hijackthis log, diverse problem

[zulo]

Problemer med at lokal diskstasjon ikke vises i explorer men kan gå inn på c: via start og kjør. Også står det Virus alert! til høyre for klokka.

 

Er litt i tvil på de 09 extra buttons og extra tools linjene..

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:10: VIRUS ALERT!, on 06.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe

C:\Programfiler\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Dell Network Assistant\hnm_svc.exe

C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\programfiler\dell\quickset\quickset.exe

C:\Programfiler\Norman\Npm\bin\ZLH.EXE

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe

C:\Programfiler\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\NetWaiting\netwaiting.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Programfiler\OpenOffice.org 2.4\program\soffice.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\OpenOffice.org 2.4\program\soffice.BIN

C:\Programfiler\Java\jre1.6.0_05\bin\jucheck.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Norman\npm\bin\niu.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=5061031

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=5061031

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.no/ig/dell?hl=no&cli...amp;ibd=5061031

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\programfiler\yahoo!\companion\installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programfiler\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\programfiler\yahoo!\companion\installs\cpn\yt.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Dell QuickSet] c:\programfiler\dell\quickset\quickset.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OM2_Monitor] "C:\Programfiler\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Programfiler\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [OM2_Monitor] "C:\Programfiler\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programfiler\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} (Net6Launcher Class) - https://tilgang.hdnett.no/net6helper.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: wnslvxtf - {FC7C21F4-0E11-4FCC-86F3-ABA6C8ADC09F} - C:\WINDOWS\wnslvxtf.dll (file missing)

O21 - SSODL: eqvwamkl - {77082876-D420-40F7-80C1-6C4A4238721D} - C:\WINDOWS\eqvwamkl.dll (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programfiler\Dell Network Assistant\hnm_svc.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 10568 bytes

[norbat]

Punkt 1:

Last ned Malwarebytes Anti-Malware til skrivebordet.

Kjør og installer programmet. Velg Norsk-språk

La programmet oppdatere seg og velg å kjør en 'hurtig systemskann', klikk Skann.

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

 

Klikk på Vis resultat-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet.

 

Det vil deretter åpnes en logg i notisblokk. Den kan du kopiere og poste senere.

 

Punt 2:

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt) sammen med loggen fra MBAM.

[zulo]

Punkt 1:

Last ned Malwarebytes Anti-Malware til skrivebordet.

Kjør og installer programmet. Velg Norsk-språk

La programmet oppdatere seg og velg å kjør en 'hurtig systemskann', klikk Skann.

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

 

Klikk på Vis resultat-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet.

 

Det vil deretter åpnes en logg i notisblokk. Den kan du kopiere og poste senere.

 

Punt 2:

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt) sammen med loggen fra MBAM.

 

ComboFix 08-08-06.02 - Administrator 2008-08-07 13:31:44.1 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.831 [GMT 2:00]

Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_TDSSSERV

 

 

((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))

.

 

2008-08-07 13:11 . 2008-08-07 13:12 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-08-07 13:11 . 2008-08-07 13:11 <DIR> d-------- C:\Documents and Settings\Gulla\Programdata\Malwarebytes

2008-08-07 13:11 . 2008-08-07 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-08-07 13:11 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-07 13:11 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-06 15:11 . 2008-08-06 15:11 <DIR> d-------- C:\WINDOWS\ERUNT

2008-08-06 15:04 . 2008-08-06 15:04 <DIR> d-------- C:\SDFix

2008-08-06 13:41 . 2008-08-06 13:41 <DIR> d-------- C:\Programfiler\Trend Micro

2008-08-05 13:43 . 2008-08-05 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion

2008-08-05 13:43 . 2008-08-05 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-08-05 13:41 . 2008-08-05 13:41 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-08-05 13:41 . 2008-08-05 13:41 <DIR> d-------- C:\Documents and Settings\Gulla\Programdata\SUPERAntiSpyware.com

2008-08-05 13:14 . 2008-08-05 13:57 6,467,096 --a------ C:\Documents and Settings\Administrator\SUPERAntiSpyware.exe

2008-08-05 13:12 . 2008-08-05 13:12 282,882 --a------ C:\cc_20080805_131208.reg

2008-08-05 13:11 . 2008-08-05 13:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste

2008-08-05 13:10 . 2008-08-05 13:10 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-05 13:08 . 2008-08-05 13:08 <DIR> d-------- C:\Programfiler\Yahoo!

2008-08-05 13:08 . 2008-08-05 13:08 <DIR> d-------- C:\Programfiler\CCleaner

2008-08-04 20:14 . 2008-08-04 20:14 56 -r-hs---- C:\WINDOWS\system32\52D6FA236C.sys

2008-08-04 20:07 . 2008-08-04 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Leadertech

2008-08-04 19:53 . 2008-08-04 19:53 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Corel Photo Album

2008-08-04 19:53 . 2008-08-04 20:20 88 -r-hs---- C:\WINDOWS\system32\6C23FAD652.sys

2008-08-04 16:04 . 2004-09-28 20:15 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2008-08-04 16:04 . 2004-09-28 20:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2008-08-04 16:04 . 2008-08-07 13:34 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2008-08-04 16:04 . 2006-10-31 23:34 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Symantec

2008-08-04 16:04 . 2006-10-31 23:30 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Intel

2008-08-04 16:04 . 2006-10-31 23:37 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Corel

2008-08-04 16:04 . 2008-08-06 13:14 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\ATI

2008-08-04 16:04 . 2008-08-04 20:07 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2008-08-04 16:04 . 2008-08-04 20:14 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter

2008-08-04 16:04 . 2004-09-28 20:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2008-08-04 16:04 . 2004-09-28 20:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2008-08-04 16:04 . 2004-09-28 20:30 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter

2008-08-04 16:04 . 2004-09-28 20:15 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2008-08-04 16:04 . 2008-08-05 13:14 <DIR> d-------- C:\Documents and Settings\Administrator

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-07 11:37 --------- d-----w C:\Programfiler\Norman

2008-08-07 11:26 --------- d-----w C:\Documents and Settings\Gulla\Programdata\OpenOffice.org2

2008-08-06 11:14 --------- d-----w C:\Documents and Settings\Gulla\Programdata\ATI

2008-08-04 18:20 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-08-04 05:58 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-08-03 16:00 --------- d-----w C:\Programfiler\Norton Security Scan

2008-08-03 15:24 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-07-21 17:57 6,590 ----a-w C:\Documents and Settings\Gulla\Programdata\wklnhst.dat

2008-07-20 18:37 --------- d-----w C:\Programfiler\Safari

2008-06-26 16:08 --------- d-----w C:\Programfiler\OpenOffice.org 2.4

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:43 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-13 14:32 --------- d-----w C:\Programfiler\Fellesfiler\muvee Technologies

2008-06-13 14:29 --------- d-----w C:\Programfiler\OLYMPUS

2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:16 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-01-23 17:04 1,095,702 ----a-w C:\Documents and Settings\Gulla\Programdata\CitrixSAClient.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"ModemOnHold"="C:\Programfiler\NetWaiting\netwaiting.exe" [2003-09-10 04:24 20480]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-29 18:26 68856]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"OM2_Monitor"="C:\Programfiler\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 14:52 95536]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 20:48 761947]

"Dell QuickSet"="C:\programfiler\dell\quickset\quickset.exe" [2006-08-03 20:51 1032192]

"Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.EXE" [2007-04-27 14:02 183352]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"OM2_Monitor"="C:\Programfiler\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 14:52 54576]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]

"ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]

"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 11:28 667718]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 11:28 602182]

"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 01:08 49152]

"Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-31 23:40 169984]

"DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 22:29 49152]

"DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 03:02 86016]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]

"Corel Photo Downloader"="C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-10 00:34 106496]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

 

C:\Documents and Settings\Gulla\Start-meny\Programmer\Oppstart\

OpenOffice.org 2.4.lnk - C:\Programfiler\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 15:18:42 393216]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Digital Line Detect.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Digital Line Detect.lnk

backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Photosmart Premier Hurtigstart.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Photosmart Premier Hurtigstart.lnk

backup=C:\WINDOWS\pss\HP Photosmart Premier Hurtigstart.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

--------- 2003-09-10 04:24 20480 C:\Programfiler\NetWaiting\netwaiting.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

--a------ 2005-07-12 21:05 1117184 C:\Programfiler\McAfee\SpamKiller\MSKDetct.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 18:24 1694208 C:\Programfiler\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

--a------ 2006-03-25 01:30 282624 C:\WINDOWS\stsystra.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\NET6\\net6vpn.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Dell Network Assistant\\ezi_hnm2.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

 

R3 Net6IM;Net6;C:\WINDOWS\system32\DRIVERS\net6im51.sys [2006-09-27 18:47]

S2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS []

S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-05-21 10:34]

S3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe [2007-05-22 14:54]

S3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]

S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 13:58]

.

Contents of the 'Scheduled Tasks' folder

 

2008-07-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

 

2008-08-03 C:\WINDOWS\Tasks\Norton Security Scan.job

- C:\Programfiler\Norton Security Scan\Nss.exe [2008-01-09 04:08]

.

- - - - ORPHANS REMOVED - - - -

 

MSConfigStartUp-Antivirus - C:\Programfiler\VAV\vav.exe

MSConfigStartUp-ATICCC - C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=5061031

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

 

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

 

O16 -: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} - hxxps://tilgang.hdnett.no/net6helper.cab

C:\WINDOWS\Downloaded Program Files\net6helper.inf

C:\WINDOWS\Downloaded Program Files\net6helper.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-07 13:38:09

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\PROGRA~1\Google\GOOGLE~1\GOA66E~1.DLL

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Intel\Wireless\Bin\WLKEEPER.exe

C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe

C:\Programfiler\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Dell Network Assistant\hnm_svc.exe

C:\Programfiler\Dell\QuickSet\NicConfigSvc.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Programfiler\Norman\Npm\Bin\Njeeves.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\OpenOffice.org 2.4\program\soffice.exe

C:\Programfiler\OpenOffice.org 2.4\program\soffice.bin

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

.

**************************************************************************

.

Completion time: 2008-08-07 13:41:21 - machine was rebooted [Gulla]

ComboFix-quarantined-files.txt 2008-08-07 11:41:18

 

Pre-Run: 72,094,818,304 byte ledig

Post-Run: 71,162,875,904 byte ledig

 

224 --- E O F --- 2008-07-21 11:42:49

 

 

Malwarebytes' Anti-Malware 1.24

Database versjon: 1030

Windows 5.1.2600 Service Pack 2

 

13:19:55 07.08.2008

mbam-log-8-7-2008 (13-19-55).txt

 

Skanntype: Rask Skann

Objekter skannet: 48992

Tid tilbakelagt: 6 minute(s), 20 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 3

Registerverdier infisert: 0

Registerfiler infisert: 6

Mapper infisert: 0

Filer infisert: 5

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fdkowvbp.bpeb (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Documents and Settings\Andrea\Lokale innstillinger\Temp\sfsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Andrea\Programdata\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\Andrea\Favoritter\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\Andrea\Favoritter\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\Andrea\Favoritter\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

[norbat]

- Og hvordan går det med problemet?

[zulo]

- Og hvordan går det med problemet?

 

Jo takk den ble rensket

 

Står ingen virus warning ved klokka nå, plutselig dukket diskstasjonene opp og norman kjørte normalt igjen

[norbat]

Høres bra ut.

 

Du kan avinstallere combofix ved å skrive combofix /u i kjør-feltet (start->kjør).

Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere.