tolkning av HJT logg

ninjasinni · 26. mai 2008

Håper noen kan hjelpe meg litt her.. fått en trojan etc som heter winampaa.exe i prosesser. Gjort en del saker og ting, men fortsatt ikke sikker på om den borte! Sikkert mye annet dritt som ikke skal være der også.

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\programfiler\powerstrip\pstrip.exe

C:\Documents and Settings\Sindre\Desktop\RefreshLock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Sindre\Desktop\hjt\mordi.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PowerStrip] c:\programfiler\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Microsoft Corporation Svchost Services] mssvcs.exe

O4 - HKLM\..\Run: [RefreshLock] C:\Documents and Settings\Sindre\Desktop\RefreshLock.exe

O4 - HKLM\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [steam] C:\Programfiler\steam\Steam.exe -silent

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Microsoft Corporation Svchost Services] mssvcs.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

Endret 26. mai 2008 av ninjasinni

snippsat · 26. mai 2008

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

ninjasinni · 26. mai 2008

((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))

.

2008-05-26 20:59 . 2008-05-26 20:59 <DIR> d-------- C:\Program Files\CCleaner

2008-05-26 12:51 . 2008-05-26 12:51 6 --a------ C:\WINDOWS\youtubed.ocx

2008-05-26 12:50 . 2008-05-26 13:33 <DIR> d-------- C:\tmpDownload

2008-05-26 12:48 . 2008-05-26 12:51 <DIR> d-------- C:\Program Files\YoutubeGet

2008-05-26 12:09 . 2008-05-26 12:10 <DIR> d-------- C:\Program Files\Tele-Streamer v1.0

2008-05-25 18:39 . 2008-05-25 18:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-05-25 18:39 . 2008-05-25 18:39 <DIR> d-------- C:\Documents and Settings\Sindre\Application Data\SUPERAntiSpyware.com

2008-05-25 18:39 . 2008-05-25 18:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com

2008-05-20 22:41 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-05-20 22:23 . 2008-05-21 17:56 <DIR> d-------- C:\Documents and Settings\Sindre\Application Data\HouseCall 6.6

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-26 19:42 --------- d-----w C:\Documents and Settings\Sindre\Application Data\Skype

2008-05-26 19:35 --------- d-----w C:\Program Files\DC++

2008-05-26 19:04 --------- d-----w C:\Documents and Settings\Sindre\Application Data\NoNameScript

2008-05-26 13:20 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-25 16:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-25 15:53 --------- d-----w C:\Program Files\PokerStars

2008-05-18 18:26 --------- d-----w C:\Program Files\Winamp

2008-04-22 19:40 --------- d-----w C:\Program Files\Bethesda Softworks

2008-04-20 10:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help

2008-04-20 10:14 --------- d-----w C:\Program Files\Microsoft DirectX SDK (March 2008)

2008-04-20 09:24 --------- d-----w C:\Documents and Settings\Sindre\Application Data\Ubisoft

2008-04-20 09:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft

2008-04-18 20:05 --------- d-----w C:\Documents and Settings\Sindre\Application Data\LimeWire

2008-04-10 20:49 --------- d-----w C:\Program Files\FM Modifier 2.2

2008-04-08 22:39 --------- d-----w C:\Documents and Settings\Sindre\Application Data\dvdcss

2008-04-05 17:23 --------- d-----w C:\Documents and Settings\Sindre\Application Data\mIRC

2008-04-05 16:44 --------- d-----w C:\Program Files\DAEMON Tools

2008-04-03 21:13 --------- d-----w C:\Program Files\Java

2008-04-02 21:59 --------- d-----w C:\Program Files\HLSW

2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll

2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll

2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll

2008-03-05 13:56 3,952,144 ----a-w C:\WINDOWS\system32\D3DX9d_37.dll

2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll

2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll

2007-11-24 21:45 22,328 ----a-w C:\Documents and Settings\Sindre\Application Data\PnkBstrK.sys

2006-02-26 14:21 23,040 ----a-w C:\Program Files\AttestSindre[2].doc

2004-08-04 10:00 158,720 --sh--r C:\WINDOWS\system32\winampaa.exe

.

((((((((((((((((((((((((((((( snapshot@2008-05-26_21.07.58,50 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-25 15:39:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-26 19:36:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-26 19:36:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6a8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]

"Steam"="C:\Programfiler\steam\Steam.exe" [2008-03-28 21:54 1271032]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 03:45 23120680]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

"Microsoft Corporation Svchost Services"="mssvcs.exe" []

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Microsoft Corporation Svchost Services"="mssvcs.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 18:53 131072]

"SoundMan"="SOUNDMAN.EXE" [2005-01-12 01:31 73728 C:\WINDOWS\SOUNDMAN.EXE]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-03 22:10 344064]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-06-16 02:27 568096]

"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 16:04 712704]

"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 17:24 81920]

"avast!"="C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-03-20 18:34 213936]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 18:34 213936]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]

"PowerStrip"="c:\programfiler\powerstrip\pstrip.exe" [2007-04-08 15:22 721656]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

"Microsoft Corporation Svchost Services"="mssvcs.exe" []

"RefreshLock"="C:\Documents and Settings\Sindre\Desktop\RefreshLock.exe" [2005-11-02 22:51 193266]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Microsoft Corporation Svchost Services"="mssvcs.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"msacm.ac3filter"= ac3filter.acm

"msacm.divxa32"= DivXa32.acm

"msacm.l3codec"= L3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\BitLord\\BitLord.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\steam\\SteamApps\\sindreandersen\\counter-strike\\hl.exe"=

"C:\\Program Files\\HLSW\\hlsw.exe"=

"C:\\Program Files\\DC++\\DCPlusPlus.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=

"C:\\Program Files\\PES08\\Pro Evolution Soccer 2008\\PES2008.exe"=

"C:\\Programfiler\\mIRC\\mirc.exe"=

"C:\\WINDOWS\\system32\\winampaa.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2004-08-01 09:09]

R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2006-09-30 11:35]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2004-08-01 09:09]

S2 vcs;vcs;C:\Documents and Settings\Sindre\Desktop\h4x\vcs.sys []

snippsat · 26. mai 2008

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [Microsoft Corporation Svchost Services] mssvcs.exe

O4 - HKLM\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe

O4 - HKCU\..\Run: [Microsoft Corporation Svchost Services] mssvcs.exe

O4 - HKCU\..\RunServices: [Microsoft Corporation Svchost Services] mssvcs.exe

---

Kjør ccleaner som du har sånn.

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

---

Og sas som du har.

Last ned oppdatere og kjør full scan SAS free

Post loggen fra SAS (preferences->statistics/logs)

---

Restart og en ny HijackThis logg.

Endret 26. mai 2008 av SNIPPSAT

ninjasinni · 26. mai 2008

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\programfiler\powerstrip\pstrip.exe

C:\Documents and Settings\Sindre\Desktop\RefreshLock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Programfiler\steam\Steam.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Sindre\Desktop\hjt\mordi.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)