Gå til innhold

Hvorfor er PCen så treg. Hijackthis-logg


Anbefalte innlegg

I det siste har PCen min blitt treg, tok en scan med hijackthis, og her er loggen:

 

Klikk for å se/fjerne innholdet nedenfor
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:58:00, on 23.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE

C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\WINDOWS\TPPALDR.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

C:\Program Files\Sqof\Rezedw.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Programfiler\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\System32\alg.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~2.DLL (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programfiler\SideFind\sfbho.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE

O4 - HKLM\..\Run: [telenor] C:\Programfiler\FriSurf\sad.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [Lejbk] C:\Program Files\Sqof\Rezedw.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-21-1411074200-1179790526-1540833222-1916\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-790525478-1644491937-682003330-1565\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programfiler\SideFind\sidefind.dll (file missing)

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.start.no

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...be1e10940b1a7ee

4d6b88713ffc07adc36a6c198daa84af66cad27b7bddb:0bcd3b08a0018c359992be6d71d48cd1

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programfiler\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {AC473116-C745-4470-B288-DD9B9CF291DA} (eCStartX.eCStartClass) - http://portal/components/eCStartX.CAB

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programfiler\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programfiler\AutoCAD 2002\InstFred.ocx

O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.sea.mtree.com/mt/dialers/fc/UniDist.CAB

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD 2002\AcPreview.ocx

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntvgs.no

O17 - HKLM\Software\..\Telephony: DomainName = ntvgs.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntvgs.no

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: GhostStartService - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

 

--

End of file - 9558 bytes

Endret av AndersAu
Lenke til kommentar
Videoannonse
Annonse

har nå kjørt igjennom SAS hadde ca 260 infections, fikk ikke som noe alternativ til å slette de helt, tror de bare ble lagt i karantene. når jeg åpner Combofix får jeg sån advarsel om at 1 av 100 ikke klrer seg gjennom testen, er det trygt å ta den fordi?

 

her er ivertfall den ny hijackthis-loggen:

 

Klikk for å se/fjerne innholdet nedenfor
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:30:07, on 23.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE

C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\WINDOWS\TPPALDR.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\Nvc\bin\cclaw.exe

C:\Programfiler\Trend Micro\HijackThis\test.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.start.no

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...992be6d71d48cd1

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programfiler\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {AC473116-C745-4470-B288-DD9B9CF291DA} (eCStartX.eCStartClass) - http://portal/components/eCStartX.CAB

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programfiler\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programfiler\AutoCAD 2002\InstFred.ocx

O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.sea.mtree.com/mt/dialers/fc/UniDist.CAB

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD 2002\AcPreview.ocx

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntvgs.no

O17 - HKLM\Software\..\Telephony: DomainName = ntvgs.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntvgs.no

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: GhostStartService - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

 

Edit: og her er SAS-loggen:

 

Klikk for å se/fjerne innholdet nedenfor
SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/23/2008 at 03:43 PM

 

Application Version : 4.1.1046

 

Core Rules Database Version : 3467

Trace Rules Database Version: 1458

 

Scan type : Complete Scan

Total Scan Time : 01:30:44

 

Memory items scanned : 150

Memory threats detected : 0

Registry items scanned : 6172

Registry threats detected : 203

File items scanned : 23508

File threats detected : 48

 

Adware.Avenue Media

[Lejbk] C:\PROGRAM FILES\SQOF\REZEDW.EXE

C:\PROGRAM FILES\SQOF\REZEDW.EXE

 

Trojan.Search Variant

HKLM\Software\Classes\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}

HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}

HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}

HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\InprocServer32

HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\InprocServer32#ThreadingModel

HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\ProgID

HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\Programmable

HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\TypeLib

HKCR\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}\VersionIndependentProgID

C:\PROGRA~1\SEARCH~2\SEARCH~2.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D7E3B41-23CE-469B-BE1B-A64B877923E1}

 

Adware.IST/YourSiteBar

HKLM\Software\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}

HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}

HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}

HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\Implemented Categories

HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\InprocServer32

HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\InprocServer32#ThreadingModel

HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\ProgID

HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\Programmable

HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\TypeLib

HKCR\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\VersionIndependentProgID

C:\PROGRA~1\YOURSI~1\YSB.DLL

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{86227D9C-0EFE-4f8a-AA55-30386A3F5686}

HKCR\Ysb.YsbObj.1

HKCR\Ysb.YsbObj.1\CLSID

HKCR\Ysb.YsbObj

HKCR\Ysb.YsbObj\CLSID

HKCR\Ysb.YsbObj\CurVer

HKCR\TypeLib\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}

HKLM\Software\YourSiteBar

HKLM\Software\YourSiteBar#installTitle

HKLM\Software\YourSiteBar#barTitle

HKLM\Software\YourSiteBar#serverpath

HKLM\Software\YourSiteBar#urlAfterInstall

HKLM\Software\YourSiteBar#gUpdate

HKLM\Software\YourSiteBar#TBRowMode

HKLM\Software\YourSiteBar#yoursitebar.xml

HKLM\Software\YourSiteBar#imagemap_normal.bmp

HKLM\Software\YourSiteBar#showcorrupted

HKLM\Software\YourSiteBar#updatever

HKLM\Software\YourSiteBar#refreshscope

HKLM\Software\YourSiteBar#allowupdate

HKLM\Software\YourSiteBar#LastCheckTime

HKLM\Software\YourSiteBar#version.txt

HKLM\Software\YourSiteBar#UpdateBegin

HKLM\Software\YourSiteBar\Historyfiles

HKLM\Software\YourSiteBar\Historyfiles#C:\PROGRA~1\YOURSI~1\yoursitebar.xml

HKLM\Software\YourSiteBar\Historyfiles#C:\PROGRA~1\YOURSI~1\imagemap_normal.bmp

HKLM\Software\YourSiteBar\Historyfiles#C:\PROGRA~1\YOURSI~1\version.txt

HKLM\Software\YourSiteBar\Historysrcbox

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar#Publisher

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar#URLInfoAbout

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar#HelpLink

 

Adware.IST/SideFind

HKLM\Software\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}

HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}

HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}

HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories

HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{00021493-0000-0000-C000-000000000046}

HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32

HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32#ThreadingModel

HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID

HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Programmable

HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib

HKCR\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID

C:\PROGRAMFILER\SIDEFIND\SIDEFIND.DLL

HKLM\Software\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}

HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}

HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}

HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32

HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32#ThreadingModel

HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\ProgID

HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\Programmable

HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\TypeLib

HKCR\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\VersionIndependentProgID

C:\PROGRAMFILER\SIDEFIND\SFBHO.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}

HKCR\SideFind.Finder

HKCR\SideFind.Finder\CLSID

HKCR\SideFind.Finder\CurVer

HKCR\SideFind.Finder.1

HKCR\SideFind.Finder.1\CLSID

HKLM\Software\SideFind

HKLM\Software\SideFind#account_id

HKLM\Software\SideFind#PathBHO

HKLM\Software\SideFind#PathDLL

HKLM\Software\SideFind#PathXML

HKLM\Software\SideFind#PathEXE

HKLM\Software\SideFind#InstallDate

HKLM\Software\SideFind#SearchSite

HKLM\Software\SideFind#update

HKLM\Software\SideFind#ver

HKLM\Software\SideFind#IntervalBetweenShows

HKLM\Software\SideFind#show

HKLM\Software\SideFind#NextShow

HKLM\Software\SideFind#NextReaction

HKLM\Software\SideFind\History

HKLM\Software\SideFind\History#0

HKLM\Software\SideFind\History#1

HKLM\Software\SideFind\History#2

HKLM\Software\SideFind\History#3

HKLM\Software\SideFind\History#4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind#UninstallString

C:\Programfiler\SideFind\sfexd001

C:\Programfiler\SideFind\update

C:\Programfiler\SideFind

 

BHObj Class BHO

HKLM\Software\Classes\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32#ThreadingModel

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\ProgID

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\Programmable

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\TypeLib

HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\VersionIndependentProgID

C:\WINDOWS\WSEM303.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}

 

Adware.IST/ISTBar (Slotch Bar)

HKLM\Software\ISTsvc

HKLM\Software\ISTsvc#version

HKLM\Software\ISTsvc#app_name

HKLM\Software\ISTsvc#popup_url

HKLM\Software\ISTsvc#update_url

HKLM\Software\ISTsvc#config_url

HKLM\Software\ISTsvc#popup_initial_delay

HKLM\Software\ISTsvc#popup_count

HKLM\Software\ISTsvc#update_count

HKLM\Software\ISTsvc#update_version

HKLM\Software\ISTsvc#config_count

HKLM\Software\ISTsvc#account_id

HKLM\Software\ISTsvc#app_date

HKLM\Software\ISTsvc#popup_interval

HKLM\Software\ISTsvc#popup_last

HKLM\Software\ISTsvc#update_interval

HKLM\Software\ISTsvc#update_last

HKLM\Software\ISTsvc#config_interval

HKLM\Software\ISTsvc#config_last

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc#NoModify

C:\Programfiler\ISTsvc

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

 

Adware.Avenue Media/Internet Optimizer

HKCR\DyFuCA_BH.BHObj

HKCR\DyFuCA_BH.BHObj\CLSID

HKCR\DyFuCA_BH.BHObj\CurVer

HKCR\DyFuCA_BH.BHObj.1

HKCR\DyFuCA_BH.BHObj.1\CLSID

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayIcon

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#Comment

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#DComment

HKLM\Software\Avenue Media

HKLM\Software\Avenue Media\Internet Optimizer

HKLM\Software\Avenue Media\Internet Optimizer#TargetDir

HKLM\Software\Avenue Media\Internet Optimizer#CLS

HKLM\Software\Avenue Media\Internet Optimizer#RID

HKLM\Software\Avenue Media\Internet Optimizer#Version

HKLM\Software\Avenue Media\Internet Optimizer#TAC

HKLM\Software\Avenue Media\Internet Optimizer#ServerVisited

HKLM\Software\Avenue Media\Internet Optimizer#UpdateInterval

HKLM\Software\Avenue Media\Internet Optimizer#ID

HKLM\Software\Avenue Media\Internet Optimizer#InstallT

HKLM\Software\Avenue Media\Internet Optimizer#remember[LLT]

HKLM\Software\Avenue Media\Internet Optimizer#Conn

HKLM\Software\Avenue Media\Internet Optimizer#PendingRemoval

HKLM\Software\Avenue Media\Internet Optimizer\Active Alert

HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Version

HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Target

HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1

HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#RawData

HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#Data

HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#DiffAll

HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#TimeStamp

HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#Version

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#RawData

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Data

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#DiffAll

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#TimeStamp

HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Version

HKLM\Software\Avenue Media\Internet Optimizer\WSE

HKLM\Software\Avenue Media\Internet Optimizer\WSE#Version

HKLM\Software\Avenue Media\Internet Optimizer\WSE#Options

HKLM\Software\Avenue Media\Internet Optimizer\WSE#ModuleFileName

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#RawData

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Data

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#DiffAll

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#TimeStamp

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf2#Version

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#RawData

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Data

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#DiffAll

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#TimeStamp

HKLM\Software\Avenue Media\Internet Optimizer\WSE\cf4#Version

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt

HKLM\SOFTWARE\Policies\Avenue Media

 

Adware.Tracking Cookie

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@valueclick[1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@tribalfusion[1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@mediaplex[1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@2o7[2].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][2].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@realmedia[1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@tradedoubler[1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@advertising[1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@imrworldwide[1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@maxserving[1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@overture[1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@indextools[2].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][2].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@doubleclick[2].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@hitbox[2].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@statcounter[1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@atdmt[1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@adtech[1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@apmebf[2].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\oyvind.aukrust@indexstats[1].txt

C:\Documents and Settings\oyvind.aukrust\Cookies\[email protected][1].txt

statse.webtrendslive.com [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]

track.adform.net [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]

track.adform.net [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]

.doubleclick.net [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]

.adtech.de [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]

e2.emediate.se [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]

e2.emediate.se [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]

ad.zanox.com [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]

.telenorstartsiden.112.2o7.net [ C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\Mozilla\Firefox\Profiles\vijya4io.default\cookies.txt ]

C:\Documents and Settings\ynvsadm.NTVGS\Cookies\ynvsadm@adtech[1].txt

C:\Documents and Settings\ynvsadm.NTVGS\Cookies\ynvsadm@2o7[1].txt

 

 

her er combofix-logg

 

Klikk for å se/fjerne innholdet nedenfor
ComboFix 08-05-21.3 - oyvind.aukrust 2008-05-23 16:45:57.1 - NTFSx86

Running from: C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Skrivebord\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))

.

 

2008-05-23 13:50 . 2008-05-23 13:50 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-05-23 13:50 . 2008-05-23 13:50 <DIR> d-------- C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\SUPERAntiSpyware.com

2008-05-23 13:50 . 2008-05-23 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-05-23 13:49 . 2008-05-23 13:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-23 12:48 . 2008-05-23 16:40 <DIR> dr-h----- C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Siste

2008-05-23 12:12 . 2008-05-23 12:12 <DIR> d-------- C:\Programfiler\CCleaner

2008-05-23 11:56 . 2008-05-23 11:56 <DIR> d-------- C:\Programfiler\Trend Micro

2008-05-11 13:20 . 2008-05-11 13:20 <DIR> d-------- C:\Programfiler\Sun

2008-05-11 13:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-05-11 13:07 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-05-11 13:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-11 12:43 . 2008-05-11 12:45 <DIR> d-------- C:\Programfiler\Windows Live

2008-05-11 12:43 . 2008-05-11 12:44 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-05-11 12:42 . 2008-05-11 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-23 11:36 --------- d-----w C:\Programfiler\Google

2008-05-23 10:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-11 11:19 --------- d-----w C:\Programfiler\Java

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2001-10-05 09:53 21,866 -c--a-w C:\Programfiler\Fellesfiler\tppupd2k.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" []

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-06-23 10:34 155648]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-06-23 10:34 114688]

"SoundMan"="SOUNDMAN.EXE" [2003-06-20 19:55 55296 C:\WINDOWS\SOUNDMAN.EXE]

"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 10:35 88267 C:\WINDOWS\AGRSMMSG.exe]

"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2002-07-25 04:49 151552]

"LManager"="C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 17:01 155648]

"GhostStartTrayApp"="C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 15:21 94208]

"TPP Auto Loader"="C:\WINDOWS\TPPALDR.EXE" [2001-10-05 11:54 118784]

"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [1999-06-02 11:31 34816]

"PE2CKFNT SE"="C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^hp psc 1000 series.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\hp psc 1000 series.lnk

backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Photo Express Calendar Checker SE.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Photo Express Calendar Checker SE.lnk

backup=C:\WINDOWS\pss\Photo Express Calendar Checker SE.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Programfiler\MSN Messenger\msnmsgr.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

 

R1 GhPciScan;GhostPciScanner;C:\Programfiler\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]

R2 eugss;EUTRON SmartKey GSS2 Driver;C:\WINDOWS\system32\Drivers\eugssxp.sys [2005-06-14 10:45]

R2 KeyP;KeyP;C:\WINDOWS\system32\DRIVERS\KeyP.sys [1995-11-07 08:00]

R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]

R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]

S3 efipsk;efipsk;C:\DOCUME~1\OYVIND~1.YNV\LOKALE~1\Temp\efipsk.sys []

S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2005-06-14 10:45]

S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]

S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25]

S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25]

S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25]

S3 TPP300;USB Storage Adapter V3 (TPP);C:\WINDOWS\system32\DRIVERS\TPP300.SYS [2001-10-05 11:54]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73925f44-717e-11dc-9a61-000423707175}]

\Shell\AutoRun\command - F:\Installer.exe

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2005-02-04 22:37:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1097530549.job"

- C:\Programfiler\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-23 16:53:16

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-23 16:58:05

ComboFix-quarantined-files.txt 2008-05-23 14:57:47

 

Pre-Run: 11,762,442,240 byte ledig

Post-Run: 12,333,379,584 byte ledig

 

123 --- E O F --- 2008-05-17 15:01:37

Endret av AndersAu
Lenke til kommentar

Ny Hjt

 

Klikk for å se/fjerne innholdet nedenfor
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:31:50, on 23.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE

C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\WINDOWS\TPPALDR.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\Nvc\bin\cclaw.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\HijackThis\test.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.start.no

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...992be6d71d48cd1

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programfiler\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {AC473116-C745-4470-B288-DD9B9CF291DA} (eCStartX.eCStartClass) - http://portal/components/eCStartX.CAB

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programfiler\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programfiler\AutoCAD 2002\InstFred.ocx

O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.sea.mtree.com/mt/dialers/fc/UniDist.CAB

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD 2002\AcPreview.ocx

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntvgs.no

O17 - HKLM\Software\..\Telephony: DomainName = ntvgs.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntvgs.no

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: GhostStartService - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

 

--

End of file - 7885 bytes

Endret av AndersAu
Lenke til kommentar

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...992be6d71d48cd1

O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.sea.mtree.com/mt/dialers/fc/UniDist.CAB

 

Restart PC-en

 

Post ny hjt-logg og fortell hvordan PC-en kjører

Lenke til kommentar

den tenker fortsatt veldig mye i starten, men den går bedre når den først har fått startet opp? Kanskje det har noe med at Norman viruskontroll fant 4 virus, deriblant trojanere osv. det sto at de ikke kunne settes i karantene. Hva kan jeg gjøre med dem?

 

Det er også en annen bruker på denne PCen, må jeg da også fjerne spyware fra den?

Endret av AndersAu
Lenke til kommentar

SAS scanner alle brukere på PC-en, så du trenger ikke å logge inn på hver bruker for å fjerne spyware.

 

Hvis Norman melder om trojanere nå, kunne du ha nevnt hvor disse trojaneren ligger?

 

PC-en skal ikke være i sikker modus når du kjører disse scannene.

Lenke til kommentar

1)

Diagnose: "Reklame: WebRebates.AP"

Plassering: "C:\Programfiler\Web_Rebates\Sy1150\Html\scri1150a.htm"

 

2)

Diagnose: "Trojaner: Malware.CMJR"

Plassering: "C:\temp\SearchRelevancy.exe"

 

jeg satte begge i karantene..

Lenke til kommentar

har kjørt ccleaner, her er loggen fra combofix

 

Klikk for å se/fjerne innholdet nedenfor
ComboFix 08-05-21.3 - oyvind.aukrust 2008-05-23 22:19:33.2 - NTFSx86

Running from: C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Skrivebord\ComboFix.exe

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))

.

 

2008-05-23 22:16 . 2008-05-23 22:16 <DIR> dr-h----- C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Siste

2008-05-23 19:12 . 2008-05-23 19:21 <DIR> d-------- C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\wsInspector

2008-05-23 19:02 . 2008-05-23 19:03 <DIR> d-------- C:\Programfiler\Startup Inspector for Windows

2008-05-23 13:50 . 2008-05-23 13:50 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-05-23 13:50 . 2008-05-23 13:50 <DIR> d-------- C:\Documents and Settings\oyvind.aukrust.YNVS-PC-ACER-22\Programdata\SUPERAntiSpyware.com

2008-05-23 13:50 . 2008-05-23 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-05-23 13:49 . 2008-05-23 13:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-23 12:12 . 2008-05-23 12:12 <DIR> d-------- C:\Programfiler\CCleaner

2008-05-23 11:56 . 2008-05-23 11:56 <DIR> d-------- C:\Programfiler\Trend Micro

2008-05-11 13:20 . 2008-05-11 13:20 <DIR> d-------- C:\Programfiler\Sun

2008-05-11 13:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-05-11 13:07 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-05-11 13:07 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-11 12:43 . 2008-05-11 12:45 <DIR> d-------- C:\Programfiler\Windows Live

2008-05-11 12:43 . 2008-05-11 12:44 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-05-11 12:42 . 2008-05-11 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-23 15:25 --------- d-----w C:\Programfiler\Fellesfiler\Autodesk Shared

2008-05-23 15:25 --------- d-----w C:\Programfiler\AutoCAD 2002

2008-05-23 11:36 --------- d-----w C:\Programfiler\Google

2008-05-23 10:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-11 11:19 --------- d-----w C:\Programfiler\Java

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2001-10-05 09:53 21,866 -c--a-w C:\Programfiler\Fellesfiler\tppupd2k.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-05-23_16.57.27,48 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-23 13:57:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-23 20:05:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2001-05-21 23:00:00 22,016 --s-a-w C:\WINDOWS\system32\borlndmm.dll

+ 2004-07-10 16:55:38 252,416 ----a-w C:\WINDOWS\system32\wsiShared.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" []

"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 10:35 88267 C:\WINDOWS\AGRSMMSG.exe]

"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2002-07-25 04:49 151552]

"GhostStartTrayApp"="C:\Programfiler\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 15:21 94208]

"TPP Auto Loader"="C:\WINDOWS\TPPALDR.EXE" [2001-10-05 11:54 118784]

"PE2CKFNT SE"="C:\Programfiler\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^hp psc 1000 series.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\hp psc 1000 series.lnk

backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Photo Express Calendar Checker SE.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Photo Express Calendar Checker SE.lnk

backup=C:\WINDOWS\pss\Photo Express Calendar Checker SE.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Programfiler\MSN Messenger\msnmsgr.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

 

R1 GhPciScan;GhostPciScanner;C:\Programfiler\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]

R2 eugss;EUTRON SmartKey GSS2 Driver;C:\WINDOWS\system32\Drivers\eugssxp.sys [2005-06-14 10:45]

R2 KeyP;KeyP;C:\WINDOWS\system32\DRIVERS\KeyP.sys [1995-11-07 08:00]

R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]

R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]

S3 efipsk;efipsk;C:\DOCUME~1\OYVIND~1.YNV\LOKALE~1\Temp\efipsk.sys []

S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2005-06-14 10:45]

S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]

S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25]

S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25]

S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25]

S3 TPP300;USB Storage Adapter V3 (TPP);C:\WINDOWS\system32\DRIVERS\TPP300.SYS [2001-10-05 11:54]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73925f44-717e-11dc-9a61-000423707175}]

\Shell\AutoRun\command - F:\Installer.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2005-02-04 22:37:15 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1097530549.job"

- C:\Programfiler\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-23 22:24:03

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-23 22:27:59

ComboFix-quarantined-files.txt 2008-05-23 20:27:43

ComboFix2.txt 2008-05-23 14:58:07

 

Pre-Run: 14,173,118,464 byte ledig

Post-Run: 14,159,982,592 byte ledig

 

127 --- E O F --- 2008-05-17 15:01:37

Endret av AndersAu
Lenke til kommentar

ja, jeg fikk sletta Web_Rebates, og temp-mappa var tom.. restarta PCen og den starta like fort som om den skulle være ny :fun:

 

Tusen takk for hjelpen norbat! :thumbs:

 

ok, tok vist seiern litt på forskudd.. den restarta ganske fort i sta men når jeg skrudde av dataen å skrudde den på igjen, 5 min senere.. var den like treg igjen. brukte over 3 min fra desktopen kom fram til det gikk an å bruke den... men virker som all virus og spyware er borte, og jeg har tatt vekk all unødvendige oppstartsprogrammer. så kanskje det er en defragmentering som skal til?

Endret av AndersAu
Lenke til kommentar

Du kan forsøke en defragmentering.

 

Du kan også oppdatere SAS og kjøre en quick scan. Hvis den finner noe, sørg for at det er avmerket for sletting.

 

Kjør også register-rensen i CCleaner. Kjør flere ganger til det ikke finner flere feil. Du blir spurt om å ta backup før du kjører denne rensen. Det sier du ja til.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
×
×
  • Opprett ny...