tradhtare Skrevet 25. juli 2008 Del Skrevet 25. juli 2008 (endret) Hei! Har fulgt første innlegget ditt i stickytråden til punkt og prikke, grunnet infisert pc av mye rart, deriblant veldig plagsomme CiD-reklamer. Har kikket litt rundt og så at du også anbefalte å slette msn plus,og å rense opp i : C:\WINDOWS\system32\drivers\etc . Dette er også gjort. Så da lurer jeg egentlig bare på om du kan sjekke gjennom om det er noe mer som trengs? På forhånd takk. Her kommer loggene: Logg fra HjT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 05:41:49, on 25.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Norton Internet Security\ISSVC.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Java\jre1.5.0_07\bin\jusched.exe C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe C:\Programfiler\Brother\Brmfcmon\BrMfcmon.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymSCUI.exe C:\WINDOWS\explorer.exe C:\Programfiler\OpenOffice.org 2.1\program\soffice.exe C:\Programfiler\OpenOffice.org 2.1\program\soffice.BIN C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: {915637b0-23a0-823b-c134-b733311ab281} - {182ba113-337b-431c-b328-0a320b736519} - C:\WINDOWS\system32\lxrnpx.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9EE8E818-AB40-4416-A827-93F23DB6B139} - C:\WINDOWS\system32\qoMdabAP.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Programfiler\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Programfiler\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [64 inter flaw hold] C:\Documents and Settings\All Users\Programdata\Mode Rule 64 Inter\Trust Cake.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Telenorhjelpen] "C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe" O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [3ccd8b96] rundll32.exe "C:\WINDOWS\system32\prtmbnil.dll",b O4 - HKLM\..\Run: [bM3ffeb80a] Rundll32.exe "C:\WINDOWS\system32\rxvrqfah.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [fragmeal] C:\DOCUME~1\Mamma\PROGRA~1\TONSMA~1\deaftick.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Programfiler\OpenOffice.org 2.1\program\quickstart.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553527400} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfr...outLauncher.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe -- End of file - 12892 bytes Logg fra SAS: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/25/2008 at 04:41 AM Application Version : 4.15.1000 Core Rules Database Version : 3514 Trace Rules Database Version: 1505 Scan type : Quick Scan Total Scan Time : 00:19:23 Memory items scanned : 428 Memory threats detected : 3 Registry items scanned : 494 Registry threats detected : 82 File items scanned : 5113 File threats detected : 347 Trojan.Vundo-Variant/Small-GEN C:\WINDOWS\SYSTEM32\DDCAYOHE.DLL C:\WINDOWS\SYSTEM32\DDCAYOHE.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A39F3CC6-5D6E-4A86-9295-6BD60D5C3471} HKCR\CLSID\{A39F3CC6-5D6E-4A86-9295-6BD60D5C3471} HKCR\CLSID\{A39F3CC6-5D6E-4A86-9295-6BD60D5C3471}\InprocServer32 HKCR\CLSID\{A39F3CC6-5D6E-4A86-9295-6BD60D5C3471}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{A39F3CC6-5D6E-4A86-9295-6BD60D5C3471} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddcaYOhE Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\QOMDABAP.DLL C:\WINDOWS\SYSTEM32\QOMDABAP.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\LXRNPX.DLL C:\WINDOWS\SYSTEM32\LXRNPX.DLL *fjernet cookies* Adware.180solutions/Seekmo HKU\S-1-5-21-619578341-4048544493-2391991700-1007\Software\seekmo HKCR\SeekmoToolbar.SkCommBand HKCR\SeekmoToolbar.SkCommBand\CLSID HKCR\SeekmoToolbar.SkCommBand\CurVer HKCR\SeekmoToolbar.SkCommBand.1 HKCR\SeekmoToolbar.SkCommBand.1\CLSID HKCR\SkbToolbar.SkHtmlMenuUI HKCR\SkbToolbar.SkHtmlMenuUI\CLSID HKCR\SkbToolbar.SkHtmlMenuUI\CurVer HKCR\SkbToolbar.SkHtmlMenuUI.1 HKCR\SkbToolbar.SkHtmlMenuUI.1\CLSID HKCR\SkbToolbar.SkToolbarCtl HKCR\SkbToolbar.SkToolbarCtl\CLSID HKCR\SkbToolbar.SkToolbarCtl\CurVer HKCR\SkbToolbar.SkToolbarCtl.1 HKCR\SkbToolbar.SkToolbarCtl.1\CLSID HKCR\SkCoreSrv.LfgAx HKCR\SkCoreSrv.LfgAx\CLSID HKCR\SkCoreSrv.LfgAx\CurVer HKCR\SkCoreSrv.LfgAx.1 HKCR\SkCoreSrv.LfgAx.1\CLSID HKCR\SkCoreSrv.SkCoreServices HKCR\SkCoreSrv.SkCoreServices\CLSID HKCR\SkCoreSrv.SkCoreServices\CurVer HKCR\SkCoreSrv.SkCoreServices.1 HKCR\SkCoreSrv.SkCoreServices.1\CLSID HKCR\SkSrv.SkCoreServices HKCR\SkSrv.SkCoreServices\CLSID HKCR\SkSrv.SkCoreServices\CurVer HKCR\SkSrv.SkCoreServices.1 HKCR\SkSrv.SkCoreServices.1\CLSID HKCR\SkTools.HbMain HKCR\SkTools.HbMain\CLSID HKCR\SkTools.HbMain\CurVer HKCR\SkTools.HbMain.1 HKCR\SkTools.HbMain.1\CLSID HKU\S-1-5-21-619578341-4048544493-2391991700-1007\Software\SeekmoToolbar HKLM\Software\SeekmoToolbar HKLM\Software\SeekmoToolbar\Install HKLM\Software\SeekmoToolbar\Install#IE HKLM\Software\SeekmoToolbar\Install#OL HKLM\Software\SeekmoToolbar\Install#WT HKLM\Software\SeekmoToolbar\Install#WP HKLM\Software\SeekmoToolbar\Install#Install_Dir HKLM\Software\SeekmoToolbar\Install#Installed_From HKLM\Software\SeekmoToolbar\Install\CmpMap HKLM\Software\SeekmoToolbar\Install\CmpMap#IE HKLM\Software\SeekmoToolbar\Install\CmpMap#OL HKLM\Software\SeekmoToolbar\Install\CmpMap#WT HKLM\Software\SeekmoToolbar\Install\CmpMap#WP HKLM\Software\SeekmoToolbar\SeekmoToolbar HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#StartInstall HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#IID HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#IID_prv HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#HbHostOEPath HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#PrevVer HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#CurrentVer HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#CreateDate HKLM\Software\SeekmoToolbar\SeekmoToolbar\Install#CreateDateDW HKLM\Software\SeekmoToolbar\SeekmoToolbar\MachineInfo HKLM\Software\SeekmoToolbar\SeekmoToolbar\MachineInfo#CID HKLM\Software\SeekmoToolbar\SeekmoToolbar\MachineInfo#CID_prv HKLM\Software\SeekmoToolbar\SeekmoToolbar\PI HKLM\Software\SeekmoToolbar\SeekmoToolbar\PI\3.2 HKLM\Software\SeekmoToolbar\SeekmoToolbar\PI\3.2#PID00 HKLM\Software\SeekmoToolbar\SeekmoToolbar\Updates HKLM\Software\SeekmoToolbar\SeekmoToolbar\Updates#InstallDate HKLM\Software\SeekmoToolbar\SeekmoToolbar\Upgrade HKLM\Software\SeekmoToolbar\SeekmoToolbar\Upgrade#LastChecked HKLM\Software\Microsoft\Windows\CurrentVersion\Run#SeekmoToolbar [ C:\Programfiler\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE} ] C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\IESkins C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\skbar.log C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\skbar_1175217550.log C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\v3.0\SeekmoOI\dynamic C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\v3.0\SeekmoOI C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\v3.0\SeekmoOL\dynamic C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\v3.0\SeekmoOL C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\v3.0\SeekmoToolbar\static\1 C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\v3.0\SeekmoToolbar\static\2 C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\v3.0\SeekmoToolbar\static C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\v3.0\SeekmoToolbar C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar\v3.0 C:\Documents and Settings\Mamma\Programdata\SeekmoToolbar Trojan.Media-Codec HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Programfiler\Video ActiveX Access\iesmn.exe ] Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\aoprndtws HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP HKU\S-1-5-21-619578341-4048544493-2391991700-1007\Software\Microsoft\rdfa Browser Hijacker.Favorites C:\DOCUMENTS AND SETTINGS\BROR\FAVORITTER\ONLINE SECURITY TEST.URL Trojan.Unknown Origin C:\WINDOWS\SYSTEM32\STQGLPDT.DLL C:\WINDOWS\SYSTEM32\TPNHOBOR.DLL C:\WINDOWS\SYSTEM32\XXZENP.DLL C:\WINDOWS\SYSTEM32\YUQCVT.DLL Logg fra ComboFix: ComboFix 08-07-24.1 - Mamma 2008-07-25 5:21:05.2 - NTFSx86 Running from: C:\Documents and Settings\Mamma\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM3ffeb80a.xml . ---- Previous Run ------- . C:\Documents and Settings\Bror\Programdata\SeekmoToolbar C:\Documents and Settings\Bror\Programdata\SeekmoToolbar\skbar.log C:\Documents and Settings\Bror\Programdata\SeekmoToolbar\skbar_1174079189.log C:\Documents and Settings\Bror\Programdata\SeekmoToolbar\skbar_1174491472.log C:\Documents and Settings\Bror\Programdata\SeekmoToolbar\skbar_1175250876.log C:\Documents and Settings\Søster\Programdata\SeekmoToolbar C:\Documents and Settings\Søster\Programdata\SeekmoToolbar\skbar.log C:\Documents and Settings\Søster\Programdata\SeekmoToolbar\skbar_1174587440.log C:\Documents and Settings\Pappa\Programdata\SeekmoToolbar C:\Documents and Settings\Pappa\Programdata\SeekmoToolbar\skbar.log C:\Documents and Settings\Pappa\Programdata\SeekmoToolbar\skbar_1174533337.log C:\Documents and Settings\Pappa\Programdata\SeekmoToolbar\skbar_1174571017.log C:\Documents and Settings\Pappa\Programdata\SeekmoToolbar\skbar_1174606537.log C:\Documents and Settings\Pappa\Programdata\SeekmoToolbar\skbar_1174644157.log C:\Documents and Settings\Pappa\Programdata\SeekmoToolbar\skbar_1174679377.log C:\Documents and Settings\Pappa\Programdata\SeekmoToolbar\skbar_1174717657.log C:\Documents and Settings\Pappa\Programdata\SeekmoToolbar\skbar_1174881242.log C:\WINDOWS\BM3ffeb80a.txt C:\WINDOWS\cookies.ini C:\WINDOWS\system32\adJmnnpo.ini C:\WINDOWS\system32\adJmnnpo.ini2 C:\WINDOWS\system32\aufifgbd.ini C:\WINDOWS\system32\dkyohqxa.ini C:\WINDOWS\system32\ggbjlmwi.ini C:\WINDOWS\system32\grdymylt.ini C:\WINDOWS\system32\hprqkire.ini C:\WINDOWS\system32\hxnayjek.ini C:\WINDOWS\system32\IjjPVvut.ini C:\WINDOWS\system32\IjjPVvut.ini2 C:\WINDOWS\system32\iliyuabp.ini C:\WINDOWS\system32\iqucfebb.ini C:\WINDOWS\system32\isxecdpw.ini C:\WINDOWS\system32\linbmtrp.ini C:\WINDOWS\system32\ljrbvknq.ini C:\WINDOWS\system32\lykeomqs.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\PAbadMoq.ini C:\WINDOWS\system32\PAbadMoq.ini2 C:\WINDOWS\system32\qAcdNXyb.ini C:\WINDOWS\system32\qAcdNXyb.ini2 C:\WINDOWS\system32\rqcbpvac.ini C:\WINDOWS\system32\sewmhdnk.ini C:\WINDOWS\system32\thhbdeqv.dll C:\WINDOWS\system32\uerpywqv.ini C:\WINDOWS\system32\wimlksvp.ini C:\WINDOWS\system32\WyybLRqr.ini C:\WINDOWS\system32\WyybLRqr.ini2 C:\WINDOWS\system32\xvslvxel.ini C:\WINDOWS\system32\xwtygmbc.ini C:\WINDOWS\system32\Xybaayxx.ini C:\WINDOWS\system32\Xybaayxx.ini2 C:\WINDOWS\system32\yiapgdjn.ini . ((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 ))))))))))))))))))))))))))))))) . 2008-07-25 05:08 . 2008-07-25 05:08 <DIR> d-------- C:\WINDOWS\LastGood 2008-07-25 05:03 . 2008-07-25 05:21 354 ---hs---- C:\WINDOWS\system32\linbmtrp.ini 2008-07-25 04:18 . 2008-07-25 04:18 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-25 04:18 . 2008-07-25 04:18 <DIR> d-------- C:\Documents and Settings\Mamma\Programdata\SUPERAntiSpyware.com 2008-07-25 04:18 . 2008-07-25 04:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-25 04:04 . 2008-07-25 04:12 <DIR> dr-h----- C:\Documents and Settings\Mamma\Siste 2008-07-25 04:01 . 2008-07-25 04:01 <DIR> d-------- C:\Programfiler\CCleaner 2008-07-24 22:52 . 2008-07-24 22:52 <DIR> d-------- C:\Programfiler\Lavasoft 2008-07-24 22:52 . 2008-07-24 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-07-24 22:48 . 2008-07-25 04:17 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-24 22:47 . 2008-07-24 22:48 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-07-24 22:47 . 2008-07-25 04:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-07-24 22:13 . 2008-07-24 22:13 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-24 21:08 . 2008-07-24 21:08 105,472 --a------ C:\WINDOWS\system32\cvswyfun.dll 2008-07-24 21:05 . 2008-07-24 21:05 83,456 --a------ C:\WINDOWS\system32\prtmbnil.dll 2008-07-24 20:50 . 2003-09-18 19:03 1,163,337 --a------ C:\WINDOWS\system32\odSupp_M.dll 2008-07-24 20:50 . 2004-05-28 13:43 561,152 --a------ C:\WINDOWS\system32\ANIWZCS2.dll 2008-07-24 20:50 . 2004-06-28 14:54 212,992 --a------ C:\WINDOWS\system32\wlanapi.dll 2008-07-24 20:50 . 2004-02-03 17:20 192,512 --a------ C:\WINDOWS\system32\aIPH.dll 2008-07-24 20:50 . 2004-03-12 15:33 118,784 --a------ C:\WINDOWS\system32\WlanApp.dll 2008-07-24 20:50 . 2003-12-19 17:14 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll 2008-07-24 20:50 . 2003-06-03 18:23 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll 2008-07-24 20:49 . 2008-07-24 20:49 <DIR> d-------- C:\Programfiler\D-Link 2008-07-24 20:49 . 2008-07-24 20:50 <DIR> d-------- C:\Programfiler\ANI 2008-07-24 20:49 . 2004-01-27 17:20 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll 2008-07-24 20:49 . 2003-05-05 18:25 28,205 --a------ C:\WINDOWS\system32\ANIO.sys 2008-07-24 20:49 . 2004-04-15 11:10 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD 2008-07-24 20:49 . 2003-05-05 14:00 11,904 --a------ C:\WINDOWS\system32\anio4.sys 2008-07-24 16:33 . 2008-07-24 16:33 <DIR> d-------- C:\Programfiler\Recuva 2008-07-24 15:35 . 2008-07-24 16:05 <DIR> d-------- C:\WINDOWS\SxsCaPendDel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-25 03:20 --------- d-----w C:\Documents and Settings\Mamma\Programdata\OpenOffice.org2 2008-07-25 02:59 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-07-24 19:55 --------- d-----w C:\Documents and Settings\Bror\Programdata\OpenOffice.org2 2008-07-24 19:31 --------- d-----w C:\Programfiler\Macrogaming 2008-07-24 19:04 --------- d-----w C:\Programfiler\Norton Internet Security 2008-07-24 18:51 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-24 14:08 --------- d-----w C:\Documents and Settings\Søster\Programdata\OpenOffice.org2 2008-07-24 13:41 --------- d-----w C:\Programfiler\Google 2008-06-08 22:09 --------- d-----w C:\Documents and Settings\All Users\Programdata\Telenor 2008-06-08 22:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\Emotum 2008-06-08 22:05 --------- d-----w C:\Programfiler\Telenor 2008-05-31 12:41 --------- d-----w C:\Programfiler\Windows Live 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe . ((((((((((((((((((((((((((((( snapshot@2008-07-25_ 5.08.23.92 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-25 03:05:07 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat + 2008-07-25 03:05:07 16,384 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat + 2008-07-25 03:05:07 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{182ba113-337b-431c-b328-0a320b736519}] C:\WINDOWS\system32\lxrnpx.dll [bU] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9EE8E818-AB40-4416-A827-93F23DB6B139}] C:\WINDOWS\system32\qoMdabAP.dll [bU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [bU] "fragmeal"="C:\DOCUME~1\Mamma\PROGRA~1\TONSMA~1\deaftick.exe" [bU] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-06 03:22 94208] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-06 03:19 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-06 03:23 114688] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-01-31 12:54 58728] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-02 15:23 100056] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56 36975] "SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472] "PaperPort PTD"="C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 22:12 30248] "IndexSearch"="C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 22:10 46632] "PPort11reminder"="C:\Programfiler\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 14:46 255528] "BrMfcWnd"="C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 15:51 663552] "ControlCenter3"="C:\Programfiler\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 16:58 65536] "64 inter flaw hold"="C:\Documents and Settings\All Users\Programdata\Mode Rule 64 Inter\Trust Cake.exe" [2008-07-25 05:04 2534912] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Telenorhjelpen"="C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 15:35 189120] "D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2004-07-09 15:07 1249280] "ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-04-14 11:54 45056] "3ccd8b96"="C:\WINDOWS\system32\prtmbnil.dll" [2008-07-24 21:05 83456] "BM3ffeb80a"="C:\WINDOWS\system32\rxvrqfah.dll" [bU] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\Bror\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.1.lnk - C:\Programfiler\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216] C:\Documents and Settings\Søster\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.1.lnk - C:\Programfiler\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216] C:\Documents and Settings\Mamma\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.1.lnk - C:\Programfiler\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "C:\\Programfiler\\Alwil Software\\Avast4\\ashAvast.exe"= "C:\\Programfiler\\Outlook Express\\msimn.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 19:08] R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb434e88-83c5-11dc-a695-001195fb339f}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-07-21 11:56:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-07-25 02:00:00 C:\WINDOWS\Tasks\B1014E1891AAFE1C.job" - c:\docume~1\mamma\progra~1\tonsma~1\Coal peak bin.exe "2008-07-25 02:00:00 C:\WINDOWS\Tasks\B2BE311A9015DFAE.job" - c:\docume~1\dadda\progra~1\tonsma~1\Coal peak bin.exe "2008-07-25 02:40:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE "2008-07-18 18:00:53 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin - Dadda.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exec/task: . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: &Windows Live Search - C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-25 05:22:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-25 5:23:16 ComboFix-quarantined-files.txt 2008-07-25 03:23:13 Pre-Run: 55,986,540,544 byte ledig Post-Run: 55,975,223,296 byte ledig 234 --- E O F --- 2008-05-28 20:19:44 Endret 26. juli 2008 av tradhtare Lenke til kommentar
Bludd Skrevet 25. juli 2008 Del Skrevet 25. juli 2008 Jeg er ikke norbat, men: Lugubre greier fra hijackthis loggen: O2 - BHO: (no name) - {9EE8E818-AB40-4416-A827-93F23DB6B139} - C:\WINDOWS\system32\qoMdabAP.dll (file missing) O4 - HKLM\..\Run: [64 inter flaw hold] C:\Documents and Settings\All Users\Programdata\Mode Rule 64 Inter\Trust Cake.exe O4 - HKLM\..\Run: [3ccd8b96] rundll32.exe "C:\WINDOWS\system32\prtmbnil.dll",b O4 - HKLM\..\Run: [bM3ffeb80a] Rundll32.exe "C:\WINDOWS\system32\rxvrqfah.dll",s O4 - HKCU\..\Run: [fragmeal] C:\DOCUME~1\Mamma\PROGRA~1\TONSMA~1\deaftick.exe Lenke til kommentar
norbat Skrevet 25. juli 2008 Del Skrevet 25. juli 2008 Punkt 1: Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: {915637b0-23a0-823b-c134-b733311ab281} - {182ba113-337b-431c-b328-0a320b736519} - C:\WINDOWS\system32\lxrnpx.dll (file missing) O2 - BHO: (no name) - {9EE8E818-AB40-4416-A827-93F23DB6B139} - C:\WINDOWS\system32\qoMdabAP.dll (file missing) O4 - HKLM\..\Run: [64 inter flaw hold] C:\Documents and Settings\All Users\Programdata\Mode Rule 64 Inter\Trust Cake.exe O4 - HKLM\..\Run: [3ccd8b96] rundll32.exe "C:\WINDOWS\system32\prtmbnil.dll",b O4 - HKLM\..\Run: [bM3ffeb80a] Rundll32.exe "C:\WINDOWS\system32\rxvrqfah.dll",s O4 - HKCU\..\Run: [fragmeal] C:\DOCUME~1\Mamma\PROGRA~1\TONSMA~1\deaftick.exe Punkt 2: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\linbmtrp.ini C:\WINDOWS\system32\cvswyfun.dll C:\WINDOWS\system32\prtmbnil.dll C:\WINDOWS\Tasks\B1014E1891AAFE1C.job C:\WINDOWS\Tasks\B2BE311A9015DFAE.job Punkt 3: Bestem deg for hvilket antivirusprogram du ønsker å bruke - Avast eller Norton. Avinstaller det andre. Punkt 4: Oppdater java: http://java.com/en/download/index.jsp Punkt 5: Vurder om du behøver Spybot - Search & Destroy og Ad-Aware. Anbefaler heller at du beholder SuperAntispyware. Punkt 6: Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemskann', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på Vis resultat-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kan du kopiere og poste sammen med ny hjt-logg. Lenke til kommentar
Bludd Skrevet 25. juli 2008 Del Skrevet 25. juli 2008 (endret) Hah! Så ikke at det var to antivirusprogrammer inne. Angående Spybot: jeg anbefaler at Spybot brukes mtp. immuniseringsfunksjonen. Samme med Spywareblaster. Endret 25. juli 2008 av Bludd Lenke til kommentar
tradhtare Skrevet 25. juli 2008 Forfatter Del Skrevet 25. juli 2008 Tusen takk norbat. Denne feilmeldingen kom når jeg skulle kjøre malwarebytes: Her er loggen fra HjT etter endringene: ComboFix 08-07-24.1 - Mamma 2008-07-25 13:08:23.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.567 [GMT 2:00] Running from: C:\Documents and Settings\Mamma\Skrivebord\Reparering\ComboFix.exe Command switches used :: C:\Documents and Settings\Mamma\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\cvswyfun.dll C:\WINDOWS\system32\linbmtrp.ini C:\WINDOWS\system32\prtmbnil.dll C:\WINDOWS\Tasks\B1014E1891AAFE1C.job C:\WINDOWS\Tasks\B2BE311A9015DFAE.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\cvswyfun.dll C:\WINDOWS\system32\linbmtrp.ini C:\WINDOWS\system32\prtmbnil.dll C:\WINDOWS\Tasks\B1014E1891AAFE1C.job C:\WINDOWS\Tasks\B2BE311A9015DFAE.job . ((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 ))))))))))))))))))))))))))))))) . 2008-07-25 05:41 . 2008-07-25 05:41 <DIR> d-------- C:\Programfiler\Trend Micro 2008-07-25 04:18 . 2008-07-25 04:18 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-25 04:18 . 2008-07-25 04:18 <DIR> d-------- C:\Documents and Settings\Mamma\Programdata\SUPERAntiSpyware.com 2008-07-25 04:18 . 2008-07-25 04:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-25 04:04 . 2008-07-25 13:07 <DIR> dr-h----- C:\Documents and Settings\Mamma\Siste 2008-07-25 04:01 . 2008-07-25 04:01 <DIR> d-------- C:\Programfiler\CCleaner 2008-07-24 22:52 . 2008-07-24 22:52 <DIR> d-------- C:\Programfiler\Lavasoft 2008-07-24 22:52 . 2008-07-24 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-07-24 22:48 . 2008-07-25 04:17 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-24 22:47 . 2008-07-24 22:48 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-07-24 22:47 . 2008-07-25 04:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-07-24 22:13 . 2008-07-24 22:13 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-24 20:50 . 2003-09-18 19:03 1,163,337 --a------ C:\WINDOWS\system32\odSupp_M.dll 2008-07-24 20:50 . 2004-05-28 13:43 561,152 --a------ C:\WINDOWS\system32\ANIWZCS2.dll 2008-07-24 20:50 . 2004-06-28 14:54 212,992 --a------ C:\WINDOWS\system32\wlanapi.dll 2008-07-24 20:50 . 2004-02-03 17:20 192,512 --a------ C:\WINDOWS\system32\aIPH.dll 2008-07-24 20:50 . 2004-03-12 15:33 118,784 --a------ C:\WINDOWS\system32\WlanApp.dll 2008-07-24 20:50 . 2003-12-19 17:14 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll 2008-07-24 20:50 . 2003-06-03 18:23 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll 2008-07-24 20:49 . 2008-07-24 20:49 <DIR> d-------- C:\Programfiler\D-Link 2008-07-24 20:49 . 2008-07-24 20:50 <DIR> d-------- C:\Programfiler\ANI 2008-07-24 20:49 . 2004-01-27 17:20 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll 2008-07-24 20:49 . 2003-05-05 18:25 28,205 --a------ C:\WINDOWS\system32\ANIO.sys 2008-07-24 20:49 . 2004-04-15 11:10 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD 2008-07-24 20:49 . 2003-05-05 14:00 11,904 --a------ C:\WINDOWS\system32\anio4.sys 2008-07-24 16:33 . 2008-07-24 16:33 <DIR> d-------- C:\Programfiler\Recuva 2008-07-24 15:35 . 2008-07-24 16:05 <DIR> d-------- C:\WINDOWS\SxsCaPendDel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-25 04:27 --------- d-----w C:\Documents and Settings\Bror\Programdata\OpenOffice.org2 2008-07-25 03:23 --------- d-----w C:\Documents and Settings\Mamma\Programdata\OpenOffice.org2 2008-07-25 02:59 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-07-24 19:31 --------- d-----w C:\Programfiler\Macrogaming 2008-07-24 19:04 --------- d-----w C:\Programfiler\Norton Internet Security 2008-07-24 18:51 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-24 14:08 --------- d-----w C:\Documents and Settings\Søster\Programdata\OpenOffice.org2 2008-07-24 13:41 --------- d-----w C:\Programfiler\Google 2008-06-08 22:09 --------- d-----w C:\Documents and Settings\All Users\Programdata\Telenor 2008-06-08 22:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\Emotum 2008-06-08 22:05 --------- d-----w C:\Programfiler\Telenor 2008-05-31 12:41 --------- d-----w C:\Programfiler\Windows Live 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe . ((((((((((((((((((((((((((((( snapshot@2008-07-25_ 5.08.23.92 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-25 11:00:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_454.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-06 03:22 94208] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-06 03:19 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-06 03:23 114688] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-01-31 12:54 58728] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-02 15:23 100056] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56 36975] "SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472] "PaperPort PTD"="C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 22:12 30248] "IndexSearch"="C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 22:10 46632] "PPort11reminder"="C:\Programfiler\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 14:46 255528] "BrMfcWnd"="C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 15:51 663552] "ControlCenter3"="C:\Programfiler\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 16:58 65536] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2004-07-09 15:07 1249280] "ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-04-14 11:54 45056] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\Bror\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.1.lnk - C:\Programfiler\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216] C:\Documents and Settings\Søster\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.1.lnk - C:\Programfiler\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^Mamma^Start-meny^Programmer^Oppstart^OpenOffice.org 2.1.lnk] path=C:\Documents and Settings\Mamma\Start-meny\Programmer\Oppstart\OpenOffice.org 2.1.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 C:\Programfiler\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-05-28 10:33 1506544 C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenorhjelpen] --a------ 2008-02-07 15:35 189120 C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "navapsvc"=2 (0x2) "Automatisk LiveUpdate-planlegging"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "C:\\Programfiler\\Alwil Software\\Avast4\\ashAvast.exe"= "C:\\Programfiler\\Outlook Express\\msimn.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 19:08] R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb434e88-83c5-11dc-a695-001195fb339f}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-07-21 11:56:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-07-25 11:00:21 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE "2008-07-18 18:00:53 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin - Dadda.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exec/task: . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-swg - C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-25 13:10:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-25 13:11:20 ComboFix-quarantined-files.txt 2008-07-25 11:11:17 ComboFix2.txt 2008-07-25 03:23:17 Pre-Run: 55,966,683,136 byte ledig Post-Run: 55,956,668,416 byte ledig 177 --- E O F --- 2008-05-28 20:19:44 Lenke til kommentar
Bludd Skrevet 25. juli 2008 Del Skrevet 25. juli 2008 Isj, mulig du har virus i tillegg som har allerede infisert programmet. Prøv en online virusscan. Lenke til kommentar
tradhtare Skrevet 25. juli 2008 Forfatter Del Skrevet 25. juli 2008 Isj, mulig du har virus i tillegg som har allerede infisert programmet. Prøv en online virusscan. Hvilken da? Gjerne en som har quickscan så det ikke tar år og dag. Jeg må fikse dette før jeg reiser. Takk for hjelp. Lenke til kommentar
norbat Skrevet 25. juli 2008 Del Skrevet 25. juli 2008 Feilmeldingen får du fordi programmet ikke har blitt lastet fullstendig ned. Følg linken under og last ned programmet på nytt: Malwarebytes Anti-Malware Gi tilbakemelding på om MBAM finner noe (post gjerne loggen) Lenke til kommentar
tradhtare Skrevet 26. juli 2008 Forfatter Del Skrevet 26. juli 2008 Feilmeldingen får du fordi programmet ikke har blitt lastet fullstendig ned. Følg linken under og last ned programmet på nytt: Malwarebytes Anti-Malware Gi tilbakemelding på om MBAM finner noe (post gjerne loggen) Logg fra MBAM: Malwarebytes' Anti-Malware 1.23 Database versjon: 993 Windows 5.1.2600 Service Pack 2 14:21:06 26.07.2008 mbam-log-7-26-2008 (14-21-02).txt Skanntype: Rask Skann Objekter skannet: 42062 Tid tilbakelagt: 3 minute(s), 2 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> No action taken. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> No action taken. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken. Etter scanninga fjerna jeg ingenting, jeg tenkte du skulle få se loggen først, for så å fortelle meg hva jeg skal gjøre videre. Lenke til kommentar
norbat Skrevet 26. juli 2008 Del Skrevet 26. juli 2008 Hei, La MBAM fjerne det den finner Klikk på Vis resultat-knappen, deretter på Fjern valgte -knappen for å fjerne malwaren som ble funnet. Trenger ikke å se loggen. Post ny HJT-logg, så ser vi om det er noe mer som bør gjøres. Hvordan kjører pc'n? Lenke til kommentar
tradhtare Skrevet 26. juli 2008 Forfatter Del Skrevet 26. juli 2008 Hei, La MBAM fjerne det den finner Klikk på Vis resultat-knappen, deretter på Fjern valgte -knappen for å fjerne malwaren som ble funnet. Trenger ikke å se loggen. Post ny HJT-logg, så ser vi om det er noe mer som bør gjøres. Hvordan kjører pc'n? Den kjører mye, mye bedre. CiD'ene er også vekke. Har ikke merket noe tull enda. Logg fra HjT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:30:16, on 26.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\Brother\Brmfcmon\BrMfcmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Programfiler\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Programfiler\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553527400} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfr...outLauncher.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe (file missing) -- End of file - 8479 bytes Lenke til kommentar
norbat Skrevet 26. juli 2008 Del Skrevet 26. juli 2008 Ser fint ut dette Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Behold gjerne ett eller begge antispywareprog. (SAS og MBAM) og kjør en scan i ny og ne. Surf trygt. Lenke til kommentar
tradhtare Skrevet 26. juli 2008 Forfatter Del Skrevet 26. juli 2008 Ser fint ut dette Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Behold gjerne ett eller begge antispywareprog. (SAS og MBAM) og kjør en scan i ny og ne. Surf trygt. Tusen takk for all hjelp! Du skulle fått en klem om du hadde vært her. Ha en fin dag. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå