[Løst]Kan noen se over disse loggene?

[mhw357]

Hei,

 

lurte på om noen som har spisskompetanse på det her kan se over disse loggene for å se om det fortsatt er igjen noe?

 

MBAM:

 

Malwarebytes' Anti-Malware 1.31

Databaseversjon: 1567

Windows 5.1.2600 Service Pack 2

 

29.12.2008 17:18:52

mbam-log-2008-12-29 (17-18-52).txt

 

Skanntype: Rask Skann

Objekter skannet: 53796

Tid tilbakelagt: 12 minute(s), 49 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 3

Registerverdier infisert: 2

Registerfiler infisert: 0

Mapper infisert: 1

Filer infisert: 2

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\CLSID\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38899829690572222030431989327700 (Rogue.Antivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\Programfiler\Antivirus 2009 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\WINDOWS\SYSTEM32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\åshild\Lokale innstillinger\Temp\dat6C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

 

Combofix:

 

ComboFix 08-12-28.04 - åshild 2008-12-29 17:28:23.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.511.166 [GMT 1:00]

Kjører fra: c:\documents and settings\åshild\Skrivebord\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\drivers\fad.sys

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-28 til 2008-12-29 )))))))))))))))))))))))))))))))))

.

 

2008-12-29 16:51 . 2008-12-29 16:51 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-12-29 16:51 . 2008-12-29 16:51 <DIR> d-------- c:\documents and settings\åshild\Programdata\Malwarebytes

2008-12-29 16:51 . 2008-12-29 16:51 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-12-29 16:51 . 2008-12-03 19:52 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2008-12-29 16:51 . 2008-12-03 19:52 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2008-12-29 16:48 . 2008-12-29 16:48 <DIR> d-------- c:\windows\LastGood

2008-12-04 18:53 . 2008-12-04 18:53 <DIR> d-------- c:\programfiler\Norton Security Scan

2008-12-02 23:17 . 2008-12-29 16:44 <DIR> d--h----- C:\$AVG8.VAULT$

2008-12-02 23:13 . 2008-12-29 16:14 <DIR> d-------- c:\windows\SYSTEM32\DRIVERS\Avg

2008-12-02 23:13 . 2008-12-03 21:51 <DIR> d-------- c:\documents and settings\åshild\Programdata\AVGTOOLBAR

2008-12-02 23:13 . 2008-12-02 23:13 97,928 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys

2008-12-02 23:13 . 2008-12-02 23:13 76,040 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys

2008-12-02 23:13 . 2008-12-02 23:13 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll

2008-12-02 23:12 . 2008-12-02 23:12 <DIR> d-------- c:\programfiler\AVG

2008-12-02 23:12 . 2008-12-02 23:12 <DIR> d-------- c:\documents and settings\All Users\Programdata\avg8

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

2008-12-04 17:57 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared

2008-11-07 17:32 2,109,440 ------w c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll

2008-10-24 11:10 453,632 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys

2008-10-23 13:01 283,648 ----a-w c:\windows\SYSTEM32\gdi32.dll

2008-10-23 13:01 283,648 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll

2008-10-16 13:15 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe

2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll

2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe

2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll

2008-10-15 17:01 332,800 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll

2008-10-15 07:06 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe

2008-10-15 07:04 161,792 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll

2008-10-03 10:17 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll

2008-10-03 10:17 247,326 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"updateMgr"="c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576]

"Apoint"="c:\programfiler\Apoint\Apoint.exe" [2002-08-22 143360]

"Dell QuickSet"="c:\programfiler\Dell\QuickSet\QuickSet.exe" [2003-01-31 364544]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 28672]

"RoxioEngineUtility"="c:\programfiler\Fellesfiler\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]

"RoxioDragToDisc"="c:\programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760]

"RoxioAudioCentral"="c:\programfiler\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]

"WinampAgent"="c:\programfiler\Winamp\Winampa.exe" [2003-04-02 12288]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-29 188416]

"HP Software Update"="c:\programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

"DeviceDiscovery"="c:\programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2004-06-14 286720]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2004-10-10 98304]

"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"Disk Monitor"="c:\programfiler\Lexar Media Inc.\USB Card Reader Driver v2.2(M)\Disk_Monitor.exe" [2004-06-29 491008]

"PCSuiteTrayApplication"="c:\programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]

"Telenor Online Start"="c:\programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 178312]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-02 1261336]

"nwiz"="nwiz.exe" [2004-10-26 c:\windows\SYSTEM32\nwiz.exe]

"PCTVOICE"="pctspk.exe" [2002-07-18 c:\windows\SYSTEM32\pctspk.exe]

"Status"="STATUS.EXE" [2001-10-29 c:\windows\SYSTEM32\STATUS.EXE]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\SYSTEM32\bthprops.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

"PcSync"="c:\programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Jensen AirLink.lnk - c:\programfiler\Wireless LAN Utility\SiWake.exe [2006-05-15 159744]

Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i263_32.drv

"VIDC.PIM1"= pclepim1.dll

"vidc.XVID"= xvid.dll

"vidc.3ivx"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"VIDC.MJPG"= pvmjpg21.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"c:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-02 97928]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-02 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-02 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-02 76040]

S2 TA128;Intelligent ISDN PCMCIA;c:\windows\system32\DRIVERS\TA128.SYS [2004-03-08 897963]

S3 ABOVCOM1;ABOVCOM1;c:\windows\system32\DRIVERS\ABOVCOM1.SYS [2004-03-08 88148]

S3 CoIsdn;Intelligent COISDN Adapter;c:\windows\system32\DRIVERS\CoIsdn.sys [2004-03-08 67297]

S3 DVDACCSS;DVDACCSS;\??\c:\progra~1\DVDACC~1\DVDAX.SYS [2003-12-22 179264]

S3 SIS163u;Jensen Air:Link 7554 Wireless Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2006-05-15 215552]

 

*Newly Created Service* - PROCEXP90

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2008-12-04 c:\windows\Tasks\Norton Security Scan for åshild.job

- c:\programfiler\Norton Security Scan\Nss.exe [2008-09-19 04:18]

 

2008-12-02 c:\windows\Tasks\Symantec NetDetect.job

- c:\programfiler\Symantec\LiveUpdate\NDETECT.EXE [2004-09-02 16:14]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKCU-Run-MsnMsgr - c:\programfiler\MSN Messenger\MsnMsgr.Exe

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.online.no/

uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/no/nor/gen/default.htm

 

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

c:\windows\Downloaded Program Files\ImageUploader_3.ocx - c:\windows\unicows.dll

c:\windows\Downloaded Program Files\IPSUploader.ocx

O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8}

hxxp://asp04.photoprintit.de/microsite/18/defaults/activex/IPSUploader.cab

c:\windows\Downloaded Program Files\IPSUploader.inf

FF - ProfilePath - c:\documents and settings\åshild\Programdata\Mozilla\Firefox\Profiles\q90d43xt.default\

FF - component: c:\programfiler\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\programfiler\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

 

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-29 17:31:32

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(704)

c:\windows\system32\avgrsstx.dll

 

- - - - - - - > 'lsass.exe'(768)

c:\windows\system32\avgrsstx.dll

.

Tidspunkt ferdig: 2008-12-29 17:33:48

ComboFix-quarantined-files.txt 2008-12-29 16:32:48

 

Pre-Run: 16 184 012 800 byte ledig

Post-Run: 16,914,845,696 byte ledig

 

177 --- E O F --- 2008-12-29 15:19:39

 

 

 

HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:38:48, on 30.12.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\pctspk.exe

C:\Programfiler\Apoint\Apoint.exe

C:\Programfiler\Dell\QuickSet\QuickSet.exe

C:\WINDOWS\System32\DSentry.exe

C:\Programfiler\Apoint\Apntex.exe

C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programfiler\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Programfiler\Winamp\Winampa.exe

C:\WINDOWS\system32\STATUS.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\

C:\Programfiler\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\Programfiler\Lexar Media Inc\USB Card Reader Driver v2.2(M)\Disk_Monitor.exe

C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Programfiler\Wireless LAN Utility\SiWake.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\åshild\Skrivebord\test.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/no/nor/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint\Apoint.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\QuickSet.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programfiler\Fellesfiler\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programfiler\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Programfiler\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [status] STATUS.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Disk Monitor] C:\Programfiler\Lexar Media Inc.\USB Card Reader Driver v2.2(M)\Disk_Monitor.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Jensen AirLink.lnk = C:\Programfiler\Wireless LAN Utility\SiWake.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp04.photoprintit.de/microsite/18/...IPSUploader.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8515 bytes

 

 

 

På forhånd takk!

[norbat]

Hvet du hva dette er: C:\WINDOWS\system32\STATUS.EXE?

Hvis ikke, last opp fila på Virustotal.com

[mhw357]

Var litt mistenksom til den jeg også, så jeg lastet den opp til http://virusscan.jotti.org/ og den gikk klar der. Testet nå med den siden din og resultatet ble 0/36 (0%).

Den er beskrevet som "STATUS MFC Application", som etter litt googling ser ut til å være en statusbar eller noe fra Microsoft...

[norbat]

Ok,

Loggene ser greie ut, så hvis alt fungerer slik det skal, kan du avinstallere combofix ved å skrive combofix /u i kjør-feltet (start->kjør).

Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere.

[mhw357]

Flott, da kom du til samme konklusjon som meg!

 

Tusen takk for hjelpen!!

[norbat]

Bare hyggelig.

 

God nytt år!

[Tosha0007]

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på -knappen i førsteposten din.

 

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

 

-Surf trygt-

[mhw357]

Slik, da satt jeg den som løst!

 

Godt nytt år!