fjerne virus (combofix ,hijack logg)

2 innlegg i emnet

Skrevet

nå har eg fulgt punktene 1 til 5 og her er loggene :

Combofix logg :

ComboFix 08-06-16.5 - Halvor 2008-06-23 8:01:41.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.528 [GMT 2:00]

Running from: C:\Documents and Settings\Halvor\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\cdJiSvut.ini

C:\WINDOWS\system32\cdJiSvut.ini2

C:\WINDOWS\system32\dKknTvut.ini

C:\WINDOWS\system32\dKknTvut.ini2

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\gugiplni.ini

C:\WINDOWS\system32\mcitgaep.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\peagticm.ini

C:\WINDOWS\system32\pjirjjsy.ini

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\qcnbiwsa.ini

C:\WINDOWS\system32\seqnmwbe.ini

C:\WINDOWS\system32\vdnxmltg.ini

C:\WINDOWS\system32\WanPacket.dll

C:\WINDOWS\system32\wjfxfaoe.ini

C:\WINDOWS\system32\wpcap.dll

C:\WINDOWS\system32\xfwkemgi.dll

C:\WINDOWS\system32\yefxwhmq.ini

C:\WINDOWS\system32\ysjjrijp.dll

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))

.

2008-06-23 07:38 . 2008-06-23 07:38 <DIR> d-------- C:\fixwareout

2008-06-23 07:28 . 2008-06-23 07:28 <DIR> d--hs---- C:\FOUND.002

2008-06-22 10:16 . 2008-06-22 10:16 <DIR> d--hs---- C:\FOUND.001

2008-06-21 22:35 . 2008-06-21 22:35 <DIR> d--hs---- C:\FOUND.000

2008-06-19 17:40 . 2008-06-19 17:40 <DIR> d-------- C:\Program Files\Mininova

2008-06-19 17:40 . 2008-06-19 17:40 <DIR> d-------- C:\Program Files\Conduit

2008-06-19 12:13 . 2008-06-19 12:13 <DIR> d-------- C:\Nedlasta filer fra Utorrent

2008-06-19 09:29 . 2008-06-19 09:29 89,600 --a------ C:\WINDOWS\system32\fmvgodyg.VIR

2008-06-19 07:15 . 2008-06-19 07:15 <DIR> d-------- C:\Program Files\ccleaner

2008-06-18 15:31 . 2008-06-18 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-18 15:28 . 2008-06-18 15:28 <DIR> d-------- C:\Program Files\Avira Antivir Personal

2008-06-18 15:24 . 2008-06-18 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP

2008-06-18 13:41 . 2008-06-18 13:41 <DIR> d--hs---- C:\FOUND.046

2008-06-18 12:32 . 2008-06-18 12:32 <DIR> d-------- C:\Program Files\Spywareblaster

2008-06-18 12:24 . 2008-06-18 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-06-18 12:23 . 2008-06-18 12:23 <DIR> d-------- C:\Documents and Settings\Halvor\Application Data\SUPERAntiSpyware.com

2008-06-18 12:22 . 2008-06-18 12:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-18 12:20 . 2005-03-21 14:59 53,248 --------- C:\WINDOWS\system32\monitusb.exe

2008-06-18 12:01 . 2008-06-18 12:01 <DIR> d-------- C:\Program Files\SuperAntispyware pro

2008-06-18 11:00 . 2008-06-18 11:00 98,816 --------- C:\WINDOWS\system32\mcgcbgyx.dll

2008-06-18 10:51 . 2008-06-18 10:51 <DIR> d--hs---- C:\FOUND.045

2008-06-18 09:09 . 2008-06-18 09:09 <DIR> d--hs---- C:\FOUND.044

2008-06-18 08:48 . 2008-06-18 08:48 <DIR> d--hs---- C:\FOUND.043

2008-06-17 11:12 . 2008-06-17 11:12 <DIR> d--hs---- C:\FOUND.042

2008-06-16 21:42 . 2008-06-16 21:42 <DIR> d--hs---- C:\FOUND.041

2008-06-16 21:13 . 2008-06-16 21:13 <DIR> d--hs---- C:\FOUND.040

2008-06-16 20:52 . 2008-06-16 20:52 <DIR> d--hs---- C:\FOUND.039

2008-06-16 17:03 . 2008-06-16 17:03 <DIR> d--hs---- C:\FOUND.038

2008-06-16 16:49 . 2008-06-16 16:49 <DIR> d--hs---- C:\FOUND.037

2008-06-16 16:17 . 2008-06-16 16:17 <DIR> d--hs---- C:\FOUND.036

2008-06-16 14:27 . 2008-06-16 14:27 <DIR> d--hs---- C:\FOUND.035

2008-06-15 21:15 . 2008-06-15 21:15 <DIR> d--hs---- C:\FOUND.034

2008-06-15 21:01 . 2008-06-15 21:01 <DIR> d--hs---- C:\FOUND.033

2008-06-15 20:24 . 2008-06-15 20:24 <DIR> d--hs---- C:\FOUND.032

2008-06-15 00:04 . 2008-06-15 00:04 <DIR> d--hs---- C:\FOUND.031

2008-06-14 22:05 . 2008-06-14 22:05 <DIR> d--hs---- C:\FOUND.030

2008-06-14 17:53 . 2008-06-14 17:53 32,768 --a------ C:\WINDOWS\system32\cjdnqver.dll

2008-06-14 17:50 . 2008-06-14 17:50 32,768 --a------ C:\WINDOWS\system32\rnojfejv.dll

2008-06-12 17:36 . 2008-06-12 17:36 89,600 --a------ C:\WINDOWS\system32\iaijjsjg.dll

2008-06-12 17:33 . 2008-06-12 17:33 <DIR> d--hs---- C:\FOUND.029

2008-06-11 22:29 . 2008-06-11 22:29 <DIR> d--hs---- C:\FOUND.028

2008-06-11 21:01 . 2008-06-11 21:01 <DIR> d--hs---- C:\FOUND.027

2008-06-11 18:13 . 2008-06-11 18:13 <DIR> d--hs---- C:\FOUND.026

2008-06-11 17:41 . 2008-06-12 17:35 834 ---hs---- C:\WINDOWS\system32\uykmubdx.ini

2008-06-11 17:39 . 2008-06-11 17:39 <DIR> d--hs---- C:\FOUND.025

2008-06-11 14:17 . 2008-06-11 14:17 <DIR> d--hs---- C:\FOUND.024

2008-06-11 06:25 . 2008-06-11 06:25 <DIR> d--hs---- C:\FOUND.023

2008-06-10 16:57 . 2008-06-19 07:32 117 --a------ C:\WINDOWS\BM1e3c22e6.xml

2008-06-10 16:53 . 2008-06-10 16:53 <DIR> d--hs---- C:\FOUND.022

2008-06-10 16:29 . 2008-06-10 16:29 <DIR> d--hs---- C:\FOUND.021

2008-06-09 22:11 . 2008-06-09 22:11 <DIR> d--hs---- C:\FOUND.020

2008-06-09 10:09 . 2008-06-09 10:09 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-06-09 09:49 . 2008-06-09 09:49 <DIR> d-------- C:\Program Files\Windows Sidebar

2008-06-09 09:49 . 2008-06-09 09:49 <DIR> d-------- C:\Program Files\Norton AntiVirus

2008-06-09 09:48 . 2008-06-09 10:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-06-09 09:48 . 2008-06-09 10:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-06-09 09:48 . 2008-06-09 10:28 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-06-09 09:48 . 2008-06-09 10:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-06-09 09:24 . 2008-06-09 09:24 695 --a------ C:\WINDOWS\ST6UNST.000

2008-06-09 09:24 . 2008-06-09 09:24 0 --a------ C:\WINDOWS\SETUP.LST

2008-06-08 21:17 . 2008-06-08 21:17 <DIR> d--hs---- C:\FOUND.019

2008-06-08 12:09 . 2008-06-08 12:09 <DIR> d--hs---- C:\FOUND.018

2008-06-03 12:19 . 2008-06-03 12:19 <DIR> d--hs---- C:\FOUND.017

2008-05-27 20:01 . 2008-05-27 20:01 <DIR> d--hs---- C:\FOUND.016

2008-05-26 15:34 . 2008-05-26 15:34 <DIR> d--hs---- C:\FOUND.015

2008-05-25 23:13 . 2008-05-25 23:13 <DIR> d--hs---- C:\FOUND.014

2008-05-24 23:24 . 2008-05-24 23:24 <DIR> d--hs---- C:\FOUND.013

2008-05-24 20:13 . 2008-05-24 20:13 <DIR> d--hs---- C:\FOUND.012

2008-05-23 12:30 . 2008-05-23 12:30 <DIR> d--hs---- C:\FOUND.011

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-17 07:42 10,590 ----a-w C:\Program Files\uninstal.log

2008-05-09 17:33 --------- d-----w C:\Program Files\Josefine - Matterallyet

2008-05-09 10:33 --------- d-----w C:\Program Files\Norton Security Scan

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]

2008-06-15 20:50 1571864 --a------ C:\Program Files\Mininova\tbMini.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "C:\Program Files\Mininova\tbMini.dll" [2008-06-15 20:50 1571864]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F592709F-FF4A-4862-B659-4AFABDA56312}"= C:\Program Files\Mininova\tbMini.dll [2008-06-15 20:50 1571864]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-06 19:07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]

"LaunchApp"="Alaunch" []

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]

"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]

"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]

"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]

"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776]

"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"avgnt"="C:\Program Files\Avira Antivir Personal\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 18:30 517768]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-28 22:08 286720]

"BM1e3c22e6"="C:\WINDOWS\system32\fmvgodyg.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\Ny mappe\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk

backup=C:\WINDOWS\pss\ExifLauncher2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2008-02-14 11:01 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-09-28 22:08 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]

--a------ 2008-01-23 15:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-02-06 19:07 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\uTorrent\\utorrent.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]

R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-23 08:05:45

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"LogitechCameraAssistant"="C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Avira Antivir Personal\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira Antivir Personal\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\DOCUME~1\Halvor\LOCALS~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Completion time: 2008-06-23 8:08:02 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-23 06:07:58

Pre-Run: 36,390,862,848 bytes free

Post-Run: 36,314,087,424 bytes free

256 --- E O F --- 2007-11-15 07:37:30

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll

llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Her er Hijackthis loggen :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:08:54, on 23.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Avira Antivir Personal\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira Antivir Personal\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Avira Antivir Personal\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\DOCUME~1\Halvor\LOCALS~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1396957

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira Antivir Personal\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bM1e3c22e6] Rundll32.exe "C:\WINDOWS\system32\fmvgodyg.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\Ny mappe\SASWINLO.dll (file missing)

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira Antivir Personal\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira Antivir Personal\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--

End of file - 11340 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Denne tråden fortsetter i her.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider
Dette emnet er stengt for flere svar.

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive