevet (endret)

Fillern! :blush:

 

Her er ny logg:

 

Edit: Dobbelt fillern!! Skulle vel kanskje ta en ny HJT også ...? :blush:

Kommer snarligen tilbake!

Klikk for å se/fjerne spoilerteksten nedenfor

 

ComboFix 08-05-19.4 - Bruker 2008-05-20 7:31:59.3 - NTFSx86

 

 

 

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.266 [GMT 2:00]

 

 

 

Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe

 

 

 

* Created a new restore point

 

 

 

* Resident AV is active

 

 

 

 

 

 

 

 

 

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

 

 

.

 

 

 

 

 

 

 

((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))

 

 

 

.

 

 

 

 

 

 

 

2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Programfiler\SUPERAntiSpyware

 

 

 

2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Documents and Settings\Bruker\Programdata\SUPERAntiSpyware.com

 

 

 

2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

 

 

 

2008-05-19 18:42 . 2008-05-19 18:42 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

 

 

 

2008-05-19 18:37 . 2008-05-20 05:33 dr-h----- C:\Documents and Settings\Bruker\Siste

 

 

 

2008-05-19 14:44 . 2007-06-15 14:16 dr------- C:\Documents and Settings\Administrator\Start-meny

 

 

 

2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\Skrivere

 

 

 

2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Skrivebord

 

 

 

2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\Siste

 

 

 

2008-05-19 14:44 . 2007-06-15 14:16 dr-h----- C:\Documents and Settings\Administrator\Programdata

 

 

 

2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Mine dokumenter

 

 

 

2008-05-19 14:44 . 2007-06-15 13:33 d--h----- C:\Documents and Settings\Administrator\Maler

 

 

 

2008-05-19 14:44 . 2008-05-20 07:34 d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

 

 

 

2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Favoritter

 

 

 

2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\AndrMask

 

 

 

2008-05-19 14:44 . 2008-05-19 14:44 d-------- C:\Documents and Settings\Administrator

 

 

 

2008-05-19 14:44 . 2008-05-20 07:31 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG

 

 

 

2008-05-18 20:44 . 2008-05-19 14:35 109,846 --a------ C:\WINDOWS\BM23f16ccf.xml

 

 

 

2008-05-17 16:39 . 2008-05-17 17:10 d--hs---- C:\Documents and Settings\Bruker\!

 

 

 

2008-05-17 16:39 . 2008-05-17 16:39 0 --a------ C:\WINDOWS\system32\taskkill.exe

 

 

 

2008-05-17 16:38 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\emL1

 

 

 

2008-05-17 16:38 . 2008-05-18 18:35 d-------- C:\Programfiler\winvi

 

 

 

2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\rDA

 

 

 

2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\dbW

 

 

 

2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\3056v

 

 

 

2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\Temp\tmpvc14

 

 

 

2008-05-17 16:37 . 2008-05-19 21:49 d-------- C:\Temp

 

 

 

2008-05-17 16:12 . 2008-05-17 16:12 d-------- C:\Programfiler\Conduit

 

 

 

2008-05-17 16:11 . 2008-05-17 16:12 d-------- C:\Programfiler\Answers.com

 

 

 

2008-05-17 15:44 . 2008-05-17 15:44 d-------- C:\Programfiler\CCleaner

 

 

 

2008-05-08 11:13 . 2007-09-17 15:24 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr

 

 

 

2008-05-08 09:09 . 2008-01-23 15:01 42,552 --a------ C:\WINDOWS\system32\drivers\ale_nf.sys

 

 

 

2008-05-07 10:07 . 2008-05-07 10:07 d-------- C:\WINDOWS\system32\CatRoot_bak

 

 

 

2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\system32\no

 

 

 

2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\system32\bits

 

 

 

2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\l2schemas

 

 

 

2008-05-07 09:39 . 2007-10-25 18:44 8,466,432 --a------ C:\WINDOWS\system32\dllcache\shell32.dll

 

 

 

2008-05-07 09:38 . 2007-02-28 18:05 2,182,144 --a------ C:\WINDOWS\system32\ntoskrnl.exe

 

 

 

2008-05-07 09:22 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS

Endret av Bruker-95147
Lenke til kommentar
Gjest Bruker-95147

Gjest Bruker-95147

Skrevet
Skrevet (endret)

Flott med dobbeltposter ... :whistle:

 

Edit: Tok en omstart og fikk disse tre feilmeldingene:

"apfwiz.exe har et problem og må lukkes", og "feil ved innlasting av c:\windows.sys32\gaciaket.dll" og "weaybtyv.dll". 

 

Klikk for å se/fjerne spoilerteksten nedenforLogfile of Trend Micro HijackThis v2.0.2

 

Scan saved at 07:49:41, on 20.05.2008

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Boot mode: Normal

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

 

C:\WINDOWS\system32\csrss.exe

 

C:\WINDOWS\system32\winlogon.exe

 

C:\WINDOWS\system32\services.exe

 

C:\WINDOWS\system32\lsass.exe

 

C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE

 

C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\Programfiler\Norman\Npm\Bin\Zanda.exe

 

C:\Programfiler\Norman\npm\bin\nvoy.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\Programfiler\Norman\npf\bin\npfsvc32.exe

 

C:\WINDOWS\system32\spoolsv.exe

 

C:\Programfiler\Launch Manager\CtrlVol.exe

 

C:\WINDOWS\AGRSMMSG.exe

 

C:\Programfiler\ltmoh\Ltmoh.exe

 

C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

 

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

 

C:\Programfiler\Norman\Npm\bin\ZLH.EXE

 

C:\Programfiler\VIAudioi\SBADeck\ADeck.exe

 

C:\WINDOWS\system32\ctfmon.exe

 

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe

 

C:\Programfiler\Norman\Nvc\BIN\NIP.EXE

 

C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

 

C:\WINDOWS\system32\nvsvc32.exe

 

C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE

 

C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

 

C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\Programfiler\Norman\Nvc\bin\cclaw.exe

 

C:\WINDOWS\System32\alg.exe

 

C:\WINDOWS\explorer.exe

 

C:\WINDOWS\system32\notepad.exe

 

C:\Programfiler\Norman\npf\bin\npfuser.exe

 

C:\programfiler\opera\opera.exe

 

C:\Documents and Settings\Bruker\Skrivebord\Ny mappe\test.exe.exe

 

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

 

R3 - URLSearchHook: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file)

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

 

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

 

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

 

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

 

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

 

O3 - Toolbar: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file)

 

O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe

 

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

 

O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

 

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

 

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH

 

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

O4 - HKLM\..\Run: [AudioDeck] C:\Programfiler\VIAudioi\SBADeck\ADeck.exe 1

 

O4 - HKLM\..\Run: [20c25f53] rundll32.exe "C:\WINDOWS\system32\weaybtyv.dll",b

 

O4 - HKLM\..\Run: [bM23f16ccf] Rundll32.exe "C:\WINDOWS\system32\gaciaket.dll",s

 

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

 

O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background

 

O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background

 

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

 

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

 

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

 

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

 

O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

O8 - Extra context menu item: &ieSpell Options - res://C:\Programfiler\ieSpell\iespell.dll/SPELLOPTION.HTM

 

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

 

O8 - Extra context menu item: Check &Spelling - res://C:\Programfiler\ieSpell\iespell.dll/SPELLCHECK.HTM

 

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

 

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Programfiler\ieSpell\Merriam Webster.HTM

 

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Programfiler\ieSpell\wikipedia.HTM

 

O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

 

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programfiler\ieSpell\iespell.dll

 

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Programfiler\ieSpell\iespell.dll

 

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programfiler\ieSpell\iespell.dll

 

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Programfiler\ieSpell\iespell.dll

 

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

 

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

 

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

 

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

 

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm

 

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm

 

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

 

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

 

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

 

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

 

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXE

 

O23 - Service: GoogleDesktopManager - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

 

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

 

O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

 

O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe

 

O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe

 

O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE

 

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

 

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE

 

O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe

 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

--

 

End of file - 10014 bytes

Endret av Bruker-95147
Lenke til kommentar
r2d290

r2d290

Skrevet
Skrevet (endret)

Hmm, er ikke helt bra enda. Mangler siste delen av combofix, men jeg er litt usikker på om det kommer til å bli noen forandring i forhold til den første loggen du postet (den første posten er komplett). Kan kanskje vente til en av de andre kommer inn og sier om det trengs enda en ny logg.

 

Et tips for å full logg, kan være å slette c:/combofix.txt og deretter restarte maskinen, og så kjøre combofix på nytt. Du kan gjøre det hvis du føler for det, og poste ny combofix-logg. trenger ikke noen hijackthis-logg etter at du har fått til combofix.

 

Combofix skal avslutte med ---EOF--- (end of file) og det ser du at den første combofix-loggen din har.

 

edit: første du gjør, er selvsagt å se at problemet ikke bare var at du glemte å markere hele teksten (bruk ctrl+a)

Endret av r2d290
Lenke til kommentar
Gjest Bruker-95147

Gjest Bruker-95147

Skrevet
Skrevet (endret)

Gjør som du foreslår!

 

Edit: Her er forhåpentligvis en fullstendig logg:

 

 

ComboFix 08-05-19.4 - Bruker 2008-05-20 8:24:17.4 - NTFSx86

 

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.108 [GMT 2:00]

 

Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe

 

* Resident AV is active

 

 

 

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

.

 

 

 

((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))

 

.

 

 

 

2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Programfiler\SUPERAntiSpyware

 

2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Documents and Settings\Bruker\Programdata\SUPERAntiSpyware.com

 

2008-05-19 18:43 . 2008-05-19 18:43 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

 

2008-05-19 18:42 . 2008-05-19 18:42 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

 

2008-05-19 18:37 . 2008-05-20 08:17 dr-h----- C:\Documents and Settings\Bruker\Siste

 

2008-05-19 14:44 . 2007-06-15 14:16 dr------- C:\Documents and Settings\Administrator\Start-meny

 

2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\Skrivere

 

2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Skrivebord

 

2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\Siste

 

2008-05-19 14:44 . 2007-06-15 14:16 dr-h----- C:\Documents and Settings\Administrator\Programdata

 

2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Mine dokumenter

 

2008-05-19 14:44 . 2007-06-15 13:33 d--h----- C:\Documents and Settings\Administrator\Maler

 

2008-05-19 14:44 . 2008-05-20 08:28 d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

 

2008-05-19 14:44 . 2007-06-15 14:16 d-------- C:\Documents and Settings\Administrator\Favoritter

 

2008-05-19 14:44 . 2007-06-15 14:16 d--h----- C:\Documents and Settings\Administrator\AndrMask

 

2008-05-19 14:44 . 2008-05-19 14:44 d-------- C:\Documents and Settings\Administrator

 

2008-05-19 14:44 . 2008-05-20 07:31 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG

 

2008-05-18 20:44 . 2008-05-19 14:35 109,846 --a------ C:\WINDOWS\BM23f16ccf.xml

 

2008-05-17 16:39 . 2008-05-17 17:10 d--hs---- C:\Documents and Settings\Bruker\!

 

2008-05-17 16:39 . 2008-05-17 16:39 0 --a------ C:\WINDOWS\system32\taskkill.exe

 

2008-05-17 16:38 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\emL1

 

2008-05-17 16:38 . 2008-05-18 18:35 d-------- C:\Programfiler\winvi

 

2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\rDA

 

2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\dbW

 

2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\WINDOWS\system32\3056v

 

2008-05-17 16:37 . 2008-05-17 16:38 d-------- C:\Temp\tmpvc14

 

2008-05-17 16:37 . 2008-05-19 21:49 d-------- C:\Temp

 

2008-05-17 16:12 . 2008-05-17 16:12 d-------- C:\Programfiler\Conduit

 

2008-05-17 16:11 . 2008-05-17 16:12 d-------- C:\Programfiler\Answers.com

 

2008-05-17 15:44 . 2008-05-17 15:44 d-------- C:\Programfiler\CCleaner

 

2008-05-08 11:13 . 2007-09-17 15:24 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr

 

2008-05-08 09:09 . 2008-01-23 15:01 42,552 --a------ C:\WINDOWS\system32\drivers\ale_nf.sys

 

2008-05-07 10:07 . 2008-05-07 10:07 d-------- C:\WINDOWS\system32\CatRoot_bak

 

2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\system32\no

 

2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\system32\bits

 

2008-05-07 09:52 . 2008-05-08 23:54 d-------- C:\WINDOWS\l2schemas

 

2008-05-07 09:39 . 2007-10-25 18:44 8,466,432 --a------ C:\WINDOWS\system32\dllcache\shell32.dll

 

2008-05-07 09:38 . 2007-02-28 18:05 2,182,144 --a------ C:\WINDOWS\system32\ntoskrnl.exe

 

2008-05-07 09:22 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\005408_.tmp

 

2008-04-30 16:23 . 2008-04-30 16:25 d-------- C:\Documents and Settings\Bruker\Programdata\Windows Live Writer

 

2008-04-29 12:58 . 2008-04-29 12:58 d-------- C:\Documents and Settings\Bruker\Programdata\pdf995

 

2008-04-29 12:58 . 2008-04-29 12:58 28 --a------ C:\WINDOWS\pdf995.ini

 

2008-04-29 12:56 . 2008-04-29 12:56 d-------- C:\Programfiler\pdf995

 

2008-04-29 12:56 . 2008-04-29 12:59 d-------- C:\Documents and Settings\All Users\Programdata\pdf995

 

2008-04-29 12:56 . 2008-04-29 12:56 249,856 --a------ C:\WINDOWS\system32\pdfmona.dll

 

2008-04-29 12:56 . 2008-04-29 12:56 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll

 

2008-04-29 12:56 . 2008-04-29 12:59 59 --a------ C:\WINDOWS\wpd99.drv

 

 

 

.

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

2008-05-20 06:21 --------- d-----w C:\Programfiler\Norman

 

2008-05-19 19:49 --------- d-----w C:\Programfiler\Microsoft Silverlight

 

2008-05-19 12:51 --------- d-----w C:\Documents and Settings\Bruker\Programdata\LimeWire

 

2008-05-19 12:33 --------- d-----w C:\Programfiler\Opera

 

2008-05-19 10:31 --------- d-----w C:\Programfiler\LimeWire

 

2008-05-19 07:26 --------- d-----w C:\Programfiler\Deirdra Kiai Productions

 

2008-05-16 03:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

 

2008-05-08 07:10 5 ----a-w C:\NPF_USER.DAT

 

2008-04-29 10:21 --------- d-----w C:\Programfiler\Java

 

2008-04-14 16:23 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe

 

2008-03-28 15:13 --------- d-----w C:\Documents and Settings\Bruker\Programdata\mIRC

 

2008-03-28 15:11 --------- d-----w C:\Programfiler\mIRC

 

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

 

2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll

 

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

 

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

 

2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

 

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

 

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

 

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

 

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

 

2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

 

.

 

 

 

((((((((((((((((((((((((((((( snapshot@2008-05-20_ 4.57.45.54 )))))))))))))))))))))))))))))))))))))))))

 

.

 

- 2008-05-19 19:50:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat

 

+ 2008-05-20 06:21:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat

 

- 2008-05-19 19:56:10 59,978 ----a-w C:\WINDOWS\system32\perfc009.dat

 

+ 2008-05-20 06:27:22 59,978 ----a-w C:\WINDOWS\system32\perfc009.dat

 

- 2008-05-19 19:56:10 68,272 ----a-w C:\WINDOWS\system32\perfc014.dat

 

+ 2008-05-20 06:27:23 68,272 ----a-w C:\WINDOWS\system32\perfc014.dat

 

- 2008-05-19 19:56:10 397,758 ----a-w C:\WINDOWS\system32\perfh009.dat

 

+ 2008-05-20 06:27:23 397,758 ----a-w C:\WINDOWS\system32\perfh009.dat

 

- 2008-05-19 19:56:10 402,016 ----a-w C:\WINDOWS\system32\perfh014.dat

 

+ 2008-05-20 06:27:23 402,016 ----a-w C:\WINDOWS\system32\perfh014.dat

 

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

*Note* empty entries & legit default entries are not shown

 

REGEDIT4

 

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

 

"WinUpdater"="C:\Program Files\winvi\update.exe" [ ]

 

"WebSUpdater"="C:\Program Files\winvi\wupda.exe" [ ]

 

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2004-01-28 17:48 184320]

 

"AGRSMMSG"="AGRSMMSG.exe" [2003-07-25 11:22 88363 C:\WINDOWS\AGRSMMSG.exe]

 

"LtMoh"="C:\Programfiler\ltmoh\Ltmoh.exe" [2002-11-25 10:23 172032]

 

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 10:25 7122944]

 

"nwiz"="nwiz.exe" [2005-12-15 10:25 1519616 C:\WINDOWS\system32\nwiz.exe]

 

"Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]

 

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

 

"Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-12-17 14:37 273520]

 

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

 

"AudioDeck"="C:\Programfiler\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 17:44 7916032]

 

"20c25f53"="C:\WINDOWS\system32\weaybtyv.dll" [ ]

 

"BM23f16ccf"="C:\WINDOWS\system32\gaciaket.dll" [ ]

 

 

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

 

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

 

 

 

C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\

 

Stardock ObjectDock.lnk - C:\Programfiler\Stardock\ObjectDock\ObjectDock.exe [2007-06-26 16:30:17 3581680]

 

 

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

 

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

 

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

 

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

 

"VIDC.YV12"= yv12vfw.dll

 

 

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

 

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

 

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

 

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^WinZip Quick Pick.lnk]

 

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\WinZip Quick Pick.lnk

 

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

 

 

[HKLM\~\startupfolder\C:^Documents and Settings^Bruker^Start-meny^Programmer^Oppstart^OneNote 2007 Screen Clipper og Launcher.lnk]

 

path=C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\OneNote 2007 Screen Clipper og Launcher.lnk

 

backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]

 

--a------ 2004-04-19 17:44 7916032 C:\Programfiler\VIAudioi\SBADeck\ADeck.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]

 

--a------ 2007-11-14 07:10 56325 C:\Documents and Settings\Bruker\Mine dokumenter\Programmer\Glass2k.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

 

--a------ 2007-08-22 12:25 1838592 C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]

 

--a------ 2004-08-06 14:04 32768 C:\Programfiler\Launch Manager\LaunchAp.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

 

--a------ 2004-07-15 17:24 49152 C:\Programfiler\Launch Manager\HotkeyApp.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]

 

--a------ 2004-08-06 13:30 49152 C:\Programfiler\Launch Manager\OSDCtrl.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

 

--a------ 2007-10-18 12:34 5724184 C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

 

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

 

--a------ 2007-10-23 23:18 443968 C:\Programfiler\Picasa2\PicasaMediaDetector.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]

 

--a------ 2002-08-30 15:02 94208 C:\Programfiler\Launch Manager\PowerKey.exe

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]

 

--a------ 2004-08-13 22:40 73728 C:\Programfiler\Launch Manager\Wbutton.exe

 

 

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

 

"EnableFirewall"= 0 (0x0)

 

 

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

 

"%windir%\\system32\\sessmgr.exe"=

 

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

 

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

 

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

 

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

 

 

R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2008-01-24 11:23]

 

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]

 

R1 NPROSEC;Norman Security driver;C:\Programfiler\Norman\Ngs\bin\nprosec.sys [2007-09-06 08:37]

 

R1 TDI_RD;Norman Firewall TDI driver;C:\WINDOWS\system32\drivers\tdi_rd.sys [2007-05-14 10:51]

 

R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 11:55]

 

R2 NPFSvc32;Norman Personal Firewall Service;"C:\Programfiler\Norman\npf\bin\npfsvc32.exe" [2008-01-28 10:21]

 

R2 NPROSECSVC;Norman Security service;"C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE" [2007-11-27 15:13]

 

R2 NVOY;Norman's Very Own supplY of resources;"C:\Programfiler\Norman\npm\bin\nvoy.exe" [2008-01-22 15:04]

 

R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-03-29 17:23]

 

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]

 

R3 nvcoas;Norman Virus Control on-access component;"C:\Programfiler\Norman\Nvc\bin\nvcoas.exe" [2007-12-10 14:36]

 

R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 11:41]

 

S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

 

S3 POWERKEY;POWERKEY;C:\Programfiler\Launch Manager\POWERKEY.sys [2000-12-19 18:29]

 

 

 

*Newly Created Service* - CATCHME

 

.

 

Contents of the 'Scheduled Tasks' folder

 

"2008-05-20 06:04:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

 

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

 

"2008-05-20 06:30:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EE815CFE-AB85-41DC-AA6C-CB93C7D1DBAC}.job"

 

- C:\WINDOWS\system32\msfeedssync.exe

 

.

 

**************************************************************************

 

 

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

 

Rootkit scan 2008-05-20 08:28:51

 

Windows 5.1.2600 Service Pack 2 NTFS

 

 

 

scanning hidden processes ...

 

 

 

scanning hidden autostart entries ...

 

 

 

scanning hidden files ...

 

 

 

scan completed successfully

 

hidden files: 0

 

 

 

**************************************************************************

 

.

 

--------------------- DLLs Loaded Under Running Processes ---------------------

 

 

 

PROCESS: C:\WINDOWS\explorer.exe

 

-> C:\Programfiler\Stardock\ObjectDock\DockShellHook.dll

 

.

 

Completion time: 2008-05-20 8:32:33

 

ComboFix-quarantined-files.txt 2008-05-20 06:32:24

 

ComboFix2.txt 2008-05-20 02:58:08

 

 

 

Pre-Run: 14,939,402,240 byte ledig

 

Post-Run: 14,929,010,688 byte ledig

 

 

 

211 --- E O F --- 2008-05-19 19:49:40

 

 

 

Endret av Bruker-95147
Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

R3 - URLSearchHook: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file)

O3 - Toolbar: (no name) - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - (no file)

O4 - HKLM\..\Run: [20c25f53] rundll32.exe "C:\WINDOWS\system32\weaybtyv.dll",b

O4 - HKLM\..\Run: [bM23f16ccf] Rundll32.exe "C:\WINDOWS\system32\gaciaket.dll",s

O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background

O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background

 

Hvis du ikke selv har satt noen restriksjoner i IE, så fixer du følgende to linjer også:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

Bruk utforsker til å finne og slett følgende fil:

C:\WINDOWS\BM23f16ccf.xml

 

Ut over dette ser ting og tang fint ut.

Hvordan kjører PC-en?

Lenke til kommentar
Gjest Bruker-95147

Gjest Bruker-95147

Skrevet
Skrevet

Fulgte disse siste rådene, og nå går maskinen som ei klokke.

 

Tusen takk for hjelpen! Dere burde vært belagt med formstyrets eget bladgull! :D

 

Kjempefine hjelpetråder som dere har lagd, og det på en slik måte at selv et gammelt fossil lærer noe.

 

Ha en fortreffelig dag!

Lenke til kommentar
r2d290

r2d290

Skrevet
Skrevet (endret)

Hehe, fint at det løste seg :)

 

Du kan nå avinstallere combofix:

start->kjør

skriv:

combofix /u

 

dette vil avinstallere combofix, slette midlertidige filer, og nullstille gjennoprettingsmappa di (så du kan gjenoprette til et tidspunkt der pc-en er ren).

 

Til slutt: skriv rediger emnetittelen din. Rediger førsteinlegget ditt, og trykk "full redigering". skriv:

[LØST]

foran emnetittelen din

 

(går ut ifra at du vet hvordan du gjør dette, men en viktig ting kan ikke sies for ofte :))

 

edit: behold SAS, hold det oppdatert og kjør det av og til. ser at den slettet ganske mye...

Endret av r2d290
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...