tundra Skrevet 24. august 2008 Del Skrevet 24. august 2008 (endret) SAS Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/24/2008 at 04:26 PM Application Version : 4.20.1046 Core Rules Database Version : 3541 Trace Rules Database Version: 1530 Scan type : Quick Scan Total Scan Time : 00:11:35 Memory items scanned : 470 Memory threats detected : 6 Registry items scanned : 499 Registry threats detected : 90 File items scanned : 9524 File threats detected : 174 Trojan.Vundo-Variant/Small C:\WINDOWS\SYSTEM32\SXQVCBSX.DLL C:\WINDOWS\SYSTEM32\SXQVCBSX.DLL C:\WINDOWS\SYSTEM32\FRQABQHH.DLL C:\WINDOWS\SYSTEM32\KXDCBVUC.DLL C:\WINDOWS\SYSTEM32\MTVLWV.DLL C:\WINDOWS\SYSTEM32\ZXJUAG.DLL Trojan.Vundo-Variant/Small-GEN C:\WINDOWS\SYSTEM32\DDCCRJAP.DLL C:\WINDOWS\SYSTEM32\DDCCRJAP.DLL C:\WINDOWS\SYSTEM32\WVULJJCD.DLL Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\LJJBSPFE.DLL C:\WINDOWS\SYSTEM32\LJJBSPFE.DLL Trojan.Downloader-Gen/Win C:\WINDOWS\FDXBAMEG.DLL C:\WINDOWS\FDXBAMEG.DLL C:\WINDOWS\FSRPKNOV.DLL C:\WINDOWS\FSRPKNOV.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\XIQPQZ.DLL C:\WINDOWS\SYSTEM32\XIQPQZ.DLL Adware.Vundo Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08272f9d-7e8f-4585-83da-29df6e72cc76} HKCR\CLSID\{08272F9D-7E8F-4585-83DA-29DF6E72CC76} HKCR\CLSID\{08272F9D-7E8F-4585-83DA-29DF6E72CC76}\InprocServer32 HKCR\CLSID\{08272F9D-7E8F-4585-83DA-29DF6E72CC76}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} HKCR\CLSID\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} HKCR\CLSID\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}\InprocServer32 HKCR\CLSID\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} HKCR\CLSID\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} Trojan.Net-MSV/VPS-Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{874EA085-3B7B-412B-91AE-7291A94978D0} HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0} HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0} HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}\InprocServer32 HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}\InprocServer32#ThreadingModel HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}\ProgID HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}\Programmable HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}\TypeLib HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}\VersionIndependentProgID HKCR\QXK.Olive HKCR\TypeLib\{4A662651-4D1A-4FBB-8A9E-F63D45790C5E} HKCR\TypeLib\{4A662651-4D1A-4FBB-8A9E-F63D45790C5E}\1.0 HKCR\TypeLib\{4A662651-4D1A-4FBB-8A9E-F63D45790C5E}\1.0 HKCR\TypeLib\{4A662651-4D1A-4FBB-8A9E-F63D45790C5E}\1.0\win32 HKCR\TypeLib\{4A662651-4D1A-4FBB-8A9E-F63D45790C5E}\1.0\FLAGS HKCR\TypeLib\{4A662651-4D1A-4FBB-8A9E-F63D45790C5E}\1.0\HELPDIR C:\WINDOWS\WBXDPGFEDXA.DLL HKCR\Interface\{1A75E5DF-D009-40D8-8663-FB8E97CD179E} HKCR\Interface\{1A75E5DF-D009-40D8-8663-FB8E97CD179E}\ProxyStubClsid HKCR\Interface\{1A75E5DF-D009-40D8-8663-FB8E97CD179E}\ProxyStubClsid32 HKCR\Interface\{1A75E5DF-D009-40D8-8663-FB8E97CD179E}\TypeLib HKCR\Interface\{1A75E5DF-D009-40D8-8663-FB8E97CD179E}\TypeLib#Version HKCR\Interface\{6DEF6AA1-5511-4F1E-AC3B-CAEB61C47FEF} HKCR\Interface\{6DEF6AA1-5511-4F1E-AC3B-CAEB61C47FEF}\ProxyStubClsid HKCR\Interface\{6DEF6AA1-5511-4F1E-AC3B-CAEB61C47FEF}\ProxyStubClsid32 HKCR\Interface\{6DEF6AA1-5511-4F1E-AC3B-CAEB61C47FEF}\TypeLib HKCR\Interface\{6DEF6AA1-5511-4F1E-AC3B-CAEB61C47FEF}\TypeLib#Version Trojan.Vundo-Variant/NextGen HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8DC9A21-089B-4B1F-A713-39E5E95E4FBD} HKCR\CLSID\{A8DC9A21-089B-4B1F-A713-39E5E95E4FBD} HKCR\CLSID\{A8DC9A21-089B-4B1F-A713-39E5E95E4FBD}\InprocServer32 HKCR\CLSID\{A8DC9A21-089B-4B1F-A713-39E5E95E4FBD}\InprocServer32#ThreadingModel Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddcCRJAp Trojan.Unclassified/SQVGNRPX HKLM\Software\Microsoft\Internet Explorer\Toolbar#{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59} HKCR\CLSID\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59} HKCR\CLSID\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59} HKCR\CLSID\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59}\InprocServer32 HKCR\CLSID\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59}\InprocServer32#ThreadingModel HKCR\CLSID\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59}\ProgID HKCR\CLSID\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59}\Programmable HKCR\CLSID\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59}\TypeLib HKCR\CLSID\{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59}\VersionIndependentProgID HKCR\sqvgnrpx.1 HKCR\sqvgnrpx HKCR\TypeLib\{ABBAFC19-C497-4EC0-9A4D-E19C6C5CF8A3} HKCR\TypeLib\{ABBAFC19-C497-4EC0-9A4D-E19C6C5CF8A3}\1.0 HKCR\TypeLib\{ABBAFC19-C497-4EC0-9A4D-E19C6C5CF8A3}\1.0 HKCR\TypeLib\{ABBAFC19-C497-4EC0-9A4D-E19C6C5CF8A3}\1.0\win32 HKCR\TypeLib\{ABBAFC19-C497-4EC0-9A4D-E19C6C5CF8A3}\1.0\FLAGS HKCR\TypeLib\{ABBAFC19-C497-4EC0-9A4D-E19C6C5CF8A3}\1.0\HELPDIR C:\WINDOWS\SQVGNRPX.DLL HKCR\Interface\{C5EBEE4A-E9AB-4EFD-8672-F0166F8AC2C3} HKCR\Interface\{C5EBEE4A-E9AB-4EFD-8672-F0166F8AC2C3}\ProxyStubClsid HKCR\Interface\{C5EBEE4A-E9AB-4EFD-8672-F0166F8AC2C3}\ProxyStubClsid32 HKCR\Interface\{C5EBEE4A-E9AB-4EFD-8672-F0166F8AC2C3}\TypeLib HKCR\Interface\{C5EBEE4A-E9AB-4EFD-8672-F0166F8AC2C3}\TypeLib#Version Registry Cleaner Trial C:\Documents and Settings\navn1\Programdata\Registry Cleaner\Backups\12.reg C:\Documents and Settings\navn1\Programdata\Registry Cleaner\Backups\2007-03-04,21-20 37 796.zip C:\Documents and Settings\navn1\Programdata\Registry Cleaner\Backups\9.reg C:\Documents and Settings\navn1\Programdata\Registry Cleaner\Backups C:\Documents and Settings\navn1\Programdata\Registry Cleaner\Regclean.ini C:\Documents and Settings\navn1\Programdata\Registry Cleaner Browser Hijacker.Internet Explorer Settings Hijack HKU\S-1-5-21-3133422825-1067490125-983626994-1008\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 ] Trojan.Media-Codec HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Programfiler\Video Access ActiveX Object\isamntr.exe ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Programfiler\Video Access ActiveX Object\pmsnrr.exe ] Malware.DriveCleaner C:\Programfiler\DriveCleaner 2006 Free\Activate.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\AE_CD_Cr.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\AReadr4.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\AReadr5.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\ASDSEEpv.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\ASPack.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\Babylon.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\BDelphi5.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\CatchUp.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\CBuildr5.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\CCGA.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\CManager.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\CuteFTP4.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\CuteHTML.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\DAcceler.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\DiscJug.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\ECDCreat4.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\Far.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\FFTsks.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\FlashFXP.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\FrntPage.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\FrontPEx.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\FtpEXP.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\FtpVoya.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\GetRight.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\GoZilla.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\GravMRU.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\HomeSite.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\HotDogPr.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\H_TxtPad.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\IconExtr.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\iMesh.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\ImgReady3.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\InsShExp.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\JASC_P_P.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\KaZaA.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\LView.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MacDir.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MacDrWea.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MicAng.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MicDes.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MMUnDisk.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MM_CON.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\Morpheus.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MPaint.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MPicPub.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MPImaGal.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MSExplorer.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MSoffice.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MSRegEdit.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MSWMP.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\MSWordPad.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\Nero.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\NetShow.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\NTBackup.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\pfilelst.xda C:\Programfiler\DriveCleaner 2006 Free\Appbase\PhotShel.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\PHPCoder.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\PowerZIP.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\RapidBr.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\RealAuPl.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\RealDown.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\SecurCRT.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\SL_BlWin.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\SmartClr.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\Sonique.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\StuffIt.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\TelepPro.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\UGifAnim.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\UltraEd.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\UMedStud.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\UPhImpV.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\UPhotoEx.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\UVidStud.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\VNC.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\WebFeret.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\WebReap.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\WinACE.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\WinGate.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\WinRAR.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\WinZIP.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\WiseInst.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\wordslst.xda C:\Programfiler\DriveCleaner 2006 Free\Appbase\YahooPl.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase\ZipMagic.dat C:\Programfiler\DriveCleaner 2006 Free\Appbase C:\Programfiler\DriveCleaner 2006 Free\bnlink.dat C:\Programfiler\DriveCleaner 2006 Free\img\button.gif C:\Programfiler\DriveCleaner 2006 Free\img\button2.gif C:\Programfiler\DriveCleaner 2006 Free\img\header.gif C:\Programfiler\DriveCleaner 2006 Free\img\logo.gif C:\Programfiler\DriveCleaner 2006 Free\img\spacer.gif C:\Programfiler\DriveCleaner 2006 Free\img\top1.jpg C:\Programfiler\DriveCleaner 2006 Free\img\top2.jpg C:\Programfiler\DriveCleaner 2006 Free\img\top_line.gif C:\Programfiler\DriveCleaner 2006 Free\img C:\Programfiler\DriveCleaner 2006 Free\lapv.dat C:\Programfiler\DriveCleaner 2006 Free\license.rtf C:\Programfiler\DriveCleaner 2006 Free\pv.dat C:\Programfiler\DriveCleaner 2006 Free\readme.rtf C:\Programfiler\DriveCleaner 2006 Free\UDC2006.xml C:\Programfiler\DriveCleaner 2006 Free\unins000.dat C:\Programfiler\DriveCleaner 2006 Free\unins000.exe C:\Programfiler\DriveCleaner 2006 Free\uninstall.ico C:\Programfiler\DriveCleaner 2006 Free\UninstallPage.html C:\Programfiler\DriveCleaner 2006 Free\updater.dat C:\Programfiler\DriveCleaner 2006 Free\vbpv.dat C:\Programfiler\DriveCleaner 2006 Free Desktop Hijacker.AboutYourPrivacy C:\Documents and Settings\navn1\Skrivebord\Error Cleaner.url C:\Documents and Settings\navn1\Skrivebord\Privacy Protector.url C:\Documents and Settings\navn1\Skrivebord\Spyware&Malware Protection.url C:\Documents and Settings\navn1\Favoritter\Error Cleaner.url C:\Documents and Settings\navn1\Favoritter\Privacy Protector.url C:\Documents and Settings\navn1\Favoritter\Spyware&Malware Protection.url Adware.E404 Helper/Hij HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB} HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\win32 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836} HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version HKCR\f406.f406mgr HKCR\f406.f406mgr\CLSID HKCR\f406.f406mgr\CurVer HKCR\f406.f406mgr.1 HKCR\f406.f406mgr.1\CLSID Trojan.Net-MU/Gen HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName Trojan.Downloader-Oreon HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#AvpUnknown [ {e50285d7-2417-4cca-b959-734437d6f56e} ] Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\aoprndtws HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP HKU\S-1-5-21-3133422825-1067490125-983626994-1008\Software\Microsoft\rdfa Trojan.Vundo-Variant/Small-V2 C:\WINDOWS\SYSTEM32\EBTDUWSA.DLL C:\WINDOWS\SYSTEM32\NFQYRBSH.DLL C:\WINDOWS\SYSTEM32\OBDEBMLH.DLL ComboFix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-08-23.03 - navn1 2008-08-24 16:31:56.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.554 [GMT 2:00] Running from: C:\Documents and Settings\navn1\Skrivebord\3ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\navn2\Favoritter\Error Cleaner.url C:\Documents and Settings\navn2\Favoritter\Privacy Protector.url C:\Documents and Settings\navn2\Favoritter\Spyware&Malware Protection.url C:\Documents and Settings\navn2\Skrivebord\Error Cleaner.url C:\Documents and Settings\navn2\Skrivebord\Privacy Protector.url C:\Documents and Settings\navn2\Skrivebord\Spyware&Malware Protection.url C:\Programfiler\antiviirus.exe C:\Programfiler\instant access C:\Programfiler\instant access\Multi\Exe\20050304000312\Common\show_module.php C:\Programfiler\instant access\Multi\Exe\20050304000312\dialerexe.ini C:\Programfiler\instant access\Multi\Exe\20050304000312\img\button1.gif C:\Programfiler\instant access\Multi\Exe\20050304000312\img\dialer.ico C:\Programfiler\instant access\Multi\Exe\20050304000322\Common\show_module.php C:\Programfiler\instant access\Multi\Exe\20050304000322\dialerexe.ini C:\Programfiler\instant access\Multi\Exe\20050304000322\img\button1.gif C:\Programfiler\instant access\Multi\Exe\20050304000322\img\dialer.ico C:\Programfiler\tmp0.exe C:\Programfiler\tmp1.exe C:\Programfiler\tmp2.exe C:\WINDOWS\gpefaowr.exe C:\WINDOWS\SYSTEM32\778670 C:\WINDOWS\SYSTEM32\778670\778670.dll C:\WINDOWS\SYSTEM32\efPsBJjl.ini C:\WINDOWS\SYSTEM32\efPsBJjl.ini2 C:\WINDOWS\system32\hhqbaqrf.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\wxfiefsw.ini C:\WINDOWS\system32\xsbcvqxs.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NSESVC -------\Service_nsesvc ((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 ))))))))))))))))))))))))))))))) . 2008-08-24 16:12 . 2008-08-24 16:12 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-24 16:12 . 2008-08-24 16:12 <DIR> d-------- C:\Documents and Settings\navn1\Programdata\SUPERAntiSpyware.com 2008-08-24 16:12 . 2008-08-24 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-24 16:11 . 2008-08-24 16:11 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-24 16:11 . 2008-08-24 16:11 <DIR> dr-h----- C:\Documents and Settings\navn1\Siste 2008-08-24 16:10 . 2008-08-24 16:10 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-24 11:52 . 2008-08-24 16:06 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-08-24 11:52 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll 2008-08-24 11:45 . 2008-08-24 11:45 294 ---hs---- C:\WINDOWS\SYSTEM32\cuvbcdxk.ini 2008-08-14 19:35 . 2008-08-14 19:35 <DIR> d-------- C:\Documents and Settings\navn2\Programdata\TmpRecentIcons . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-24 14:38 --------- d-----w C:\Documents and Settings\All Users\Programdata\Skype 2008-08-24 14:37 --------- d-----w C:\Programfiler\Plaxo 2008-07-09 16:15 --------- d-----w C:\Documents and Settings\All Users\Programdata\ADSL Software Ltd . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2005-03-22 18:13 13244072] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] "PlaxoUpdate"="C:\Programfiler\Plaxo\2.13.1.6\PlaxoHelper.exe" [2008-04-14 17:36 227914] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 16:14 68856] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42 1404928] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52 339968] "IntelMeM"="C:\Programfiler\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184] "CTSysVol"="C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 12:43 57344] "CTDVDDET"="C:\Programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 03:00 45056] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00 90112] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 18:54 57344] "UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2004-01-07 03:01 110592] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 03:01 86016] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035] "Dell Photo AIO Printer 922"="C:\Programfiler\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 21:36 290816] "LVCOMS"="C:\Programfiler\Fellesfiler\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 16:43 98304] "DataLayer"="C:\PROGRA~1\FELLES~1\PCSuite\DATALA~1\DATALA~1.EXE" [2006-10-27 14:06 863744] "Norman ZANDA"="C:\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 09:47 277616] "Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2006-12-12 02:36 366400] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-04-30 22:20 98304] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "NSLauncher"="C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-30 15:14 2658304] "CTHelper"="CTHELPER.EXE" [2004-03-11 11:50 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] "PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\CyberLink\\PowerDirector\\PDR.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2008-02-07 13:12] R1 NPROSEC;Norman Security driver;C:\Norman\Ngs\bin\nprosec.sys [2008-04-15 15:57] R1 TDI_RD;Norman Firewall TDI driver;C:\WINDOWS\system32\drivers\tdi_rd.sys [2008-02-07 13:12] R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 18:09] R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 18:09] R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R2 NPFSvc32;Norman Personal Firewall Service;C:\Norman\npf\bin\npfsvc32.exe [2008-05-06 09:16] R2 NPROSECSVC;Norman Security service;C:\Norman\Ngs\bin\NPROSEC.EXE [2008-04-22 09:36] R2 NVOY;Norman's Very Own supplY of resources;C:\Norman\npm\bin\nvoy.exe [2008-02-07 11:07] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56] R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2008-04-30 13:28] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Npm\bin\NVCSCHED.EXE [2007-09-18 12:41] S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25] S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25] S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25] S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25] S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 19:38] . - - - - ORPHANS REMOVED - - - - HKLM-Run-4862d37e - C:\WINDOWS\system32\sxqvcbsx.dll SSODL-fdxbameg-{FDFB4B0D-5F1E-4898-BA49-E9B5AEAC94B4} - C:\WINDOWS\fdxbameg.dll SSODL-fsrpknov-{E6553064-FBB8-4008-B6F8-FCC18F3C20FC} - C:\WINDOWS\fsrpknov.dll MSConfigStartUp-antiviirus - C:\Programfiler\antiviirus.exe MSConfigStartUp-Registry Cleaner - C:\Programfiler\Registry Cleaner Trial\Regclean.exe MSConfigStartUp-WinSpywareProtect - C:\Documents and Settings\All Users\Programdata\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = www.startsiden.no R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 16:38:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Norman\npm\bin\elogsvc.exe C:\WINDOWS\SYSTEM32\ati2evxx.exe C:\Norman\npm\bin\Zanda.exe C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe C:\Norman\npm\bin\Njeeves.exe C:\Norman\Npf\Bin\npfuser.exe C:\PROGRA~1\ANALOG~1\Core\smax4pnp.exe C:\PROGRA~1\Java\JRE16~2.0_0\bin\jusched.exe C:\PROGRA~1\Intel\MODEME~1\IntelMEM.exe C:\PROGRA~1\filer\CYBERL~1\PowerDVD\DVDLAU~1.EXE C:\PROGRA~1\Dell\MEDIAE~1\DMXLAU~1.EXE C:\PROGRA~1\DELLPH~1\dlbtbmgr.exe C:\PROGRA~1\FELLES~1\Logitech\QCDriver\LVComS.exe C:\PROGRA~1\DELLPH~1\dlbtbmon.exe C:\PROGRA~1\Picasa2\PICASA~2.EXE C:\PROGRA~1\QUICKT~1\qttask.exe C:\Norman\NVC\Bin\Nip.exe C:\PROGRA~1\Adobe\PHOTOS~1\3.0\Apps\apdproxy.exe C:\PROGRA~1\Nokia\NOKIAS~1\NSLAUN~1.EXE C:\Norman\NVC\Bin\CClaw.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\Programfiler\Fellesfiler\Nokia\MPAPI\MPAPI3s.exe . ************************************************************************** . Completion time: 2008-08-24 16:44:11 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-24 14:44:03 Pre-Run: 133,642,506,240 byte ledig Post-Run: 133,595,238,400 byte ledig 193 --- E O F --- 2008-06-24 01:09:38 HijackThis Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:47, on 24.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Ngs\bin\NPROSEC.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Norman\Npm\Bin\Zanda.exe C:\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Programfiler\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Norman\Npm\bin\NVCSCHED.EXE C:\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\npf\bin\npfuser.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\Intel\Modem Event Monitor\IntelMEM.exe C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\Programfiler\Fellesfiler\Logitech\QCDriver\LVCOMS.EXE C:\Programfiler\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Norman\Npm\Bin\ZLH.EXE C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\Programfiler\QuickTime\qttask.exe C:\Norman\Nvc\Bin\Nip.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\Bin\cclaw.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\Programfiler\Skype\Phone\Skype.exe C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Programfiler\Plaxo\2.13.1.6\PlaxoHelper.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Fellesfiler\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelMeM] C:\Programfiler\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Programfiler\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [LVCOMS] C:\Programfiler\Fellesfiler\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FELLES~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NSLauncher] C:\Programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [PlaxoUpdate] C:\Programfiler\Plaxo\2.13.1.6\PlaxoHelper.exe -a O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179759863062 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9314 bytes Er det noe her som må fjernes? Endret 24. august 2008 av tundra Lenke til kommentar
norbat Skrevet 24. august 2008 Del Skrevet 24. august 2008 Det ble renset ut en pen bunke malware der Bruk utforsker til å finne og slett følgende fil: C:\WINDOWS\SYSTEM32\cuvbcdxk.ini Ut over dette er loggene rene. Du bør oppdatere java: http://java.com/en/download/index.jsp Vurder også å oppdatere Windows med SP3 Du bør nå nullstille systemgjenopprettingen og fjerne backupfilene combofix laget. Det gjør du ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil også fjerne combofix. Trenger du det igjen, laster du ned bare på nytt. Lenke til kommentar
tundra Skrevet 24. august 2008 Forfatter Del Skrevet 24. august 2008 Tusen takk for rask hjelp Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå