(LØST)kan noen sjekke HijackThis loggen min?

[Tdnoz]

Pcen er begynt å bli treig, Explorer krasjer hele tiden samt IE..

FÅr opp noen "spyware" bilder på forumet også..

 

Har sletta menge filer men problemet kommer opp støtt å stadig

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:55:30, on 26.06.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\D-50\D-50\Bin\D-50.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\ESET\nod32kui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

D:\spill\Valve\Steam\Steam.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Tnoz\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Opera\opera.exe

C:\Windows\explorer.exe

C:\Users\Tnoz\AppData\Local\Opera\Opera\profile\cache4\temporary_download\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\Windows\system32\tuvULEvW.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A4DD09A6-0E3D-4DD0-83D6-D29DAC6E55A7} - C:\Windows\system32\ddCssPGy.dll

O2 - BHO: {2056775f-aa73-6f88-2de4-68b35db1b66c} - {c66b1bd5-3b86-4ed2-88f6-37aaf5776502} - C:\Windows\system32\ssdnikpj.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [iaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [D-50.exe] C:\Program Files\D-50\D-50\Bin\D-50.EXE

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvULEvW.dll,#1

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [bM758eacab] Rundll32.exe "C:\Windows\system32\kditerfi.dll",s

O4 - HKLM\..\Run: [76bd9f37] rundll32.exe "C:\Windows\system32\hfenvcvg.dll",b

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [steam] "d:\spill\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: DesktopEarth AutoStart.lnk = ?

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{7095E258-A45D-4C51-BF37-3FBB61C9B95F}: NameServer = 194.19.2.11 194.19.3.11

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 7733 bytes

 

Endret 26. juni 2008 av Tdnoz

[r2d290]

HijackThis kan bare ta backup når den er plassert i en egen mappe. Det ser ut til at du har plassert HijackThis i

C:\Users\Tnoz\AppData\Local\Opera\Opera\profile\cache4\temporary_download\HiJack This.exe

og det er ikke en egen mappe. Siden backup er veldig viktig, bør du pakke ut/installere HijackThis på nytt, til sin egen permanente mappe (f.eks C:\HJT)

 

Du kommer ikke til å få hjelp før du har gjort dette. Si ifra når du har gjort det.

Du kan gjerne poste en ny HijackThis-logg når du har gjort det, så ser vi at det er gjort

Endret 26. juni 2008 av r2d290

[Tdnoz]

Nå begynner jeg å se rødt......

Pcn klikker internasjonalt snart, krasjer i ett kjør, opera og IE er verst selv om jeg bare har oppe Opera.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:38:32, on 26.06.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\D-50\D-50\Bin\D-50.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\ESET\nod32kui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

D:\spill\Valve\Steam\Steam.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Tnoz\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Opera\opera.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\highjack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\Windows\system32\tuvULEvW.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A4DD09A6-0E3D-4DD0-83D6-D29DAC6E55A7} - C:\Windows\system32\ddCssPGy.dll

O2 - BHO: {2056775f-aa73-6f88-2de4-68b35db1b66c} - {c66b1bd5-3b86-4ed2-88f6-37aaf5776502} - C:\Windows\system32\ssdnikpj.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [iaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [D-50.exe] C:\Program Files\D-50\D-50\Bin\D-50.EXE

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvULEvW.dll,#1

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [bM758eacab] Rundll32.exe "C:\Windows\system32\kditerfi.dll",s

O4 - HKLM\..\Run: [76bd9f37] rundll32.exe "C:\Windows\system32\hfenvcvg.dll",b

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [steam] "d:\spill\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: DesktopEarth AutoStart.lnk = ?

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{7095E258-A45D-4C51-BF37-3FBB61C9B95F}: NameServer = 194.19.2.11 194.19.3.11

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 7766 bytes

 

 

 

 

Ligger i egen mappe nå

Endret 26. juni 2008 av Tdnoz

[r2d290]

Start HijackThis

Velg: Do a systemscan only

 

Sett en hake i boksene foran disse linjene:

O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\Windows\system32\tuvULEvW.dll (file missing)

O2 - BHO: (no name) - {A4DD09A6-0E3D-4DD0-83D6-D29DAC6E55A7} - C:\Windows\system32\ddCssPGy.dll

O2 - BHO: {2056775f-aa73-6f88-2de4-68b35db1b66c} - {c66b1bd5-3b86-4ed2-88f6-37aaf5776502} - C:\Windows\system32\ssdnikpj.dll

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvULEvW.dll,#1

O4 - HKLM\..\Run: [bM758eacab] Rundll32.exe "C:\Windows\system32\kditerfi.dll",s

O4 - HKLM\..\Run: [76bd9f37] rundll32.exe "C:\Windows\system32\hfenvcvg.dll",b

Avslutt alle vinduer og nettlesere (også dette du leser fra), og trykk Fix checked.

Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette.

 

Bruk windows utforsker (høyreklikk på start-menyen, og velg "Utforsk

Se om du finner følgende filer. Hvis du gjør det, sletter du dem. Hvis ikke, sier du hvilke filer du ikke finner.

C:\Windows\system32\tuvULEvW.dll

"C:\Windows\system32\kditerfi.dll",

C:\Windows\system32\hfenvcvg.dll

 

Deretter restarter du maskinen, og lager en ny logg:

Start HijackThis

Velg: Do a systemscan, and save a logfile

 

Post denne loggen i din neste post.

 

 

 

 

Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse:

C:\Program Files\D-50\D-50\Bin\D-50.EXE

Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre.

 

edit: forandret fargen fra rødt til blått. Syntes det var ille at du skulle se enda mer rødt enn du alerede gjorde

Endret 26. juni 2008 av r2d290

[Tdnoz]

Den første fila var ikke der de to andre fikk jeg ikke lov å sletta. Er admin. men ikke pålogget som administrator vist det har noe å se..

 

D-50 tingen er ikke noe å være redd for, det er internettet mitt, akka ice sitt

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:11:09, on 26.06.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\D-50\D-50\Bin\D-50.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\ESET\nod32kui.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

D:\spill\Valve\Steam\Steam.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hamachi\hamachi.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Users\Tnoz\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchFilterHost.exe

C:\highjack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {32E333FA-051A-463F-B4EE-8C5BD8957690} - C:\Windows\system32\ddCssPGy.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [iaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [D-50.exe] C:\Program Files\D-50\D-50\Bin\D-50.EXE

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [bM758eacab] Rundll32.exe "C:\Windows\system32\kditerfi.dll",s

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [steam] "d:\spill\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{7095E258-A45D-4C51-BF37-3FBB61C9B95F}: NameServer = 194.19.2.11 194.19.3.11

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 7297 bytes

 

 

[r2d290]

Last ned Combofix, og legg det på Skrivebordet.

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser.

 

Post loggfilen fra Combofix (c:\combofix.txt)

[Tdnoz]

operan min klikker hele tiden.... og det kommer opp at Internett explorer har krasjet, selv om jeg ikke bruker det eller kjører det...

 

 

ComboFix 08-06-20.4 - Tnoz 2008-06-26 22:48:19.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1106 [GMT 2:00]

Running from: C:\Users\Tnoz\Desktop\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Users\Tnoz\AppData\Roaming\inst.exe

C:\Windows\system32\aomkmlbr.ini

C:\Windows\system32\ddCssPGy.dll

C:\Windows\system32\gvcvnefh.ini

C:\Windows\system32\mbhqdagk.ini

C:\Windows\system32\mcrh.tmp

C:\Windows\system32\ppmkkxsc.ini

C:\Windows\system32\qiiwnfyt.ini

C:\Windows\system32\twyxhwth.ini

C:\Windows\system32\vgbfuioj.ini

C:\Windows\System32\wvybJkkj.ini

C:\Windows\System32\wvybJkkj.ini2

C:\Windows\System32\yGPssCdd.ini

C:\Windows\System32\yGPssCdd.ini2

 

.

((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))

.

 

2008-06-26 22:46 . 2008-06-26 22:47 <DIR> d-------- C:\327882R2FWJFW

2008-06-26 22:43 . 2008-06-26 22:46 <DIR> d-------- C:\cf

2008-06-26 21:33 . 2008-06-26 22:10 <DIR> d-------- C:\highjack

2008-06-26 20:45 . 2008-06-26 20:45 106,496 --a------ C:\Windows\System32\ssdnikpj.dll

2008-06-26 19:11 . 2008-06-26 19:11 80,896 --a------ C:\Windows\System32\hfenvcvg.dll

2008-06-26 19:08 . 2008-06-26 19:08 91,648 --a------ C:\Windows\System32\kditerfi.dll

2008-06-25 17:25 . 2008-06-25 17:25 106,496 --a------ C:\Windows\System32\ttrhcear.dll

2008-06-25 17:22 . 2008-06-25 17:22 91,136 --a------ C:\Windows\System32\ehudhfeg.dll

2008-06-24 19:28 . 2008-06-24 19:28 99,840 --a------ C:\Windows\System32\xauxijbt.dll

2008-06-24 19:25 . 2008-06-24 19:25 91,136 --a------ C:\Windows\System32\faisdcec.dll

2008-06-23 18:40 . 2008-06-23 18:40 <DIR> d-------- C:\Users\Tnoz\AppData\Roaming\vlc

2008-06-21 13:53 . 2008-06-21 13:52 512,096 --a------ C:\Windows\System32\drivers\amon.sys

2008-06-21 13:53 . 2008-06-21 13:52 298,104 --a------ C:\Windows\System32\imon.dll

2008-06-21 13:53 . 2008-06-21 13:52 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys

2008-06-21 12:23 . 2008-06-21 12:23 30,760 --a------ C:\Windows\System32\kzmwvayu.exe

2008-06-21 02:19 . 2008-06-21 02:13 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys

2008-06-21 02:13 . 2008-06-21 12:23 <DIR> d-------- C:\Users\Tnoz\.housecall6.6

2008-06-21 02:03 . 2008-06-21 02:03 30,760 --a------ C:\Windows\System32\mlzaqqrt.exe

2008-06-19 14:37 . 2008-06-19 14:37 <DIR> d-------- C:\Users\Tnoz\AppData\Roaming\Grisoft

2008-06-19 14:37 . 2008-06-19 14:37 <DIR> d-------- C:\Users\All Users\Grisoft

2008-06-19 14:37 . 2008-06-19 14:37 <DIR> d-------- C:\ProgramData\Grisoft

2008-06-19 14:37 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys

2008-06-19 01:59 . 2008-06-19 01:59 <DIR> d-------- C:\Users\All Users\WindowsSearch

2008-06-19 01:59 . 2008-06-19 01:59 <DIR> d-------- C:\ProgramData\WindowsSearch

2008-06-16 18:49 . 2008-06-16 18:49 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-06-16 18:47 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-06-16 18:47 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll

2008-06-12 23:06 . 2008-06-26 12:34 <DIR> d-------- C:\Users\Tnoz\AppData\Roaming\Hamachi

2008-06-12 23:06 . 2008-06-12 23:06 <DIR> d-------- C:\Program Files\Hamachi

2008-06-12 23:06 . 2008-06-12 23:06 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys

2008-06-12 22:52 . 2008-06-12 22:52 <DIR> d-------- C:\Program Files\Pioneer

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-26 20:07 --------- d-----w C:\Users\Tnoz\AppData\Roaming\OpenOffice.org2

2008-06-26 20:05 --------- d-----w C:\Users\Tnoz\AppData\Roaming\uTorrent

2008-06-26 16:50 27,744 ----a-w C:\Users\Tnoz\AppData\Roaming\nvModes.dat

2008-06-26 16:28 --------- d-----w C:\Program Files\Opera

2008-06-25 18:21 --------- d-----w C:\Users\Tnoz\AppData\Roaming\dvdcss

2008-06-23 16:18 --------- d-----w C:\Users\Tnoz\AppData\Roaming\LimeWire

2008-06-21 12:49 --------- d-----w C:\Program Files\ESET

2008-06-21 00:09 --------- d-----w C:\Program Files\Java

2008-06-17 00:09 --------- d-----w C:\Program Files\Common Files\Steam

2008-06-16 16:58 --------- d-----w C:\Program Files\Windows Mail

2008-05-26 14:14 --------- d-----w C:\Users\Tnoz\AppData\Roaming\Vso

2008-05-12 11:27 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-05-11 14:14 --------- d-----w C:\ProgramData\Valve

2008-05-10 03:35 885,248 ----a-w C:\Windows\System32\RacEngn.dll

2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys

2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe

2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS

2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys

2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll

2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll

2008-04-08 18:50 151,552 ----a-w C:\Windows\System32\nvRegDev.dll

2008-03-22 11:28 174 --sha-w C:\Program Files\desktop.ini

2008-02-18 20:04 47,360 ----a-w C:\Users\Tnoz\AppData\Roaming\pcouffin.sys

2007-12-25 16:34 32 ----a-w C:\Users\All Users\ezsid.dat

2007-12-25 16:34 32 ----a-w C:\ProgramData\ezsid.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 22:13 486856]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]

"Steam"="d:\spill\valve\steam\steam.exe" [2008-04-05 13:09 1271032]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2006-09-10 18:03 4702208 C:\Windows\RtHDVCpl.exe]

"PLFSet"="C:\Windows\PLFSet.dll" [2007-03-09 19:51 45056]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]

"IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 18:49 33048]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 12:35 102400]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"D-50.exe"="C:\Program Files\D-50\D-50\Bin\D-50.EXE" [2007-10-16 19:15 2504504]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-11 18:37 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-11 18:20 8501792]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-11 18:36 81920]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-21 13:52 949376]

"BM758eacab"="C:\Windows\system32\kditerfi.dll" [2008-06-26 19:08 91648]

 

C:\Users\Tnoz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [6/12/2008 11:06:23 PM 624416]

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [8/17/2007 10:57:56 PM 393216]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/22/2007 1:49:54 PM 113664]

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [3/29/2007 2:11:50 PM 719664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2700020247-2067570767-2843345076-1000]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{63DA0E8D-B508-48B0-B396-9150C97FA0E0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{B0E76302-5781-4FA3-9E29-688827E38957}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{3FCEC18E-64A4-4B34-A528-13BE1370DD9C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"TCP Query User{ED4B46CD-89E5-4560-AB4A-1D3778B4A647}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{3918AC62-BBB6-46FA-9706-2F26211CD423}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{C8D2000F-9F55-4859-A97A-F16EDA13B512}D:\\spill\\ccp\\eve\\bin\\exefile.exe"= UDP:D:\spill\ccp\eve\bin\exefile.exe:CCP ExeFile

"UDP Query User{78AD69AA-2373-463F-9C64-A36764215D15}D:\\spill\\ccp\\eve\\bin\\exefile.exe"= TCP:D:\spill\ccp\eve\bin\exefile.exe:CCP ExeFile

"{D1E18330-0A59-4B61-A65A-4BF8F353D6BD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{0755EE26-04B0-483B-8088-5A92093EEED4}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{778B99FC-C22A-4FEB-A90F-2E229326457E}"= UDP:D:\spill\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{70C7FA35-35C9-44A6-98DB-65CCA511CF21}"= TCP:D:\spill\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"TCP Query User{3671507A-F171-4867-9736-0AE93653B380}D:\\spill\\unreal tournament 3\\binaries\\ut3.exe"= UDP:D:\spill\unreal tournament 3\binaries\ut3.exe:UT3

"UDP Query User{BB43C42A-9C5F-48CE-9236-C7707D7B46E6}D:\\spill\\unreal tournament 3\\binaries\\ut3.exe"= TCP:D:\spill\unreal tournament 3\binaries\ut3.exe:UT3

"TCP Query User{3B866BFE-78B3-4336-AB9B-999BF504AD6A}C:\\program files\\look@lan\\lookatlan.exe"= UDP:C:\program files\look@lan\lookatlan.exe:Look@LAN

"UDP Query User{1D47A0B7-9A47-4F4D-9A93-C7AD5CCC44F7}C:\\program files\\look@lan\\lookatlan.exe"= TCP:C:\program files\look@lan\lookatlan.exe:Look@LAN

"{CAC7E71F-3EFE-4D78-B299-A4684D58ADF8}"= UDP:D:\spill\Valve\Steam\Steam.exe:Steam

"{8881A146-0127-4FCC-8E9D-D1E30B6ECAA0}"= TCP:D:\spill\Valve\Steam\Steam.exe:Steam

"TCP Query User{EE0113A4-D1F3-4AA9-BE4A-A0D3CD379025}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service

"UDP Query User{03724D3A-E2F1-4242-A271-C5BDAFF6575B}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service

"TCP Query User{96EBBC08-3F99-49E2-9DE9-63D26E6B451A}D:\\spill\\valve\\steam\\steamapps\\_tdnoz_\\counter-strike source\\hl2.exe"= UDP:D:\spill\valve\steam\steamapps\_tdnoz_\counter-strike source\hl2.exe:hl2

"UDP Query User{12A53F5C-0405-4F55-A0A3-93B28DCCA9C9}D:\\spill\\valve\\steam\\steamapps\\_tdnoz_\\counter-strike source\\hl2.exe"= TCP:D:\spill\valve\steam\steamapps\_tdnoz_\counter-strike source\hl2.exe:hl2

"TCP Query User{5EA4B419-631B-4ABE-B053-E05DD9E9248B}D:\\spill\\rfactor\\rfactor.exe"= UDP:D:\spill\rfactor\rfactor.exe:rFactor

"UDP Query User{BE451D43-15E1-4F96-A2FA-5255BBA657D3}D:\\spill\\rfactor\\rfactor.exe"= TCP:D:\spill\rfactor\rfactor.exe:rFactor

"{7EB9C21F-DA4E-4894-837F-C6BE91BD5CBB}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{BC5E8699-A4BE-41C5-9C12-56EE08CFBE48}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{88E12EEB-F874-4A16-9C3D-3B0C598A01FA}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{89872A9F-4673-45D5-A01D-42F903EE4C44}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{8DA5BDD0-F08D-4241-949B-5B20B879DADA}"= UDP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{7F6A70FD-62E2-499F-A970-D40802EE38EA}"= TCP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{0C8CD7D2-A0FA-417E-9AB3-05C49A0DB69A}"= UDP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{0B0A0A6B-A0B6-448F-BFB7-276656F6A18B}"= TCP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{1E7A9A76-6306-4C43-9F7F-052BA6416F4C}"= UDP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{72334FD5-FA89-4D4C-9832-4DC0670EF513}"= TCP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{783A1590-AB9A-4E55-B556-69179D6CFF08}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{291271F8-CC99-497F-9E43-385D0CD359DE}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{5CC1C7BC-F9AB-4E1A-B4AE-89423AC90455}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-03-11 02:11]

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]

R3 b57nd60x;%SvcDispName%;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 06:25]

R3 cmusbser;%CMUSBSER%;C:\Windows\system32\DRIVERS\cmusbser.sys [2006-12-13 18:31]

R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-16 19:03]

R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 08:51]

S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-30 04:46]

S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 15:20]

S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 15:20]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-01-15 01:07]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05115684-da78-11dc-bf65-001b244c05aa}]

\shell\AutoRun\command - G:\Launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{878a3a19-c016-11dc-9881-001b244c05aa}]

\shell\AutoRun\command - G:\wd_windows_tools\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b423acb3-de51-11dc-99ad-001b244c05aa}]

\shell\AutoRun\command - G:\Launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de82e381-c425-11dc-9f7d-001b244c05aa}]

\shell\AutoRun\command - G:\Launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de82e391-c425-11dc-9f7d-001b244c05aa}]

\shell\AutoRun\command - G:\Launcher.exe

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-26 22:54:18

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\Windows\Explorer.exe

-> C:\Windows\system32\kditerfi.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Windows\System32\conime.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

C:\Program Files\ESET\nod32krn.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Tnoz\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.bin

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Windows\System32\wbem\WMIADAP.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Completion time: 2008-06-26 22:58:30 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-26 20:58:16

 

Pre-Run: 7,153,836,032 bytes free

Post-Run: 7,291,355,136 bytes free

 

231 --- E O F --- 2008-06-16 16:52:08

 

 

[r2d290]

Tror kanskje noen av de andre bør overta nå... blei litt for avansert for meg

[WD40]

Jeg foreslår en formatering.

[norbat]

Punkt 1:

Last ned Malwarebytes Anti-Malware til skrivebordet.

Kjør og installer programmet. Velg Norsk-språk

La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann.

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

 

Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

 

Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet.

 

Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster senere.

 

Punkt 2:

Kjør Combofix på nytt.

 

Punkt 3:

Post den ny combofix-loggen + loggen fra MBAM

 

Edit: Formatering burde ikke være nødvendig i dette tilfellet. Rens opp litt med å kjøre MBAM. Resten tar vi vha. Combofix.

Endret 26. juni 2008 av norbat

[Tdnoz]

er det so bad? håpte på å ikke måtte formatere... prøver nå

[norbat]

Nei, det er ikke så bad. Du har en helt vanlig infeksjon

[Tdnoz]

ok, men plagsom er det.. straks ferdig.... nå husker jeg en av filene som kom opp i virus programmet mitt hele tia... vundo

[snippsat]

Jeg foreslår en formatering.

Du er nok ny i delen av forumet,vi ber aldrig noen om og formatere.

Alle typer infeksjoner fixer vi greit

 

Vi order også andre systemproblemer,noen sjeldene ganger er ikke problemet løslig da er det som relgel bruker som gir opp ikke vi.

Endret 26. juni 2008 av SNIPPSAT

[norbat]

Ja, Vundo har en tendens til å dra med seg en hel bråte med filer.

Endret 26. juni 2008 av norbat

[Tdnoz]

MBAM

 

Malwarebytes' Anti-Malware 1.18

Database versjon: 894

 

23:45:03 26.06.2008

mbam-log-6-26-2008 (23-45-03).txt

 

Skann type: Rask Skann

Objekter skannet: 34999

Tid tilbakelagt: 3 minute(s), 8 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 4

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM758eacab (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Windows\System32\kzmwvayu.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\mlzaqqrt.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\kditerfi.dll (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

 

 

 

Combo

 

 

ComboFix 08-06-20.4 - Tnoz 2008-06-26 23:52:07.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1155 [GMT 2:00]

Running from: C:\Users\Tnoz\Desktop\ComboFix.exe

* Resident AV is active

 

.

 

((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))

.

 

2008-06-26 23:51 . 2008-06-26 23:51 <DIR> d-------- C:\327882R2FWJFW

2008-06-26 23:38 . 2008-06-26 23:38 <DIR> d-------- C:\Users\Tnoz\AppData\Roaming\Malwarebytes

2008-06-26 23:38 . 2008-06-26 23:38 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-06-26 23:38 . 2008-06-26 23:38 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-06-26 23:38 . 2008-06-26 23:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-26 23:38 . 2008-06-19 17:48 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys

2008-06-26 23:38 . 2008-06-19 17:47 17,144 --a------ C:\Windows\System32\drivers\mbam.sys

2008-06-26 21:33 . 2008-06-26 22:10 <DIR> d-------- C:\highjack

2008-06-26 20:45 . 2008-06-26 20:45 106,496 --a------ C:\Windows\System32\ssdnikpj.dll

2008-06-26 19:11 . 2008-06-26 19:11 80,896 --a------ C:\Windows\System32\hfenvcvg.dll

2008-06-25 17:25 . 2008-06-25 17:25 106,496 --a------ C:\Windows\System32\ttrhcear.dll

2008-06-25 17:22 . 2008-06-25 17:22 91,136 --a------ C:\Windows\System32\ehudhfeg.dll

2008-06-24 19:28 . 2008-06-24 19:28 99,840 --a------ C:\Windows\System32\xauxijbt.dll

2008-06-24 19:25 . 2008-06-24 19:25 91,136 --a------ C:\Windows\System32\faisdcec.dll

2008-06-23 18:40 . 2008-06-23 18:40 <DIR> d-------- C:\Users\Tnoz\AppData\Roaming\vlc

2008-06-21 13:53 . 2008-06-21 13:52 512,096 --a------ C:\Windows\System32\drivers\amon.sys

2008-06-21 13:53 . 2008-06-21 13:52 298,104 --a------ C:\Windows\System32\imon.dll

2008-06-21 13:53 . 2008-06-21 13:52 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys

2008-06-21 02:19 . 2008-06-21 02:13 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys

2008-06-21 02:13 . 2008-06-21 12:23 <DIR> d-------- C:\Users\Tnoz\.housecall6.6

2008-06-19 14:37 . 2008-06-19 14:37 <DIR> d-------- C:\Users\All Users\Grisoft

2008-06-19 14:37 . 2008-06-19 14:37 <DIR> d-------- C:\ProgramData\Grisoft

2008-06-19 01:59 . 2008-06-19 01:59 <DIR> d-------- C:\Users\All Users\WindowsSearch

2008-06-19 01:59 . 2008-06-19 01:59 <DIR> d-------- C:\ProgramData\WindowsSearch

2008-06-16 18:49 . 2008-06-16 18:49 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-06-16 18:47 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-06-16 18:47 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll

2008-06-12 23:06 . 2008-06-26 12:34 <DIR> d-------- C:\Users\Tnoz\AppData\Roaming\Hamachi

2008-06-12 23:06 . 2008-06-12 23:06 <DIR> d-------- C:\Program Files\Hamachi

2008-06-12 23:06 . 2008-06-12 23:06 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys

2008-06-12 22:52 . 2008-06-12 22:52 <DIR> d-------- C:\Program Files\Pioneer

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-26 21:49 --------- d-----w C:\Users\Tnoz\AppData\Roaming\OpenOffice.org2

2008-06-26 21:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-26 20:05 --------- d-----w C:\Users\Tnoz\AppData\Roaming\uTorrent

2008-06-26 16:50 27,744 ----a-w C:\Users\Tnoz\AppData\Roaming\nvModes.dat

2008-06-26 16:28 --------- d-----w C:\Program Files\Opera

2008-06-25 18:21 --------- d-----w C:\Users\Tnoz\AppData\Roaming\dvdcss

2008-06-23 16:18 --------- d-----w C:\Users\Tnoz\AppData\Roaming\LimeWire

2008-06-21 12:49 --------- d-----w C:\Program Files\ESET

2008-06-21 00:09 --------- d-----w C:\Program Files\Java

2008-06-17 00:09 --------- d-----w C:\Program Files\Common Files\Steam

2008-06-16 16:58 --------- d-----w C:\Program Files\Windows Mail

2008-05-26 14:14 --------- d-----w C:\Users\Tnoz\AppData\Roaming\Vso

2008-05-12 11:27 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-05-11 14:14 --------- d-----w C:\ProgramData\Valve

2008-05-10 03:35 885,248 ----a-w C:\Windows\System32\RacEngn.dll

2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys

2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe

2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS

2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys

2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll

2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll

2008-04-08 18:50 151,552 ----a-w C:\Windows\System32\nvRegDev.dll

2008-03-22 11:28 174 --sha-w C:\Program Files\desktop.ini

2008-02-18 20:04 47,360 ----a-w C:\Users\Tnoz\AppData\Roaming\pcouffin.sys

2007-12-25 16:34 32 ----a-w C:\Users\All Users\ezsid.dat

2007-12-25 16:34 32 ----a-w C:\ProgramData\ezsid.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-26_22.57.49.62 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-26 20:53:43 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-06-26 21:47:04 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-06-26 21:47:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-06-26 21:47:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-06-26 20:53:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-06-26 21:48:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-06-26 21:48:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-06-26 20:53:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-06-26 21:48:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2008-06-26 20:07:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-06-26 21:00:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-06-26 20:07:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-06-26 21:00:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-06-26 20:07:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-06-26 21:00:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-06-26 20:14:00 101,250 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-06-26 21:53:57 98,916 ----a-w C:\Windows\System32\perfc009.dat

- 2008-06-26 20:14:00 587,178 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-06-26 21:53:57 584,844 ----a-w C:\Windows\System32\perfh009.dat

- 2008-06-26 20:09:30 6,452 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2700020247-2067570767-2843345076-1000_UserData.bin

+ 2008-06-26 21:49:03 6,714 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2700020247-2067570767-2843345076-1000_UserData.bin

- 2008-06-26 20:09:29 76,314 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-06-26 21:49:03 76,978 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-06-26 20:09:17 36,064 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-06-26 21:48:56 36,176 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]

"Steam"="d:\spill\valve\steam\steam.exe" [2008-04-05 13:09 1271032]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2006-09-10 18:03 4702208 C:\Windows\RtHDVCpl.exe]

"PLFSet"="C:\Windows\PLFSet.dll" [2007-03-09 19:51 45056]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]

"IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 18:49 33048]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 12:35 102400]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"D-50.exe"="C:\Program Files\D-50\D-50\Bin\D-50.EXE" [2007-10-16 19:15 2504504]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-11 18:37 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-11 18:20 8501792]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-11 18:36 81920]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-21 13:52 949376]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [3/29/2007 2:11:50 PM 719664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Tnoz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]

path=C:\Users\Tnoz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk

backup=C:\Windows\pss\hamachi.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Tnoz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]

path=C:\Users\Tnoz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk

backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2007-12-19 22:13 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

--a------ 2007-09-25 15:03 93208 C:\Program Files\Logitech\Gaming Software\LWEMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2700020247-2067570767-2843345076-1000]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{63DA0E8D-B508-48B0-B396-9150C97FA0E0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{B0E76302-5781-4FA3-9E29-688827E38957}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{3FCEC18E-64A4-4B34-A528-13BE1370DD9C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"TCP Query User{ED4B46CD-89E5-4560-AB4A-1D3778B4A647}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{3918AC62-BBB6-46FA-9706-2F26211CD423}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{C8D2000F-9F55-4859-A97A-F16EDA13B512}D:\\spill\\ccp\\eve\\bin\\exefile.exe"= UDP:D:\spill\ccp\eve\bin\exefile.exe:CCP ExeFile

"UDP Query User{78AD69AA-2373-463F-9C64-A36764215D15}D:\\spill\\ccp\\eve\\bin\\exefile.exe"= TCP:D:\spill\ccp\eve\bin\exefile.exe:CCP ExeFile

"{D1E18330-0A59-4B61-A65A-4BF8F353D6BD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{0755EE26-04B0-483B-8088-5A92093EEED4}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{778B99FC-C22A-4FEB-A90F-2E229326457E}"= UDP:D:\spill\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{70C7FA35-35C9-44A6-98DB-65CCA511CF21}"= TCP:D:\spill\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"TCP Query User{3671507A-F171-4867-9736-0AE93653B380}D:\\spill\\unreal tournament 3\\binaries\\ut3.exe"= UDP:D:\spill\unreal tournament 3\binaries\ut3.exe:UT3

"UDP Query User{BB43C42A-9C5F-48CE-9236-C7707D7B46E6}D:\\spill\\unreal tournament 3\\binaries\\ut3.exe"= TCP:D:\spill\unreal tournament 3\binaries\ut3.exe:UT3

"TCP Query User{3B866BFE-78B3-4336-AB9B-999BF504AD6A}C:\\program files\\look@lan\\lookatlan.exe"= UDP:C:\program files\look@lan\lookatlan.exe:Look@LAN

"UDP Query User{1D47A0B7-9A47-4F4D-9A93-C7AD5CCC44F7}C:\\program files\\look@lan\\lookatlan.exe"= TCP:C:\program files\look@lan\lookatlan.exe:Look@LAN

"{CAC7E71F-3EFE-4D78-B299-A4684D58ADF8}"= UDP:D:\spill\Valve\Steam\Steam.exe:Steam

"{8881A146-0127-4FCC-8E9D-D1E30B6ECAA0}"= TCP:D:\spill\Valve\Steam\Steam.exe:Steam

"TCP Query User{EE0113A4-D1F3-4AA9-BE4A-A0D3CD379025}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service

"UDP Query User{03724D3A-E2F1-4242-A271-C5BDAFF6575B}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service

"TCP Query User{96EBBC08-3F99-49E2-9DE9-63D26E6B451A}D:\\spill\\valve\\steam\\steamapps\\_tdnoz_\\counter-strike source\\hl2.exe"= UDP:D:\spill\valve\steam\steamapps\_tdnoz_\counter-strike source\hl2.exe:hl2

"UDP Query User{12A53F5C-0405-4F55-A0A3-93B28DCCA9C9}D:\\spill\\valve\\steam\\steamapps\\_tdnoz_\\counter-strike source\\hl2.exe"= TCP:D:\spill\valve\steam\steamapps\_tdnoz_\counter-strike source\hl2.exe:hl2

"TCP Query User{5EA4B419-631B-4ABE-B053-E05DD9E9248B}D:\\spill\\rfactor\\rfactor.exe"= UDP:D:\spill\rfactor\rfactor.exe:rFactor

"UDP Query User{BE451D43-15E1-4F96-A2FA-5255BBA657D3}D:\\spill\\rfactor\\rfactor.exe"= TCP:D:\spill\rfactor\rfactor.exe:rFactor

"{7EB9C21F-DA4E-4894-837F-C6BE91BD5CBB}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{BC5E8699-A4BE-41C5-9C12-56EE08CFBE48}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{88E12EEB-F874-4A16-9C3D-3B0C598A01FA}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{89872A9F-4673-45D5-A01D-42F903EE4C44}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{8DA5BDD0-F08D-4241-949B-5B20B879DADA}"= UDP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{7F6A70FD-62E2-499F-A970-D40802EE38EA}"= TCP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{0C8CD7D2-A0FA-417E-9AB3-05C49A0DB69A}"= UDP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{0B0A0A6B-A0B6-448F-BFB7-276656F6A18B}"= TCP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{1E7A9A76-6306-4C43-9F7F-052BA6416F4C}"= UDP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{72334FD5-FA89-4D4C-9832-4DC0670EF513}"= TCP:D:\spill\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{783A1590-AB9A-4E55-B556-69179D6CFF08}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{291271F8-CC99-497F-9E43-385D0CD359DE}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{5CC1C7BC-F9AB-4E1A-B4AE-89423AC90455}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{BFBF1D0B-1E85-4CE6-BBF9-5E1B677CD39C}D:\\spill\\lfs\\digitalspeedo\\digitalspeedo.exe"= UDP:D:\spill\lfs\digitalspeedo\digitalspeedo.exe:DigitalGauges

"UDP Query User{7DBC9269-95E9-401C-8DCF-A78F0C6C027F}D:\\spill\\lfs\\digitalspeedo\\digitalspeedo.exe"= TCP:D:\spill\lfs\digitalspeedo\digitalspeedo.exe:DigitalGauges

"TCP Query User{E274CE1C-4C09-4D33-8C88-C503520DD6C6}D:\\spill\\lfs\\lfs.exe"= UDP:D:\spill\lfs\lfs.exe:LFS

"UDP Query User{FAF88CC0-3281-4914-8E50-A2CD3515B4A4}D:\\spill\\lfs\\lfs.exe"= TCP:D:\spill\lfs\lfs.exe:LFS

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-03-11 02:11]

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]

R3 b57nd60x;%SvcDispName%;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 06:25]

R3 cmusbser;%CMUSBSER%;C:\Windows\system32\DRIVERS\cmusbser.sys [2006-12-13 18:31]

R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 08:51]

S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-30 04:46]

S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 15:20]

S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 15:20]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-01-15 01:07]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-16 19:03]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05115684-da78-11dc-bf65-001b244c05aa}]

\shell\AutoRun\command - G:\Launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{878a3a19-c016-11dc-9881-001b244c05aa}]

\shell\AutoRun\command - G:\wd_windows_tools\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b423acb3-de51-11dc-99ad-001b244c05aa}]

\shell\AutoRun\command - G:\Launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de82e381-c425-11dc-9f7d-001b244c05aa}]

\shell\AutoRun\command - G:\Launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de82e391-c425-11dc-9f7d-001b244c05aa}]

\shell\AutoRun\command - G:\Launcher.exe

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-26 23:54:37

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-06-26 23:55:24

ComboFix-quarantined-files.txt 2008-06-26 21:55:17

ComboFix2.txt 2008-06-26 20:58:31

 

Pre-Run: 6,602,297,344 bytes free

Post-Run: 6,568,443,904 bytes free

 

230 --- E O F --- 2008-06-16 16:52:08

 

 

[norbat]

Bruk utforsker til å finne og slett følgende filer:

 

C:\Windows\System32\ssdnikpj.dll

C:\Windows\System32\hfenvcvg.dll

C:\Windows\System32\ttrhcear.dll

C:\Windows\System32\ehudhfeg.dll

C:\Windows\System32\xauxijbt.dll

C:\Windows\System32\faisdcec.dll

 

(Tips: Ordne filene etter dato. Da vil du mest sannsynlig finne dem samlet)

 

 

Last ned CCleaner.

Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "Bare slett midlertidige filer som er eldre enn 48 timer" Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Dette vil rense ut temporære filer etc.

 

Fortell hvordan det går med 'problemet' ditt.

[Tdnoz]

ser ut til å funke det... skal komme tilbake vist det dukker opp igjen.... takker for hjelpen

[r2d290]

Combofix må avinstalleres.

 

Gå til Start > Kjør

Skriv følgende i boksen:

• combofix /u
  

PS: legg merke til mellomrommet mellom X og /u

 

Trykk Enter.

 

Denne kommandoen vil:

• Fjerne følgende:
  • ComboFix og dets tilhørende filer og mapper.
    VundoFix backups, hvis de eksisterer.
    The C:\Deckard mappe, hvis den eksisterer
    The C:_OtMoveIt mappe, hvis den eksisterer
    

  [*] Nullstille klokke-instillingene.

   

  [*] Skjule filetternavn hvis det er nødvendig.

   

  [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

   

  [*] Nullstille systemgjennoprettingspunkter.

 

 

Du kan avinstallere HijackThis:

Start HijackThis, velg None of the above, just start the program.

Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert.

 

 

MBAM kan du gjerne beholde, og scanne maskinen av og til