[LØST]Kan noen sjekke HJT logg for meg?

krikol · 26. mai 2008

Hei, prøver å renske en data til, men nå er det ein trojan som driv å poppa opp heile tida. Har kjørt sas og antivirus program

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:25:39, on 26.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\ltmoh\Ltmoh.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\eAcceleration\Station\station.exe

C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programfiler\Launch Manager\LaunchAp.exe

C:\Programfiler\Launch Manager\HotkeyApp.exe

C:\Programfiler\Launch Manager\CtrlVol.exe

C:\Programfiler\Launch Manager\Wbutton.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: {d78f4c6b-15ae-dfb9-9e64-1600d6287b63} - {36b7826d-0061-46e9-9bfd-ea51b6c4f87d} - C:\WINDOWS\system32\vsucyyov.dll (file missing)

O2 - BHO: (no name) - {5C88F680-122E-4498-A648-218B5D665347} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {8A290466-39BD-419B-93DB-0E9599506654} - C:\WINDOWS\system32\wvUmmLfG.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Programfiler\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [softwareStation] C:\Programfiler\eAcceleration\Station\station.exe /b Startup

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [LaunchAp] C:\Programfiler\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [HotkeyApp] C:\Programfiler\Launch Manager\HotkeyApp.exe

O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3

O4 - HKLM\..\RunOnce: [ws_uninst] C:\DOCUME~1\TEMP\LOKALE~1\Temp\ws_uninst.exe -s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150446519413

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199696686139

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: wvUmmLfG - C:\WINDOWS\SYSTEM32\wvUmmLfG.dll

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--

End of file - 7584 bytes

Endret 28. mai 2008 av krikol

snippsat · 26. mai 2008

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

krikol · 26. mai 2008

ComboFix 08-05-24.1 - test 2008-05-26 23:09:42.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.216 [GMT 2:00]

Running from: C:\Documents and Settings\TEMP\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\test\Lokale innstillinger\Programdata\syvjoajdrw.dat

C:\Documents and Settings\test\Lokale innstillinger\Programdata\syvjoajdrw.exe

C:\Documents and Settings\test\Lokale innstillinger\Programdata\syvjoajdrw_nav.dat

C:\Documents and Settings\test\Lokale innstillinger\Programdata\syvjoajdrw_navps.dat

.

((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))

.

2008-05-26 19:21 . 2008-05-20 12:13 267,592 --a------ C:\Programfiler\Uninstall Ask Toolbar.dll

2008-05-26 17:26 . 2008-05-26 17:26 <DIR> d-------- C:\Programfiler\Trend Micro

2008-05-26 15:55 . 2008-05-26 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-05-26 15:54 . 2008-05-26 15:54 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-05-26 15:54 . 2008-05-26 15:54 <DIR> d-------- C:\Documents and Settings\TEMP\Programdata\SUPERAntiSpyware.com

2008-05-26 15:53 . 2008-05-26 15:53 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-26 14:44 . 2008-05-26 14:44 <DIR> d-------- C:\$WINDOWS.~BT

2008-05-26 14:43 . 2008-05-26 14:49 1,887 --a------ C:\WINDOWS\diagwrn.xml

2008-05-26 14:43 . 2008-05-26 14:49 1,887 --a------ C:\WINDOWS\diagerr.xml

2008-05-26 14:41 . 2006-06-15 16:03 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2008-05-26 14:41 . 2006-06-15 16:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2008-05-26 14:41 . 2006-06-15 15:21 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2008-05-26 14:41 . 2006-06-15 16:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste

2008-05-26 14:41 . 2008-05-08 18:11 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Intel

2008-05-26 14:41 . 2008-05-08 18:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2008-05-26 14:41 . 2006-06-15 15:18 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter

2008-05-26 14:41 . 2006-06-15 15:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2008-05-26 14:41 . 2008-05-26 23:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2008-05-26 14:41 . 2006-06-15 16:03 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter

2008-05-26 14:41 . 2006-06-15 16:03 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2008-05-26 14:41 . 2008-05-26 14:41 <DIR> d-------- C:\Documents and Settings\Administrator

2008-05-23 19:17 . 2008-05-23 19:17 <DIR> d-------- C:\Programfiler\Avira

2008-05-23 19:17 . 2008-05-23 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avira

2008-05-23 19:09 . 2008-05-26 17:27 <DIR> dr-h----- C:\Documents and Settings\TEMP\Siste

2008-05-23 19:02 . 2008-05-23 19:02 <DIR> d-------- C:\Programfiler\CCleaner

2008-05-20 12:21 . 2008-05-26 17:11 <DIR> d-------- C:\WINDOWS\system32\rDA

2008-05-20 12:21 . 2008-05-26 19:05 <DIR> d-------- C:\WINDOWS\system32\emL1

2008-05-20 12:21 . 2008-05-26 19:03 <DIR> d-------- C:\WINDOWS\system32\dbW

2008-05-20 12:21 . 2008-05-26 17:11 <DIR> d-------- C:\WINDOWS\system32\3056v

2008-05-20 12:20 . 2008-05-26 19:06 <DIR> d-------- C:\WINDOWS\system32\logXv05

2008-05-20 12:20 . 2008-05-20 12:21 <DIR> d-------- C:\Temp\dmpxp32

2008-05-20 12:20 . 2008-05-26 15:13 <DIR> d-------- C:\Temp

2008-05-20 12:20 . 2008-05-20 12:20 28,672 --a------ C:\WINDOWS\system32\wvUmmLfG.dll

2008-05-20 12:14 . 2008-05-23 19:43 <DIR> d-------- C:\Documents and Settings\TEMP\Shared

2008-05-20 12:14 . 2008-05-20 12:41 <DIR> d-------- C:\Documents and Settings\TEMP\Programdata\FrostWire

2008-05-20 12:14 . 2008-05-20 14:33 <DIR> d-------- C:\Documents and Settings\TEMP\Incomplete

2008-05-20 12:13 . 2008-05-26 23:08 <DIR> d-a------ C:\Programfiler\AskSBar

2008-05-19 12:32 . 2008-05-19 12:32 <DIR> d-------- C:\Documents and Settings\TEMP\Programdata\InterVideo

2008-05-16 16:43 . 2006-06-15 16:03 <DIR> dr------- C:\Documents and Settings\TEMP\Start-meny

2008-05-16 16:43 . 2006-06-15 16:03 <DIR> d--h----- C:\Documents and Settings\TEMP\Skrivere

2008-05-16 16:43 . 2008-05-26 23:07 <DIR> d-------- C:\Documents and Settings\TEMP\Skrivebord

2008-05-16 16:43 . 2008-05-08 18:11 <DIR> d-------- C:\Documents and Settings\TEMP\Programdata\Intel

2008-05-16 16:43 . 2008-05-26 19:24 <DIR> dr-h----- C:\Documents and Settings\TEMP\Programdata

2008-05-16 16:43 . 2008-05-23 19:01 <DIR> dr------- C:\Documents and Settings\TEMP\Mine dokumenter

2008-05-16 16:43 . 2006-06-15 15:11 <DIR> d--h----- C:\Documents and Settings\TEMP\Maler

2008-05-16 16:43 . 2008-05-26 15:52 <DIR> d--h----- C:\Documents and Settings\TEMP\Lokale innstillinger

2008-05-16 16:43 . 2008-05-16 16:48 <DIR> dr------- C:\Documents and Settings\TEMP\Favoritter

2008-05-16 16:43 . 2008-05-20 12:08 <DIR> d--h----- C:\Documents and Settings\TEMP\AndrMask

2008-05-16 16:42 . 2008-05-26 19:08 <DIR> d-------- C:\Documents and Settings\TEMP

2008-05-15 16:25 . 2006-11-30 16:58 88,624 -ra------ C:\WINDOWS\system32\drivers\se44mgmt.sys

2008-05-15 07:54 . 2006-11-30 16:58 86,432 -ra------ C:\WINDOWS\system32\drivers\se44obex.sys

2008-05-09 15:10 . 2008-05-09 15:10 <DIR> d-------- C:\Programfiler\MSXML 6.0

2008-05-08 19:12 . 2008-05-08 19:12 23 --a------ C:\WINDOWS\system32\drivers\verfile.tic

2008-05-08 19:11 . 2008-05-08 19:11 <DIR> d-------- C:\Programfiler\Launch Manager

2008-05-08 19:11 . 2002-10-29 14:25 8,843 --a------ C:\WINDOWS\system32\drivers\HOTKEY.sys

2008-05-08 19:11 . 2002-10-23 11:25 2,920 --a------ C:\WINDOWS\system32\drivers\WBUTTON.sys

2008-05-08 18:41 . 2008-05-08 20:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-05-08 18:11 . 2008-05-08 18:11 <DIR> d-------- C:\Documents and Settings\test\Programdata\Intel

2008-05-08 18:11 . 2008-05-08 18:11 <DIR> d-------- C:\Documents and Settings\NetworkService.NT-MYNDIGHET\Programdata\Intel

2008-05-08 18:11 . 2008-05-08 18:11 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\Intel

2008-05-08 18:10 . 2008-05-08 18:10 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-05-08 18:10 . 2008-05-08 18:10 21,361 --a------ C:\WINDOWS\AegisP.sys

2008-05-08 18:10 . 2008-05-08 18:10 13,984 --a------ C:\WINDOWS\AegisP.inf

2008-05-08 18:10 . 2008-05-08 18:10 10,640 --a------ C:\WINDOWS\AegisP.cat

2008-05-08 18:09 . 2008-05-08 18:09 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Programdata\Intel

2008-05-08 18:08 . 2008-05-08 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Intel

2008-05-08 17:55 . 2008-05-08 17:55 <DIR> d-------- C:\Programfiler\DIFX

2008-05-08 17:55 . 2008-05-08 17:55 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll

2008-05-08 17:55 . 2008-05-08 17:55 2,216,064 --a------ C:\WINDOWS\system32\drivers\w29n51.sys

2008-05-08 17:55 . 2008-05-08 17:55 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll

2008-05-08 17:51 . 2008-05-08 17:51 <DIR> d-------- C:\Intel

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-26 17:24 --------- d-----w C:\Programfiler\Fellesfiler\eAcceleration

2008-05-26 17:24 --------- d-----w C:\Programfiler\eAcceleration

2008-05-26 17:21 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-20 10:13 --------- d-----w C:\Programfiler\FrostWire

2008-04-14 20:39 --------- d-----w C:\Documents and Settings\test\Programdata\FrostWire

2008-04-05 20:01 --------- d-----w C:\Programfiler\Windows Live

2008-04-04 18:42 --------- d-----w C:\Programfiler\WinRARi

2008-04-04 18:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\WinZip

2008-04-04 18:37 --------- d-----w C:\Programfiler\Macrogaming

2008-03-31 05:49 --------- d-----w C:\Documents and Settings\test\Programdata\Uniblue

2008-03-27 21:39 --------- d-----w C:\Programfiler\Java

2008-03-27 21:16 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-09 11:49 90,112 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-03-09 11:49 126,976 ----a-w C:\WINDOWS\system32\UAService7.exe

2008-03-04 14:05 14,848 ----a-w C:\WINDOWS\system32\s24NCfg.dll

2008-03-04 12:40 212,992 ----a-w C:\WINDOWS\system32\NetProvCredMan.dll

2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll

.

((((((((((((((((((((((((((((( snapshot@2008-05-26_15.49.22.38 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-26 13:34:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-26 17:10:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-26 13:54:54 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-05-26 13:54:54 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36b7826d-0061-46e9-9bfd-ea51b6c4f87d}]

C:\WINDOWS\system32\vsucyyov.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C88F680-122E-4498-A648-218B5D665347}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A290466-39BD-419B-93DB-0E9599506654}]

2008-05-20 12:20 28672 --a------ C:\WINDOWS\system32\wvUmmLfG.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-06 23:19 155648]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-06 23:07 114688]

"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 10:59 88107 C:\WINDOWS\AGRSMMSG.exe]

"LtMoh"="C:\Programfiler\ltmoh\Ltmoh.exe" [2002-11-25 09:23 172032]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 15:51 110592]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 15:44 610304]

"SoftwareStation"="C:\Programfiler\eAcceleration\Station\station.exe" [2007-05-09 02:12 136904]

"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 14:46 999424]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 14:41 1101824]

"LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2002-12-02 10:22 32768]

"HotkeyApp"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2003-01-09 10:41 57418]

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2002-10-23 17:18 163840]

"Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2003-01-09 09:57 53248]

"avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{8A290466-39BD-419B-93DB-0E9599506654}"= C:\WINDOWS\system32\wvUmmLfG.dll [2008-05-20 12:20 28672]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUmmLfG]

wvUmmLfG.dll 2008-05-20 12:20 28672 C:\WINDOWS\system32\wvUmmLfG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.iac2"= C:\PROGRA~2\REPLAY~1\iac25_32.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\system32\\mmc.exe"=

"C:\\Programfiler\\FrostWire\\FrostWire.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1700:UDP"= 1700:UDP:Windows Media Format SDK (iexplore.exe)

"1701:UDP"= 1701:UDP:Windows Media Format SDK (iexplore.exe)

"2621:UDP"= 2621:UDP:Windows Media Format SDK (iexplore.exe)

"2620:UDP"= 2620:UDP:Windows Media Format SDK (iexplore.exe)

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2002-10-29 14:25]

R1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [2002-10-23 11:25]

R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2003-03-07 18:49]

R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2002-12-19 19:42]

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 16:58]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 16:58]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 16:58]

S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 16:58]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 16:58]

S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 21:07]

S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 21:07]

S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 21:07]

S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 21:08]

S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 21:06]

S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 21:09]

S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 21:06]

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-26 23:15:13

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\wvUmmLfG.dll

.

Completion time: 2008-05-26 23:19:12

ComboFix-quarantined-files.txt 2008-05-26 21:19:01

ComboFix2.txt 2008-05-26 13:51:57

Pre-Run: 50,988,724,224 byte ledig

Post-Run: 50,978,537,472 byte ledig

210 --- E O F --- 2008-05-17 01:06:40

snippsat · 26. mai 2008

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O2 - BHO: {d78f4c6b-15ae-dfb9-9e64-1600d6287b63} - {36b7826d-0061-46e9-9bfd-ea51b6c4f87d} - C:\WINDOWS\system32\vsucyyov.dll (file missing)

O2 - BHO: (no name) - {5C88F680-122E-4498-A648-218B5D665347} - (no file)

O2 - BHO: (no name) - {8A290466-39BD-419B-93DB-0E9599506654} - C:\WINDOWS\system32\wvUmmLfG.dll

O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3

O4 - HKLM\..\RunOnce: [ws_uninst] C:\DOCUME~1\TEMP\LOKALE~1\Temp\ws_uninst.exe -s

O20 - Winlogon Notify: wvUmmLfG - C:\WINDOWS\SYSTEM32\wvUmmLfG.dll

---

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

--

restart

---

Finn denne filen slett

C:\WINDOWS\system32\wvUmmLfG.dll

---

Post ny hijackthis logg

krikol · 26. mai 2008

Får ikkje fiksa:

O2 - BHO: (no name) - {8A290466-39BD-419B-93DB-0E9599506654} - C:\WINDOWS\system32\wvUmmLfG.dll

O20 - Winlogon Notify: wvUmmLfG - C:\WINDOWS\SYSTEM32\wvUmmLfG.dll

snippsat · 26. mai 2008

Bruke denne denne på filen.

C:\WINDOWS\system32\wvUmmLfG.dll

http://ccollomb.free.fr/unlocker/

Prøv igjen fix med hjt.

Kjør register renser med ccleaner.

Endret 26. mai 2008 av SNIPPSAT

krikol · 26. mai 2008

Det fungerte takk

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:50:12, on 27.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\ltmoh\Ltmoh.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programfiler\Launch Manager\LaunchAp.exe

C:\Programfiler\Launch Manager\HotkeyApp.exe

C:\Programfiler\Launch Manager\CtrlVol.exe

C:\Programfiler\Launch Manager\Wbutton.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programfiler\Unlocker\UnlockerAssistant.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe