kozse_jente

31. august 2008

Ja grumset ble slettet.

Du kan fjerne combofix start->kjør(søk) combofix /u Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

Surf trygt

Takk takk! :-D

31. august 2008

har fått løst problemet! takk for hjelpen!

29. august 2008

Ta utgangspunkt i norbat sitt innlegg i post #9

Hva er det du ikke forstår?

jeg har prøvd det, men jeg forsto ikke helt hvordan jeg skulle få det i sikkerhets modus eller hva det heter, og hva jeg skal komme med slike logger og hva jeg skal slette osv

28. august 2008

En kjenning har fått en festlig trojaner på sin lapton. Trojaneren heter i følge Normann antivirus Tibs.gen222 og flytter det til karantene. Imidlertid hyler antivirusprogrammet hele tiden og det er ikke mulig å fjerne trojaneren.

Det er en dat.fil som heller ikke går å fjerne - _c005DA40.dat som ligger i katalogen Windows\system32\_c005DA40.dat

Har nå kjørt Superantispyware og Malwarebytes' Anti-malware og begge programmer kan ikke hjelpe og finner heller ikke filene.

Noen som har gode idéer til hjelp? Vil være svært takknemlig for gode forslag.

Hei jeg sliter med det samme!

jeg har prøvd det som står her men jeg trenger hjlp for jeg tror ikke at jeg forsto det riktig!

kan noen hjelpe meg med det?

7. januar 2008

CCleaner er et bra prog. til å tømme temporære filer etc. Det kan du beholde. Kjør det så ofte du ønsker.

SuperAntispyware (SAS) og Ad-Aware er antispywareprog. Jeg foretrekker SAS. Om du beholder ett eller begge det blir opp til deg.

NoLop kan du avinstallere. Du kan også fjerne mappa: C:\NoLopBackups

Hijackthis (hjt) er et litt spesielt program som ikke uten videre brukes til noe uten at man bør la noen som kan sjekke loggen den lager. Du kan derfor avinstallere programmet fra legg til / fjern programmer. Slett også HijackThis-mappa

oki men hvor finner jeg de mappene? jeg finner de ikke! :-S

7. januar 2008

Ja, man bør være litt kritisk til hva man laster ned.

Combofix kan du avinstallere da det bare er å laste ned en oppdatert versjon om man senere får behov for det. For å fjerne det gjør du følgende:

Trykk på Startknappen->Kjør

Skriv: ComboFix /u

Trykk Ok, og combofix vil avinstallere seg.

Takk for tipset! er har blit gjort! ;-)

men et sprøsmål nå har jeg da en del slike programmer for å fjerne div drit fra PC-en! hvem bør jeg beholde og hvem kan jeg slette?

jeg har CCleaner, Ad-Aware, NoLop, HiijackThis og SUPERAantispyware

7. januar 2008

Ok, fint.

Får du problemer senere er det bare å stikke innom igjen.

Surf trygt!

Det skal jeg gjøre! dette var jo bare helt toppers at man kan finne noen som kan hjelpe til gjenom en slik side! :-D

takk det skal jeg gjøre! skal være veldig kresen på hva jeg laster ned nå ja! ;-)

6. januar 2008

Det er ok,

Hjt-loggen ser fin ut.

Det er fortsatt en tjeneste fra F-secure som kjører. Den kan vi avslutte:

Klikk Startknappen->Kjør

Der skriver du: services.msc

I lista over tjenester, finner du tjenesten: FSGKHS (F-Secure Gatekeeper Handler Starter)

Høyreklikk på tjenesten, velg egenskaper, under oppstartstype velger du Deaktivert.

Du bør oppdatere java: http://java.com/en/download/index.jsp

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc,

fjern merket igjen for å aktivere funksjonen.

da har jeg gjort det med Systemgjenopprettingen men den andre tjenesten du skrev var stoppet!

men det ser ut som nå at problemet er borte! tusen takk for hjelpen!

6. januar 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:23:48, on 06.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Programfiler\Ahead\InCD\InCD.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\Programfiler\D-Tools\daemon.exe

C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\FinePixViewer\QuickDCF2.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\Windows Desktop Search\WindowsSearch.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\Cpqdiag\Cpqdfwag.exe

C:\Programfiler\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\Programfiler\Ahead\InCD\InCDsrv.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn1\yt.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Programfiler\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: ExifLauncher2.lnk = C:\Programfiler\FinePixViewer\QuickDCF2.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PC-søk i Windows.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe

O4 - Global Startup: Status Monitor.lnk = C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: IE-skjold - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: IE-skjold... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - (no file)

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programfiler\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programfiler\Ahead\InCD\InCDsrv.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 10492 bytes

her er loggen fra trend micro! hvis det var det programmet du menete?

det ser ut som at pop ups ene har blit borte :-D

tusen takk for at du hjelper meg! dette er toppen!

6. januar 2008

2008-01-06 20:59 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-06 19:32 . 2008-01-06 19:33 <DIR> d----c--- C:\NoLopBackups

2008-01-06 17:37 . 2008-01-06 19:16 <DIR> dr-h----- C:\Documents and Settings\Eier\Siste

2008-01-03 21:10 . 2008-01-03 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Messenger Plus!

2008-01-03 20:01 . 2008-01-06 15:51 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-01-03 20:01 . 2008-01-03 20:01 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-03 20:01 . 2008-01-03 20:01 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\SUPERAntiSpyware.com

2008-01-03 20:01 . 2008-01-03 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-01-02 19:02 . 2008-01-02 19:36 <DIR> d-------- C:\Programfiler\XoftSpySE

2008-01-02 16:59 . 2008-01-02 16:59 <DIR> d-------- C:\Programfiler\Hole Online Nurb

2007-12-21 20:05 . 2007-12-21 20:05 <DIR> d-------- C:\Programfiler\Fellesfiler\DirectX

2007-12-21 20:04 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2007-12-21 20:04 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2007-12-21 20:04 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

2007-12-21 20:04 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll

2007-12-21 20:04 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

2007-12-21 20:04 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll

2007-12-21 20:04 . 2007-01-08 15:30 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2007-12-21 19:59 . 2007-12-21 19:59 <DIR> d-------- C:\Programfiler\Codemasters

2007-12-16 23:09 . 2008-01-02 17:00 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\Hole Online Nurb

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-06 18:04 --------- d-----w C:\Programfiler\Trend Micro

2008-01-02 17:56 --------- d-----w C:\Programfiler\Logitech

2008-01-02 16:32 --------- d-----w C:\Programfiler\Messenger Plus! Live

2008-01-02 16:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\size regs blah beep

2007-12-30 21:49 5,689 ----a-w C:\Documents and Settings\Incomplete\downloads.dat

2007-12-11 19:44 --------- d-----w C:\Programfiler\Onlinebandit-no

2007-12-08 22:44 --------- d-----w C:\Documents and Settings\Eier\Programdata\Azureus

2007-11-26 15:09 --------- d-----w C:\Documents and Settings\Eier\Programdata\Image Zone Express

2007-11-25 17:21 --------- d-----w C:\Documents and Settings\Eier\Programdata\U3

2007-11-24 23:33 --------- d-----w C:\Programfiler\FinePixViewer

2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-06 19:46 --------- d-----w C:\Documents and Settings\Eier\Programdata\FUJIFILM

2007-11-06 19:39 --------- d-----w C:\Programfiler\PIXELA

2007-11-06 19:38 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-11-06 19:33 --------- d-----w C:\Documents and Settings\Eier\Programdata\InstallShield

2007-11-06 19:32 --------- d-----w C:\Programfiler\REGSHAVE

2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-25 16:57 8,460,800 ------w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-11 06:14 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll

2007-10-11 06:14 658,944 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-11 06:14 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-11 06:14 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-11 06:14 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-11 06:14 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-10-11 06:14 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-11 06:14 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-10-11 06:14 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-10-11 06:14 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll

2007-10-11 06:14 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-11 06:14 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-11 06:14 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll

2007-10-11 06:14 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-11 06:14 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-10-11 06:14 1,054,720 ------w C:\WINDOWS\system32\dllcache\danim.dll

2007-10-11 06:14 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll

2007-10-10 11:16 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe

2007-08-17 15:25 29,976 ----a-w C:\Documents and Settings\Eier\Programdata\GDIPFONTCACHEV1.DAT

1998-08-24 11:09 10,000 -c--a-w C:\WINDOWS\inf\unregpn.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-03-09 15:16 155648]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"InCD"="C:\Programfiler\Ahead\InCD\InCD.exe" [2003-09-15 14:58 1212466]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]

"DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2004-08-22 16:05 81920]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"REGSHAVE"="C:\Programfiler\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"CPQDFWAG"="C:\WINDOWS\Cpqdiag\CpqDfwAg.exe" [2003-03-13 15:14 212992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2004-06-02 16:48:22]

ExifLauncher2.lnk - C:\Programfiler\FinePixViewer\QuickDCF2.exe [2007-11-06 20:34:26]

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]

HP Image Zone Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2004-03-15 19:45:34]

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

PC-s›k i Windows.lnk - C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

Status Monitor.lnk - C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe [2006-08-09 15:34:18]

Windows Desktop Search.lnk - C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2005-03-17 13:45 40960 --a------ C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kornprcf]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Programfiler\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2005-03-17 13:25 57393 --a--c--- C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Programfiler\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spam Blocker for Outlook Express]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBlocker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySpotter System Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

R0 DiMaint;Eicon Maintenance Driver;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2002-12-04 13:49]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-08-29 15:12]

R2 DiCapi;Eicon CAPI 2.0 Driver;C:\WINDOWS\system32\DRIVERS\DISDN\capi202k.sys [2002-12-09 11:06]

R2 DiPort;Eicon Port Driver;C:\WINDOWS\system32\DRIVERS\DISDN\diport40.sys [2004-01-20 10:27]

R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2004-03-19 08:41]

R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]

R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 01:49]

R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 15:50]

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-07-09 09:50]

R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-07-12 10:38]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]

R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys [2003-07-17 16:06]

S2 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys []

S2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys []

S2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys []

S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]

S3 DiWan;Eicon Driver for all Diva Client cards;C:\WINDOWS\system32\drivers\disdn\diwan.sys [2004-02-27 14:05]

S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2003-03-26 11:13]

S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]

S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]

S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]

S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]

S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys []

S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 12:58]

S3 WAM;Wicked Access by Mark;C:\Programfiler\IBM\IBM Rapid Restore Ultra\WAM.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04207ca0-9b78-11dc-8c68-000fb3913c0a}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

"2008-01-03 23:00:01 C:\WINDOWS\Tasks\Scheduled scanning task.job"

- C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-SECU~1\ANTI-V~1\report.txt

"2008-01-06 19:58:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-06 21:10:21

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-06 21:13:47 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-06 20:13:41

.

2007-12-22 20:58:44 --- E O F ---

her er det jeg fikk etter jeg kjørte det programmet!

6. januar 2008

Trykk på startknappen og velg Kjør
Skriv: cmd, og klikk ok

Det åpnes et sort vindu hvor kursoren vil stå og blinke. Skriv følgende (det som står i fet skrift):

sc stop FSGKHS (trykk: Enter)

sc delete FSGKHS (trykk: Enter)

Lukk vinduet.

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix (c:\combofix.txt)

Hei jeg får bare beskjed om at tjenesten ikke er instalert!

6. januar 2008

Start HJT igjen, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O4 - HKLM\..\Run: [blah beep proxy cdrom] C:\Documents and Settings\All Users\Programdata\size regs blah beep\tool bone.exe

O4 - HKCU\..\Run: [free slow] C:\DOCUME~1\Eier\PROGRA~1\HOLEON~1\dash frag.exe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eier\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - (no file)

O23 - Service: FSMA - F-Secure Corporation - (no file)

Hvis du ikke har gjort det, så gjør følgende:

Hent NoLop.exe, legg det på skrivebordet.

Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen.

Finn logg-filen, ( C:\NoLop.txt ) og post den sammen med ny hjt-logg.

da har jeg gjort det! men hvor finner jeg logg filen?

Start HJT igjen, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O4 - HKLM\..\Run: [blah beep proxy cdrom] C:\Documents and Settings\All Users\Programdata\size regs blah beep\tool bone.exe

O4 - HKCU\..\Run: [free slow] C:\DOCUME~1\Eier\PROGRA~1\HOLEON~1\dash frag.exe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eier\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - (no file)

O23 - Service: FSMA - F-Secure Corporation - (no file)

Hvis du ikke har gjort det, så gjør følgende:

Hent NoLop.exe, legg det på skrivebordet.

Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen.

Finn logg-filen, ( C:\NoLop.txt ) og post den sammen med ny hjt-logg.

da har jeg gjort det! men hvor finner jeg logg filen?

jeg fant ut nå hva du mente hehe

her er den!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:39:35, on 06.01.2008