Sjekke logger, fjerning av malware

24 innlegg i emnet

Skrevet

Hei,

Nå har jeg fulgt oppskriften og kjørt de anbefalte programmene. Mine loggfiler er gjengitt nedenfor. Hvordan ser dette ut?

Malwarebytes' Anti-Malware 1.25

Database versjon: 1071

Windows 5.1.2600 Service Pack 2

20:01:32 19.08.2008

mbam-log-08-19-2008 (20-01-32).txt

Skanntype: Rask Skann

Objekter skannet: 48148

Tid tilbakelagt: 5 minute(s), 55 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 1

Registernøkler infisert: 1

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 4

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

C:\WINDOWS\system32\__c00F22EC.dat (Trojan.Agent) -> Delete on reboot.

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00f22ec (Trojan.Agent) -> Delete on reboot.

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f3cd250.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\WINDOWS\system32\__c00747B8.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c00995CC.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c00F22EC.dat (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

ComboFix 08-08-18.05 - jev 2008-08-19 20:38:59.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.161 [GMT 2:00]

Running from: C:\Documents and Settings\jev\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Administrator\UserData

C:\Documents and Settings\Administrator\UserData\9R6E3KIR\oWindowsUpdate[1].xml

C:\Documents and Settings\Administrator\UserData\index.dat

C:\Documents and Settings\Administrator\UserData\KOPBLU2F\oWindowsUpdate[1].xml

C:\Documents and Settings\jev\UserData

C:\Documents and Settings\jev\UserData\index.dat

C:\xcrashdump.dat

.

((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 )))))))))))))))))))))))))))))))

.

2008-08-19 20:11 . 2008-08-19 20:11 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-08-19 20:11 . 2008-08-19 20:11 <DIR> d-------- C:\Documents and Settings\jev\Programdata\SUPERAntiSpyware.com

2008-08-19 20:11 . 2008-08-19 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-08-19 20:10 . 2008-08-19 20:10 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-19 19:53 . 2008-08-19 19:53 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-08-19 19:53 . 2008-08-19 19:53 <DIR> d-------- C:\Documents and Settings\jev\Programdata\Malwarebytes

2008-08-19 19:53 . 2008-08-19 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-08-19 19:53 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-19 19:53 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-19 19:48 . 2008-08-19 19:48 <DIR> dr-h----- C:\Documents and Settings\jev\Siste

2008-08-19 19:43 . 2008-08-19 19:43 <DIR> d-------- C:\Programfiler\CCleaner

2008-08-17 20:15 . 2008-08-18 19:44 <DIR> d-------- C:\Programfiler\Total Video Converter

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\jev\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\Frank\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Intel

2008-08-16 08:58 . 2008-08-16 08:58 <DIR> d-------- C:\Programfiler\K-Lite Codec Pack

2008-08-13 18:42 . 2008-08-19 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-08-13 18:41 . 2008-08-19 18:56 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy

2008-08-09 18:05 . 2008-08-16 18:45 <DIR> d-------- C:\Programfiler\Canon

2008-08-09 17:53 . 2008-08-09 17:53 <DIR> d-------- C:\Programfiler\Fellesfiler\Canon

2008-08-03 16:16 . 2008-08-16 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-08-03 09:30 . 2008-08-03 09:30 <DIR> d-------- C:\Programfiler\Ashampoo

2008-08-01 12:07 . 2008-08-16 09:00 <DIR> d-------- C:\Programfiler\Windows Desktop Search

2008-08-01 12:02 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata\Intel(2)

2008-08-01 12:02 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Intel(2)

2008-08-01 12:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Intel(2)

2008-08-01 11:59 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\jev\Programdata\Intel(2)

2008-07-31 22:15 . 2008-08-16 08:58 <DIR> d-------- C:\WINDOWS\system32\tdk-screensaver-c02 dir

2008-07-31 22:15 . 2008-07-31 22:15 201,728 --a------ C:\WINDOWS\system32\tdk-screensaver-c02.scr

2008-07-31 20:55 . 2008-07-31 20:55 <DIR> d-------- C:\Programfiler\iPod

2008-07-31 20:52 . 2008-07-31 20:52 <DIR> d-------- C:\Programfiler\Bonjour

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-19 18:41 --------- d-----w C:\Documents and Settings\jev\Programdata\DNA

2008-08-19 16:53 --------- d-----w C:\Documents and Settings\jev\Programdata\BitTorrent

2008-08-19 16:45 --------- d-----w C:\Programfiler\Google

2008-08-16 06:59 --------- d-----w C:\Programfiler\Nokia

2008-08-16 06:59 --------- d-----w C:\Programfiler\Lavasoft

2008-08-16 06:59 --------- d-----w C:\Documents and Settings\jev\Programdata\Lavasoft

2008-08-05 07:25 25,936 ----a-w C:\Documents and Settings\jev\Programdata\GDIPFONTCACHEV1.DAT

2008-07-31 18:56 --------- d-----w C:\Programfiler\iTunes

2008-07-31 18:51 --------- d-----w C:\Programfiler\QuickTime

2008-07-31 18:34 --------- d-----w C:\Programfiler\Apple Software Update

2008-07-30 13:45 --------- d-----w C:\Programfiler\Java

2008-07-22 18:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es(2).dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-05-26 19:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin

2008-05-26 19:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin

.

------- Sigcheck -------

2007-06-13 15:24 1033216 2964b3f5e59f5d989252e2564a21a4c1 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1033216 1a8e8cace017e1b143de91e11987ed39 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 14:00 1032192 0b4a898de1aa20d133c91ba260e7a8a1 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2004-08-04 14:00 1032192 0b4a898de1aa20d133c91ba260e7a8a1 C:\WINDOWS\SoftwareDistribution\Download\e2b8b940cb82673a5b65d230a9b6971a\backup\explorer.exe

2007-06-13 15:24 1033216 2964b3f5e59f5d989252e2564a21a4c1 C:\WINDOWS\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-04-26 18:25 288576]

"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288]

"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40 98394]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:27 1015808]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-23 13:23 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-23 13:18 126976]

"eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-11 16:13 290816]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-11-21 13:43 790528]

"WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 16:17 184320]

"NGClient"="C:\Programfiler\Symantec\Ghost\ngctw32.exe" [2004-08-26 16:35 439448]

"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-11-19 09:14 233534]

"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]

"OfficeScanNT Monitor"="C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 16:16 356352]

"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 802816]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 696320]

"SynTPStart"="C:\Programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]

"AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 15:10 88358 C:\WINDOWS\AGRSMMSG.exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 13:31 29696 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2004-10-26 12:20:42 569405]

DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2005-04-26 10:01:26 184320]

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\KEM.exe [2006-02-24 09:27:49 581632]

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Symantec\\Ghost\\ngctw32.exe"=

"C:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Programfiler\\DNA\\btdna.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

R0 GhMon;GhostMountMonitor - Boot Phase Driver;C:\WINDOWS\system32\Drivers\ghmon.sys [2004-08-26 16:03]

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-04 00:26]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-09-02 12:30]

S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;C:\WINDOWS\system32\Drivers\ghpcw2k.sys [2004-08-26 16:04]

S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;C:\WINDOWS\system32\Drivers\ghpcw2k.sys [2004-08-26 16:04]

S2 NGClient;Symantec Ghost Win32 Client Agent;C:\Programfiler\Symantec\Ghost\ngctw32.exe [2004-08-26 16:35]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2003-10-22 15:27]

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 10:03]

S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 16:51]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-07-22 20:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a5e8313-a177-11dc-86f8-0012f0974631}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

2008-08-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

.

- - - - ORPHANS REMOVED - - - -

Notify-__c00F22EC - (no file)

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.united.no/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx

C:\WINDOWS\Downloaded Program Files\KooPlayer.ocx

O16 -: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} - hxxp://www.navigram.com/engine/v812/PageDive5.cab

C:\WINDOWS\Downloaded Program Files\PageDive5.inf

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-19 20:41:23

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????3?9?7?8??????? ?4?B?????????????hLC????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-19 20:43:34

ComboFix-quarantined-files.txt 2008-08-19 18:43:31

Pre-Run: 32,044,896,256 byte ledig

Post-Run: 32,070,651,904 byte ledig

205 --- E O F --- 2008-08-18 17:51:58

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:57:42, on 19.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\DNA\btdna.exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Logitech\SetPoint\KEM.exe

C:\Programfiler\Logitech\SetPoint\KHALMNPR.EXE

C:\WINDOWS\TEMP\SW4D0B.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\HPQ\Shared\hpqwmi.exe

C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.united.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [NGClient] C:\Programfiler\Symantec\Ghost\ngctw32.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [synTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\KEM.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197826774234

O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.navigram.com/engine/v812/PageDive5.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: __c00F22EC - C:\WINDOWS\

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\Shared\hpqwmi.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Programfiler\Symantec\Ghost\ngctw32.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

--

End of file - 11164 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Det ser mye bedre ut :)

Fortsett med følgende:

Kjør en rens med CCleaner. Sørg for at du har fjernet avkryssingen som nevnt under:

Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "Bare slett midlertidige filer som er eldre enn 48 timer". Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Post deretter ny hjt-logg.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ok, her kommer ny HJT-logg:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:20:37, on 19.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Programfiler\DNA\btdna.exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Logitech\SetPoint\KEM.exe

C:\Programfiler\Logitech\SetPoint\KHALMNPR.EXE

C:\WINDOWS\TEMP\SW4D0B.EXE

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\HPQ\Shared\hpqwmi.exe

C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Programfiler\Google\Gmail Notifier\gnotify.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.united.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [NGClient] C:\Programfiler\Symantec\Ghost\ngctw32.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [synTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\KEM.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197826774234

O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.navigram.com/engine/v812/PageDive5.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: __c00F22EC - C:\WINDOWS\

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\Shared\hpqwmi.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Programfiler\Symantec\Ghost\ngctw32.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

--

End of file - 10669 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Foreløpig gjennomgang av logg:

C:\WINDOWS\TEMP\SW4D0B.EXE (nasty - må sjekkes på nettet)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) kan slettes

C:\Programfiler\DNA\btdna.exe (ukjent, men denne er trygg såvidt jeg vet)

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe" (samme som den forrige)

O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.navigram.com/engine/v812/PageDive5.cab (trenger innspill fra eksperter her)

O20 - Winlogon Notify: __c00F22EC - C:\WINDOWS\ (samme her)

Dette er et foreløpig svar, jeg er ikke spesialisert på Hijackthis eller virusfjerning. Jeg svarer siden tråden din var "usynlig" på listen over 24 siste timer inntil rett før den forsvinner.

Jeg sjekker den ene filen på nettet, men du får uansett svar fra noen andre her.

------

EDIT:

Jeg får null treff på nettet på sw4d0b.exe - så førsteinntrykket mitt er "slett den !".

Mest mistenkelig av de ukjente er O20 - Winlogon Notify.

Men du får uansett svar fra norbat, snippsat eller r2d290 - så her kan du avvente svar.

Svaret mitt var mer rettet mot å "redde tråden" enn mot å gi et perfekt svar, så jeg hopper over å analysere de ukjente filene.

Endret av Morten58
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Start->kjør->%temp%

<slett alt som kommer her>

---

Start HijackThis "scan" finn denne linjen merk den,så trykk fix checked.

O20 - Winlogon Notify: __c00F22EC - C:\WINDOWS\

---

Restart.

---

Lag en ny hijackthis logg.

Til Morten.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) kan slettes

Vi lar den være hører til MSN.

http://www.castlecops.com/tk32132-HTC_DLL_..._01_00_dll.html

"btdna.exe" er ok som du sier torrent client.

www.navigram.com = ok.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Noe spesielt med de 2 andre ?

C:\WINDOWS\TEMP\SW4D0B.EXE var fullstendig ukjent, det er omtrent første gang jeg ikke finner treff ?

O20 - Winlogon Notify: __c00F22EC - C:\WINDOWS\ minner sterkt om lignende treff i annen logg påTrojan.Vundo eller Trojan.Agent ?

Det var først og fremst på den siste jeg bestemte å overlate nøyere sjekk til dere, og droppe svar selv. TEMP-filen var temmelig opplagt unødvendig, men den valgte jeg å sjekke.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Takk for hjelpen så langt! PC-en fungerer mye bedre nå. Her kommer ny HJT-logg:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:58:32, on 22.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe

C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\DNA\btdna.exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Logitech\SetPoint\KEM.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\Logitech\SetPoint\KHALMNPR.EXE

C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\WINDOWS\TEMP\VD51C4.EXE

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\HPQ\Shared\hpqwmi.exe

C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.united.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [NGClient] C:\Programfiler\Symantec\Ghost\ngctw32.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [synTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\KEM.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197826774234

O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.navigram.com/engine/v812/PageDive5.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\Shared\hpqwmi.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Programfiler\Symantec\Ghost\ngctw32.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

--

End of file - 10555 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Slett denne filen,skulle vært slett viss du har gjor dette "Start->kjør->%temp%"-->slett

C:\WINDOWS\TEMP\VD51C4.EXE

Problemer da bruker du denne Unlocker

Da er du ren :thumbup:

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

Sjekk java Java.

Sufr trygt.

Endret av snippsat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Du bør sjekke om det dukker opp noen nye EXE-filer i Temp-mappen om 1 dag.

Min vurdering av HJT-logg fant C:\WINDOWS\TEMP\SW4D0B.EXE

Snippsat fant C:\WINDOWS\TEMP\VD51C4.EXE

Begge har "dukket opp fra intet" - det kan være et gjenværende problem her. I slike tilfeller ligger det vanligvis et installer-program i bakgrunnen som reinstallerer fil under tilfeldig navn på 6 bokstaver.

Hvis det dukker opp igjen en slik fil:

- Du kan ha et skjult problem - en "installer" som må fjernes.

- eller det kan være et backdoor-program som tillater ting å lastes ned fra nettet.

- eller dette kan være helt lovlig del av annet program (litt mer tvilsomt).

Endret av Morten58
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Klarer ikke å slette den nevnte filen, selv ved bruk av unlocker. Jeg svarte også ja på "slett ved neste oppstart av systemet", men filen er fortsatt der etter restart.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Kjenner du http://www.navigram.com/ (en av de ukjente filene) ?

Samme som PageDive.

PageDive is a free active-X control to experience 3D in your webpage or in other applications. Based on this view the company created template applications. These templates are fully functional 3D applications that can be easily configured for a specific customer, making the cost of creating and maintaining appealing 3D content on your site very reasonable. Incorporating 3D in a webpage is as easy as putting an image in a page.

Filen dukker opp i noen spyware-tråder, men ble kun fjernet i en av de jeg sjekket. Filen dukker opp i lignende saker som her, men også noen som ikke ligner.

Endret av Morten58
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Last ned Avenger

Kopiere fet tekst,start avenger lim tekst inn i "input script here"

Trykk på execute knappen.

Files to delete:

C:\WINDOWS\TEMP\VD51C4.EXE

Denne vil slette filen er det flere filer i temp mappen kan du legg dem til.

Kjør en runde med CCleaner som dette.

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

Endret av snippsat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Du bør sjekke om det dukker opp noen nye EXE-filer i Temp-mappen om 1 dag.

Min vurdering av HJT-logg fant C:\WINDOWS\TEMP\SW4D0B.EXE

Snippsat fant C:\WINDOWS\TEMP\VD51C4.EXE

Begge har "dukket opp fra intet" - det kan være et gjenværende problem her. I slike tilfeller ligger det vanligvis et installer-program i bakgrunnen som reinstallerer fil under tilfeldig navn på 6 bokstaver.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Det er tydelig at denne filen er vanskelig å bli kvitt, den endrer navn ved restart. Logg fra avenger:

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Error: file "C:\WINDOWS\TEMP\VD51C4.EXE" not found!

Deletion of file "C:\WINDOWS\TEMP\VD51C4.EXE" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

File "C:\WINDOWS\TEMP\spnserv.dat" deleted successfully.

File "C:\WINDOWS\TEMP\spserv.dat" deleted successfully.

File "C:\WINDOWS\TEMP\WGAErrLog.txt" deleted successfully.

File "C:\WINDOWS\TEMP\WGANotify.settings" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Kjør en scan til med Hijackthis for å finne ut hva filen heter NÅ, og slett den med Avenger etterpå.

Filen bytter trolig navn støtt og stadig - 6 bokstaver + EXE.

Jeg kan godt sjekke loggen for akkurat den filen - men du finner den også selv. Du kan bruke Søk etter i Notisblokk for å finne C:\WINDOWS\TEMP

Endret av Morten58
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Kjør en scan til med Hijackthis for å finne ut hva filen heter NÅ, og slett den med Avenger etterpå.

Filen bytter trolig navn støtt og stadig - 6 bokstaver + EXE.

Jeg kan godt sjekke loggen for akkurat den filen - men du finner den også selv.

Kjør først en ny runde med Malwarebytes antimalware.

Det hadde sikkert ikke vært så dumt med en combofix-log også. Ta combofix først, og så Hijack ;)

Endret av r2d290
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Kjør først en ny runde med Malwarebytes antimalware.

Det hadde sikkert ikke vært så dumt med en combofix-log også. Ta combofix først, og så Hijack ;)

Det ser ut til at fila er borte. Her er combofixlogg og HJT-logg:

ComboFix 08-08-21.02 - jev 2008-08-23 10:42:53.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.107 [GMT 2:00]

Running from: C:\Documents and Settings\jev\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))

.

2008-08-23 09:25 . 2008-08-23 09:25 <DIR> dr-h----- C:\Documents and Settings\jev\Siste

2008-08-22 18:38 . 2008-08-22 18:39 <DIR> d-------- C:\Programfiler\Unlocker

2008-08-19 22:46 . 2008-08-19 22:46 <DIR> d--hs---- C:\Documents and Settings\jev\UserData

2008-08-19 20:56 . 2008-08-19 20:56 <DIR> d-------- C:\HJT

2008-08-19 20:11 . 2008-08-19 20:11 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-08-19 20:11 . 2008-08-19 20:11 <DIR> d-------- C:\Documents and Settings\jev\Programdata\SUPERAntiSpyware.com

2008-08-19 20:11 . 2008-08-19 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-08-19 20:10 . 2008-08-19 20:10 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-19 19:53 . 2008-08-19 19:53 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-08-19 19:53 . 2008-08-19 19:53 <DIR> d-------- C:\Documents and Settings\jev\Programdata\Malwarebytes

2008-08-19 19:53 . 2008-08-19 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-08-19 19:53 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-19 19:53 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-19 19:43 . 2008-08-19 19:43 <DIR> d-------- C:\Programfiler\CCleaner

2008-08-17 20:15 . 2008-08-18 19:44 <DIR> d-------- C:\Programfiler\Total Video Converter

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\jev\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\Frank\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Intel

2008-08-16 08:58 . 2008-08-16 08:58 <DIR> d-------- C:\Programfiler\K-Lite Codec Pack

2008-08-13 18:42 . 2008-08-19 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-08-13 18:41 . 2008-08-20 09:21 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy

2008-08-09 18:05 . 2008-08-16 18:45 <DIR> d-------- C:\Programfiler\Canon

2008-08-09 17:53 . 2008-08-09 17:53 <DIR> d-------- C:\Programfiler\Fellesfiler\Canon

2008-08-03 16:16 . 2008-08-16 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-08-03 09:30 . 2008-08-03 09:30 <DIR> d-------- C:\Programfiler\Ashampoo

2008-08-01 12:07 . 2008-08-16 09:00 <DIR> d-------- C:\Programfiler\Windows Desktop Search

2008-08-01 12:02 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata\Intel(2)

2008-08-01 12:02 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Intel(2)

2008-08-01 12:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Intel(2)

2008-08-01 11:59 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\jev\Programdata\Intel(2)

2008-07-31 22:15 . 2008-08-16 08:58 <DIR> d-------- C:\WINDOWS\system32\tdk-screensaver-c02 dir

2008-07-31 22:15 . 2008-07-31 22:15 201,728 --a------ C:\WINDOWS\system32\tdk-screensaver-c02.scr

2008-07-31 20:55 . 2008-07-31 20:55 <DIR> d-------- C:\Programfiler\iPod

2008-07-31 20:52 . 2008-07-31 20:52 <DIR> d-------- C:\Programfiler\Bonjour

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-23 08:38 --------- d-----w C:\Documents and Settings\jev\Programdata\DNA

2008-08-22 16:36 --------- d-----w C:\Documents and Settings\jev\Programdata\BitTorrent

2008-08-19 18:57 --------- d-----w C:\Programfiler\Trend Micro

2008-08-19 16:45 --------- d-----w C:\Programfiler\Google

2008-08-16 06:59 --------- d-----w C:\Programfiler\Nokia

2008-08-16 06:59 --------- d-----w C:\Programfiler\Lavasoft

2008-08-16 06:59 --------- d-----w C:\Documents and Settings\jev\Programdata\Lavasoft

2008-08-05 07:25 25,936 ----a-w C:\Documents and Settings\jev\Programdata\GDIPFONTCACHEV1.DAT

2008-07-31 18:56 --------- d-----w C:\Programfiler\iTunes

2008-07-31 18:51 --------- d-----w C:\Programfiler\QuickTime

2008-07-31 18:34 --------- d-----w C:\Programfiler\Apple Software Update

2008-07-30 13:45 --------- d-----w C:\Programfiler\Java

2008-07-22 18:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es(2).dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-05-26 19:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin

2008-05-26 19:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin

.

------- Sigcheck -------

2007-06-13 15:24 1033216 2964b3f5e59f5d989252e2564a21a4c1 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1033216 1a8e8cace017e1b143de91e11987ed39 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 14:00 1032192 0b4a898de1aa20d133c91ba260e7a8a1 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2004-08-04 14:00 1032192 0b4a898de1aa20d133c91ba260e7a8a1 C:\WINDOWS\SoftwareDistribution\Download\e2b8b940cb82673a5b65d230a9b6971a\backup\explorer.exe

2007-06-13 15:24 1033216 2964b3f5e59f5d989252e2564a21a4c1 C:\WINDOWS\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-04-26 18:25 288576]

"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40 98394]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:27 1015808]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-23 13:23 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-23 13:18 126976]

"eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-11 16:13 290816]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-11-21 13:43 790528]

"WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 16:17 184320]

"NGClient"="C:\Programfiler\Symantec\Ghost\ngctw32.exe" [2004-08-26 16:35 439448]

"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-11-19 09:14 233534]

"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]

"OfficeScanNT Monitor"="C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 16:16 356352]

"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 802816]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 696320]

"SynTPStart"="C:\Programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]

"AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 15:10 88358 C:\WINDOWS\AGRSMMSG.exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 13:31 29696 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2004-10-26 12:20:42 569405]

DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2005-04-26 10:01:26 184320]

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\KEM.exe [2006-02-24 09:27:49 581632]

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Symantec\\Ghost\\ngctw32.exe"=

"C:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Programfiler\\DNA\\btdna.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

R0 GhMon;GhostMountMonitor - Boot Phase Driver;C:\WINDOWS\system32\Drivers\ghmon.sys [2004-08-26 16:03]

R0 GhPostConfig;GhostPostConfig - Boot Phase Driver;C:\WINDOWS\system32\Drivers\ghpcw2k.sys [2004-08-26 16:04]

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-04 00:26]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-09-02 12:30]

S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;C:\WINDOWS\system32\Drivers\ghpcw2k.sys [2004-08-26 16:04]

S2 NGClient;Symantec Ghost Win32 Client Agent;C:\Programfiler\Symantec\Ghost\ngctw32.exe [2004-08-26 16:35]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2003-10-22 15:27]

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 10:03]

S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 16:51]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-07-22 20:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a5e8313-a177-11dc-86f8-0012f0974631}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

2008-08-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.united.no/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx

C:\WINDOWS\Downloaded Program Files\KooPlayer.ocx

O16 -: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} - hxxp://www.navigram.com/engine/v812/PageDive5.cab

C:\WINDOWS\Downloaded Program Files\PageDive5.inf

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-23 10:45:08

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????3?9?7?8??????? ?4?B?????????????hLC????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMSwissArmy]

"ImagePath"="\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Programfiler\Logitech\SetPoint\lgscroll.dll

.

Completion time: 2008-08-23 10:47:21

ComboFix-quarantined-files.txt 2008-08-23 08:47:15

ComboFix2.txt 2008-08-19 18:43:35

Pre-Run: 35,173,470,208 byte ledig

Post-Run: 35,171,930,112 byte ledig

197 --- E O F --- 2008-08-18 17:51:58

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:49:08, on 23.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\DNA\btdna.exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\HPQ\Shared\hpqwmi.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Logitech\SetPoint\KEM.exe

C:\Programfiler\Logitech\SetPoint\KHALMNPR.EXE

C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Trend Micro\OfficeScan Client\pccntupd.exe

C:\Programfiler\Sonic\RecordNow!\RecordNow.exe

C:\Programfiler\Google\Gmail Notifier\gnotify.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.united.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [NGClient] C:\Programfiler\Symantec\Ghost\ngctw32.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [synTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\KEM.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197826774234

O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.navigram.com/engine/v812/PageDive5.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\Shared\hpqwmi.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Programfiler\Symantec\Ghost\ngctw32.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

--

End of file - 10614 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Fila kommer tilbake ved oppstart. Avenger klarer ikke å fjerne den, får beskjed om at Avenger vil fjerne filen ved restart, men etter restart har filen nytt navn...

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Jeg vil anbefale deg å prøve en virussjekk og en spywaresjekk i følgende rekkefølge:

Dersom du har Windows XP kan en systemgjenoppretting etter at du har fjernet virusene føre til at du stiller tilbake maskinen til å være infisert igjen. Prøv først å fjerne virusene uten å deaktivere systemgjenoppretting.

Dersom du klarer å desinfisere maskinen stenger du av systemgjenoppretting, restarter og setter på systemgjenoppretting igjen. Dersom du ikke klarer å fjerne virus kan en systemgjenoppretting fungere, velg da et gjenopprettingspunkt hvor du VET du ikke var infisert.

All skanning etter virus og spyware skal du nå foreta i sikkermodus med nettverk.

Følg lenken dersom du ikke vet hvordan du starter i Sikkermodus med nettverk.

Foreta en virusskanning i nettleseren din med BitDefender. Dersom du finner virus starter du på nytt i sikkermodus med nettverk etter skanningen, og foretar en ny skanning.

Deretter tar du en spywaresjekk med Ewido Onlinescan. Dersom du finner spyware starter du på nytt i sikkermodus med nettverk etter skanningen, og foretar en ny skanning.

Så snart du har fått til å kjøre begge skannerne uten at de gir indikasjon på virus eller spyware er du ferdig med å skanne og skal starte maskinen i vanlig modus igjen.

Deretter kan du gå videre til å installere antivirusprogramvare og antispyware dersom du ikke har noe slikt fra før. Slike programmer finner du på oss.viztnd.com/secprog.shtml.

Les her dersom du ønsker informasjon om hva spyware er og hvordan du best mulig kan holde PC-en din ren for dette.

Les her dersom du ønsker lenker til informasjon om hva virus, trojanere og ormer er.

Når det gjelder sikkermodus skal du IKKE gjøre noe annet imens, dvs du skal ikke sitte og surfe her eller andre steder. Dette fordi du da kan starte spionprogrammene eller virusene manuelt.

Ovenstående svar med virus og spywaresjekk er basert på en utvidelse for Firefox som henter hurtigsvar på enkelte gjentagende spørsmål. Svarene hentes fra http://hurtigsvar.viztnd.com og utvidelsen til Firefox kan hentes fra www.home.no/apepost for de som ønsker det.

:)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Jallenbo:

Han er godt i gang med EN løsning allerede - litt mer avansert enn den du foreslår. Det er unødvendig å blande inn en haug av nye metoder nå. Vi har nesten samme guiden her også - den er blitt skjøvet mer i bakgrunnen siden januar 2008 siden den ikke funket noe særlig på nye trusler som MSN-viruset i januar 2008.

Du fortjener likevel kompliment for å ha gått bort fra programmer som installeres - siden de fleste har antivirus installert. Scan fra nettleser er en bedre løsning enn å installere Bitdefender (fordi 2 antivirus på samme maskin funker dårlig - TREGT). :thumbup:

Løsningen er helt OK - men det blir litt kaos med en haug av tiltak.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

johnve

Gå til Windows Update og oppdater til SP3

Deretter laster du ned ny combofix og poster logg + ny hjt-logg.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

jallenbo dette er er ikke nøvdvendig,du skjønner ikke helt hvor kraftig combofix er.

Det kan være at et program lager temp filer,ikke så uvanleig dette.

Scann filen som blir lagd her Virustotal

Unlocker bruker og si hviket program som har låst filen,sjekk det.

Fortsett med norbat sitt råd.

Endret av snippsat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Jeg vet utmerket godt hvor kraftig/god Combofix er.

Den er til og med så god at utviklerene ikke anbefaler personer med "normal" datakunnskap bruker den, da den også lett kan gjøre skade på systemet.

Trådstarter har jo kjørt Combofix tildligere, etter det jeg skjønner, og det har ikke fikset problemet.

Men om du føler at jeg ikke kan bidra med noe i denne tråden, kan jeg godt holde kjeft.

EDIT:

Due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

We also don't want folks using some of these tools without the supervison of an expert to guide them along

http://www.bleepingcomputer.com/forums/topic74900.html

Endret av Jallenbo
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

johnve

Gå til Windows Update og oppdater til SP3

Deretter laster du ned ny combofix og poster logg + ny hjt-logg.

SP3 installert.

ComboFix 08-08-27.06 - jev 2008-08-28 18:08:54.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.141 [GMT 2:00]

Running from: C:\Documents and Settings\jev\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))

.

2008-08-28 17:59 . 2008-08-28 17:59 522,530 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP

2008-08-28 17:49 . 2008-08-28 17:49 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

2008-08-28 17:43 . 2008-08-28 17:43 <DIR> d-------- C:\WINDOWS\system32\no

2008-08-28 17:43 . 2008-08-28 17:43 <DIR> d-------- C:\WINDOWS\system32\bits

2008-08-28 17:43 . 2008-08-28 17:43 <DIR> d-------- C:\WINDOWS\l2schemas

2008-08-28 17:38 . 2008-08-28 17:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-08-28 17:05 . 2004-08-04 00:54 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-08-23 09:25 . 2008-08-28 16:47 <DIR> dr-h----- C:\Documents and Settings\jev\Siste

2008-08-22 18:38 . 2008-08-22 18:39 <DIR> d-------- C:\Programfiler\Unlocker

2008-08-19 22:46 . 2008-08-19 22:46 <DIR> d--hs---- C:\Documents and Settings\jev\UserData

2008-08-19 20:56 . 2008-08-19 20:56 <DIR> d-------- C:\HJT

2008-08-19 20:11 . 2008-08-19 20:11 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-08-19 20:11 . 2008-08-19 20:11 <DIR> d-------- C:\Documents and Settings\jev\Programdata\SUPERAntiSpyware.com

2008-08-19 20:11 . 2008-08-19 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-08-19 20:10 . 2008-08-19 20:10 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-19 19:53 . 2008-08-19 19:53 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-08-19 19:53 . 2008-08-19 19:53 <DIR> d-------- C:\Documents and Settings\jev\Programdata\Malwarebytes

2008-08-19 19:53 . 2008-08-19 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-08-19 19:53 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-19 19:53 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-19 19:43 . 2008-08-19 19:43 <DIR> d-------- C:\Programfiler\CCleaner

2008-08-17 20:15 . 2008-08-18 19:44 <DIR> d-------- C:\Programfiler\Total Video Converter

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\jev\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\Frank\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Intel

2008-08-16 09:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Intel

2008-08-16 08:58 . 2008-08-16 08:58 <DIR> d-------- C:\Programfiler\K-Lite Codec Pack

2008-08-15 22:28 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-13 18:42 . 2008-08-19 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-08-13 18:41 . 2008-08-20 09:21 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy

2008-08-09 18:05 . 2008-08-16 18:45 <DIR> d-------- C:\Programfiler\Canon

2008-08-09 17:53 . 2008-08-09 17:53 <DIR> d-------- C:\Programfiler\Fellesfiler\Canon

2008-08-03 16:16 . 2008-08-16 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-08-03 09:30 . 2008-08-03 09:30 <DIR> d-------- C:\Programfiler\Ashampoo

2008-08-01 12:07 . 2008-08-16 09:00 <DIR> d-------- C:\Programfiler\Windows Desktop Search

2008-08-01 12:02 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata\Intel(2)

2008-08-01 12:02 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Intel(2)

2008-08-01 12:00 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Intel(2)

2008-08-01 11:59 . 2008-08-16 09:00 <DIR> d-------- C:\Documents and Settings\jev\Programdata\Intel(2)

2008-07-31 22:15 . 2008-08-16 08:58 <DIR> d-------- C:\WINDOWS\system32\tdk-screensaver-c02 dir

2008-07-31 22:15 . 2008-07-31 22:15 201,728 --a------ C:\WINDOWS\system32\tdk-screensaver-c02.scr

2008-07-31 20:55 . 2008-07-31 20:55 <DIR> d-------- C:\Programfiler\iPod

2008-07-31 20:52 . 2008-07-31 20:52 <DIR> d-------- C:\Programfiler\Bonjour

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-28 16:07 --------- d-----w C:\Documents and Settings\jev\Programdata\DNA

2008-08-22 16:36 --------- d-----w C:\Documents and Settings\jev\Programdata\BitTorrent

2008-08-19 18:57 --------- d-----w C:\Programfiler\Trend Micro

2008-08-19 16:45 --------- d-----w C:\Programfiler\Google

2008-08-16 06:59 --------- d-----w C:\Programfiler\Nokia

2008-08-16 06:59 --------- d-----w C:\Programfiler\Lavasoft

2008-08-16 06:59 --------- d-----w C:\Documents and Settings\jev\Programdata\Lavasoft

2008-08-05 07:25 25,936 ----a-w C:\Documents and Settings\jev\Programdata\GDIPFONTCACHEV1.DAT

2008-07-31 18:56 --------- d-----w C:\Programfiler\iTunes

2008-07-31 18:51 --------- d-----w C:\Programfiler\QuickTime

2008-07-31 18:34 --------- d-----w C:\Programfiler\Apple Software Update

2008-07-30 13:45 --------- d-----w C:\Programfiler\Java

2008-07-22 18:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es(2).dll

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-04-26 18:25 288576]

"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 18:40 98394]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:27 1015808]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-23 13:23 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-23 13:18 126976]

"eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-11 16:13 290816]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-11-21 13:43 790528]

"WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 16:17 184320]

"NGClient"="C:\Programfiler\Symantec\Ghost\ngctw32.exe" [2004-08-26 16:35 439448]

"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-11-19 09:14 233534]

"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]

"OfficeScanNT Monitor"="C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 16:16 356352]

"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 802816]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 696320]

"SynTPStart"="C:\Programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]

"AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 15:10 88358 C:\WINDOWS\AGRSMMSG.exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 13:31 29696 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2004-10-26 12:20:42 569405]

DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2005-04-26 10:01:26 184320]

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\KEM.exe [2006-02-24 09:27:49 581632]

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Symantec\\Ghost\\ngctw32.exe"=

"C:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Programfiler\\DNA\\btdna.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

R0 GhMon;GhostMountMonitor - Boot Phase Driver;C:\WINDOWS\system32\Drivers\ghmon.sys [2004-08-26 16:03]

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-04 00:26]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-09-02 12:30]

S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;C:\WINDOWS\system32\Drivers\ghpcw2k.sys [2004-08-26 16:04]

S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;C:\WINDOWS\system32\Drivers\ghpcw2k.sys [2004-08-26 16:04]

S2 NGClient;Symantec Ghost Win32 Client Agent;C:\Programfiler\Symantec\Ghost\ngctw32.exe [2004-08-26 16:35]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2003-10-22 15:27]

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 10:03]

S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 16:51]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-07-22 20:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a5e8313-a177-11dc-86f8-0012f0974631}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

2008-08-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.united.no/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx

C:\WINDOWS\Downloaded Program Files\KooPlayer.ocx

O16 -: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} - hxxp://www.navigram.com/engine/v812/PageDive5.cab

C:\WINDOWS\Downloaded Program Files\PageDive5.inf

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 18:11:45

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????3?9?7?8??p???? ?4?B?????????????hLC????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Programfiler\Logitech\SetPoint\lgscroll.dll

.

Completion time: 2008-08-28 18:14:05

ComboFix-quarantined-files.txt 2008-08-28 16:13:54

ComboFix2.txt 2008-08-23 08:47:22

Pre-Run: 34,142,334,976 byte ledig

Post-Run: 34,162,708,480 byte ledig

194 --- E O F --- 2008-08-18 17:51:58

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:15:02, on 28.08.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\DNA\btdna.exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Logitech\SetPoint\KEM.exe

C:\Programfiler\Logitech\SetPoint\KHALMNPR.EXE

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Programfiler\HPQ\Shared\hpqwmi.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.united.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [NGClient] C:\Programfiler\Symantec\Ghost\ngctw32.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [synTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\KEM.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197826774234

O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.navigram.com/engine/v812/PageDive5.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\Shared\hpqwmi.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Symantec Ghost Win32 Client Agent (NGClient) - Symantec Corporation - C:\Programfiler\Symantec\Ghost\ngctw32.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

--

End of file - 10128 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive