maheath Skrevet 4. juni 2009 Rapporter Del Skrevet 4. juni 2009 (endret) Hei, jeg skulle være tøff og lovet en venninne at å fjerne virus fra PCen - tenkte det var en smal sak. Snakk om å ta seg vann over hodet.... men må jo prøve. Nå starter den ihvertfall. MEN: - Kommer ikke på internett - prøver å lage ny forbindelse men ikke noe skjer - Start-menyen og oppgavelinjen er vekke - MBAM vil ikke starte - får error in vbalsgrid6.ocx så jeg kan ikke poste noe logg - Avira vil ikke installere - den bare dør hen... - DRWEB kjørte faktisk full scan, fant masse med Win32.Virut og dropper.agent.MJS eller noe som ligner ihvertfall - Task manager kjører heldigvis så jeg kan kjøre ting derfra (Fil -> kjør) - Og windows explorer kjører via windows-tast + E - AVG ser ut til å kjøre, den finner bare karantener fra DRWEB - Command prompt virker visst også, skal prøve å kjøre en sfc /scannow - Får ikke kopiert ting fra minnepinnen så jeg kjører alt derfra. (Men etter DRWEB har PCen heldigvis sluttet å legge ut viruset som autostart der hver gang jeg plugger den inn.... ) Hvis det er tomt for virus - hvordan får jeg start-menyen og nett tilbake? Fant ikke noe tdssserv.sys i enhetsbehandling heller... Edit: Kom på i natt at det var SP3 på den PCen, så jeg skal prøve å laste den ned og installere senere i dag. Kjørte jo repair windows med en SP2-CD for å få den til å starte i det hele tatt... Combofix kjører og hijackthis kjører så jeg kan få noen logger: Combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 09-06-04.04 - Karianne 04.06.2009 23:08.1 - NTFSx86Kjører fra: E:\ComboFix.exe ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Thomas\Programdata\.# c:\windows\system32\drivers\ucjjawqj.sys c:\windows\system32\uniq.tll . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASHEVTSVC -------\Legacy_AVAST!ANTIVIRUS -------\Legacy_BOONTY_GAMES -------\Legacy_PROTECT -------\Legacy_RESTORE -------\Legacy_TERMSERVICEBROWSER -------\Service_Boonty Games -------\Service_protect -------\Service_restore -------\Service_TermServiceBrowser ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-05-04 til 2009-06-04 ))))))))))))))))))))))))))))))))) . 2009-06-04 20:20 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-04 20:20 . 2009-06-04 20:21 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-06-04 20:20 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-04 20:02 . 2009-06-04 20:02 117760 ----a-w- c:\documents and settings\Administrator.HJEMME\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-04 20:02 . 2009-06-04 20:02 -------- d-----w- c:\documents and settings\Administrator.HJEMME\Programdata\SUPERAntiSpyware.com 2009-06-04 20:01 . 2009-06-04 20:01 -------- d--h--r- c:\documents and settings\Administrator.HJEMME\Siste 2009-06-04 18:33 . 2009-06-04 18:37 -------- d-----w- c:\documents and settings\Administrator.HJEMME\DoctorWeb 2009-06-04 17:40 . 2009-06-04 17:40 -------- d-----w- c:\documents and settings\Karianne\DoctorWeb 2009-06-04 17:38 . 2009-06-04 21:00 -------- d--h--r- c:\documents and settings\Karianne\Siste 2009-06-04 17:36 . 2009-06-04 17:36 -------- d-----w- c:\programfiler\CCleaner 2009-06-04 17:07 . 2009-06-04 21:15 117760 ----a-w- c:\documents and settings\Karianne\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-04 17:07 . 2009-06-04 17:07 -------- d-----w- c:\documents and settings\Karianne\Programdata\SUPERAntiSpyware.com 2009-06-04 17:07 . 2009-06-04 17:07 -------- d-----w- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2009-05-28 06:29 . 2009-05-28 06:29 32 --s-a-w- c:\windows\system32\1534863899.dat 2009-05-28 05:46 . 2009-05-28 05:46 -------- d-----w- c:\documents and settings\Administrator.HJEMME\Lokale innstillinger\Programdata\Identities 2009-05-28 05:27 . 2009-05-28 05:27 -------- d-----w- c:\documents and settings\Administrator.HJEMME\Programdata\Malwarebytes 2009-05-27 20:54 . 2009-05-27 20:54 -------- d-----w- c:\documents and settings\Karianne\Programdata\Malwarebytes 2009-05-27 20:22 . 2009-05-27 20:22 -------- d-----w- c:\documents and settings\Thomas\Programdata\Malwarebytes 2009-05-27 20:22 . 2009-05-27 20:22 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-05-27 18:45 . 2009-05-27 18:45 -------- d-----w- c:\documents and settings\Thomas\Programdata\eejmgfka 2009-05-27 18:45 . 2009-05-27 18:45 -------- d-----w- c:\documents and settings\Thomas\Lokale innstillinger\Programdata\eejmgfka 2009-05-27 12:46 . 2009-05-27 12:46 -------- d-----w- c:\documents and settings\Karianne\Programdata\eejmgfka 2009-05-27 12:46 . 2009-05-27 12:46 -------- d-----w- c:\documents and settings\Karianne\Lokale innstillinger\Programdata\eejmgfka 2009-05-26 17:13 . 2009-05-26 17:13 -------- d-----w- c:\documents and settings\Karianne\Lokale innstillinger\Programdata\Identities 2009-05-26 13:37 . 2009-05-27 12:29 348 --s-a-w- c:\windows\system32\495665359.dat 2009-05-25 20:41 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll 2009-05-25 20:41 . 2004-08-04 12:00 31360 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys 2009-05-25 20:41 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll 2009-05-25 20:41 . 2004-08-04 12:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll 2009-05-25 20:41 . 2004-08-04 12:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll 2009-05-25 20:41 . 2004-08-04 12:00 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll 2009-05-25 20:39 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys 2009-05-25 20:38 . 2004-08-04 12:00 54528 -c--a-w- c:\windows\system32\dllcache\cap7146.sys 2009-05-25 20:03 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2009-05-25 20:03 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-05-25 20:03 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2009-05-25 20:03 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll 2009-05-21 16:32 . 2009-05-21 16:32 -------- d-----w- c:\documents and settings\Administrator.HJEMME\Lokale innstillinger\Programdata\Opera 2009-05-21 16:31 . 2009-05-21 16:31 71392 ----a-w- c:\documents and settings\Administrator.HJEMME\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-05-21 14:32 . 2009-05-21 14:32 -------- d-----w- c:\documents and settings\Administrator.HJEMME\Tracing 2009-05-21 07:56 . 2009-05-21 07:56 -------- d-----w- C:\program Files 2009-05-20 15:10 . 2009-05-28 05:41 -------- d-----w- c:\documents and settings\Administrator.HJEMME\Favoritter 2009-05-20 15:10 . 2009-05-26 12:34 -------- d-----w- c:\documents and settings\Administrator.HJEMME\Skrivebord 2009-05-20 15:09 . 2009-06-04 20:01 -------- d-----w- c:\documents and settings\Administrator.HJEMME 2009-05-19 17:07 . 2009-05-08 07:12 2051864 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgcorex.dll 2009-05-19 17:07 . 2009-05-08 07:12 2302232 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avguiadv.dll 2009-05-19 17:07 . 2009-05-08 07:12 3399960 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgui.exe 2009-05-19 17:07 . 2009-05-08 07:12 3288344 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\setup.exe 2009-05-19 17:07 . 2009-05-08 07:12 354584 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgxch32.dll 2009-05-19 17:07 . 2009-05-08 07:12 424472 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgwdwsc.dll 2009-05-19 17:07 . 2009-05-08 07:12 312088 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avglngx.dll 2009-05-19 17:07 . 2009-05-08 07:12 177432 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgmail.dll 2009-05-19 17:07 . 2009-05-08 07:12 486168 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgrsx.exe 2009-05-19 17:06 . 2009-05-08 07:12 755992 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avginet.dll 2009-05-19 17:06 . 2009-05-08 07:12 1437464 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgupd.dll 2009-05-19 17:01 . 2009-05-19 17:01 -------- d-----w- c:\windows\system32\wbem\Repository 2009-05-19 16:58 . 2009-05-19 16:59 -------- d-s---w- c:\documents and settings\Administrator 2009-05-19 16:58 . 2009-05-19 16:59 -------- d-----w- c:\documents and settings\Administrator\Lokale innstillinger 2009-05-19 16:58 . 2009-05-19 16:59 -------- d-----w- c:\documents and settings\Administrator\Programdata 2009-05-19 16:58 . 2009-05-19 16:59 -------- d-----w- c:\documents and settings\Administrator\Maler 2009-05-19 16:58 . 2009-05-19 16:59 -------- d-----w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\Microsoft 2009-05-19 05:36 . 2009-05-19 05:36 -------- d-----w- c:\windows\system32\config\systemprofile\Lokale innstillinger\Programdata\Conduit 2009-05-19 05:36 . 2009-05-20 05:34 -------- d-----w- c:\windows\system32\config\systemprofile\Lokale innstillinger\Programdata\iWin 2009-05-19 05:36 . 2009-05-19 16:59 -------- d-----w- c:\windows\system32\config\systemprofile\Lokale innstillinger\Programdata\Google 2009-05-11 18:03 . 2009-05-11 18:03 488960 ----a-w- c:\documents and settings\Thomas\Programdata\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll 2009-05-11 18:03 . 2009-06-04 19:16 320000 ----a-w- c:\documents and settings\Thomas\Programdata\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-04 20:41 . 2009-01-09 19:34 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-06-04 19:43 . 2009-01-09 19:07 150528 ----a-w- c:\windows\pchealth\UploadLB\Binaries\uploadm.exe 2009-06-04 19:43 . 2009-01-09 19:09 35328 ----a-w- c:\windows\pchealth\helpctr\binaries\notiflag.exe 2009-06-04 19:43 . 2009-01-09 19:07 18944 ----a-w- c:\windows\pchealth\helpctr\binaries\hscupd.exe 2009-06-04 19:43 . 2009-01-09 19:07 158208 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe 2009-06-04 19:43 . 2009-01-09 19:09 99840 ----a-w- c:\windows\pchealth\helpctr\binaries\helphost.exe 2009-06-04 19:43 . 2009-01-09 19:07 768512 ----a-w- c:\windows\pchealth\helpctr\binaries\helpctr.exe 2009-06-04 19:43 . 2009-01-09 19:07 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2009-06-04 19:16 . 2009-03-05 21:44 73728 ----a-w- c:\documents and settings\Thomas\Programdata\LimeWire\browser\xulrunner\xulrunner-stub.exe 2009-06-04 19:16 . 2009-03-05 21:44 102400 ----a-w- c:\documents and settings\Thomas\Programdata\LimeWire\browser\xulrunner\xulrunner.exe 2009-06-04 19:16 . 2009-03-05 21:44 266240 ----a-w- c:\documents and settings\Thomas\Programdata\LimeWire\browser\xulrunner\xpidl.exe 2009-06-04 19:16 . 2009-03-05 21:44 18944 ----a-w- c:\documents and settings\Thomas\Programdata\LimeWire\browser\xulrunner\xpt_dump.exe 2009-06-04 19:16 . 2009-03-05 21:44 14336 ----a-w- c:\documents and settings\Thomas\Programdata\LimeWire\browser\xulrunner\xpt_link.exe 2009-06-04 19:16 . 2009-03-05 21:44 77824 ----a-w- c:\documents and settings\Thomas\Programdata\LimeWire\browser\xulrunner\xpicleanup.exe 2009-06-04 19:16 . 2009-03-05 21:44 196608 ----a-w- c:\documents and settings\Thomas\Programdata\LimeWire\browser\xulrunner\updater.exe 2009-06-04 19:16 . 2009-03-05 21:44 14848 ----a-w- c:\documents and settings\Thomas\Programdata\LimeWire\browser\xulrunner\xpcshell.exe 2009-06-04 19:16 . 2009-03-05 21:44 163840 ----a-w- c:\documents and settings\Thomas\Programdata\LimeWire\browser\xulrunner\crashreporter.exe 2009-06-04 19:02 . 2009-05-26 20:31 73728 ----a-w- c:\documents and settings\Karianne\Programdata\LimeWire\browser\xulrunner\xulrunner-stub.exe 2009-06-04 19:02 . 2009-05-26 20:31 102400 ----a-w- c:\documents and settings\Karianne\Programdata\LimeWire\browser\xulrunner\xulrunner.exe 2009-06-04 19:02 . 2009-05-26 20:31 14336 ----a-w- c:\documents and settings\Karianne\Programdata\LimeWire\browser\xulrunner\xpt_link.exe 2009-06-04 19:02 . 2009-05-26 20:31 77824 ----a-w- c:\documents and settings\Karianne\Programdata\LimeWire\browser\xulrunner\xpicleanup.exe 2009-06-04 19:02 . 2009-05-26 20:31 266240 ----a-w- c:\documents and settings\Karianne\Programdata\LimeWire\browser\xulrunner\xpidl.exe 2009-06-04 19:02 . 2009-05-26 20:31 196608 ----a-w- c:\documents and settings\Karianne\Programdata\LimeWire\browser\xulrunner\updater.exe 2009-06-04 19:02 . 2009-05-26 20:31 18944 ----a-w- c:\documents and settings\Karianne\Programdata\LimeWire\browser\xulrunner\xpt_dump.exe 2009-06-04 19:02 . 2009-05-26 20:31 14848 ----a-w- c:\documents and settings\Karianne\Programdata\LimeWire\browser\xulrunner\xpcshell.exe 2009-06-04 19:02 . 2009-05-26 20:31 163840 ----a-w- c:\documents and settings\Karianne\Programdata\LimeWire\browser\xulrunner\crashreporter.exe 2009-06-04 18:58 . 2009-03-01 14:44 135168 ----a-w- c:\documents and settings\All Users\Programdata\PlayFirst\Games\PlayFirst.EXE 2009-06-04 18:41 . 2009-01-09 19:05 218112 ----a-w- c:\windows\system32\wbem\wmiprvse.exe 2009-06-04 18:41 . 2009-01-09 19:05 196608 ----a-w- c:\windows\system32\wbem\wmiadap.exe 2009-06-04 18:41 . 2009-01-09 19:05 117248 ----a-w- c:\windows\system32\wbem\wbemtest.exe 2009-06-04 18:41 . 2009-01-09 19:06 16896 ----a-w- c:\windows\system32\wbem\unsecapp.exe 2009-06-04 18:41 . 2009-01-09 19:05 36864 ----a-w- c:\windows\system32\wbem\scrcons.exe 2009-06-04 18:41 . 2009-01-09 19:05 16896 ----a-w- c:\windows\system32\wbem\mofcomp.exe 2009-06-04 18:37 . 2008-04-14 16:23 32768 ----a-w- c:\windows\system32\setupn.exe 2009-06-04 18:36 . 2009-01-09 19:05 123392 ----a-w- c:\windows\system32\mplay32.exe 2009-06-04 18:35 . 2004-08-04 12:00 8704 ----a-w- c:\windows\system32\eventvwr.exe 2009-06-04 18:34 . 2004-08-04 12:00 408576 ----a-w- c:\windows\system32\cmd.exe 2009-06-04 17:45 . 2004-08-04 12:00 71680 ----a-w- c:\windows\system32\blastcln.exe 2009-06-04 17:45 . 2004-08-04 12:00 14336 ----a-w- c:\windows\system32\auditusr.exe 2009-06-04 17:45 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\attrib.exe 2009-06-04 17:45 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\atmadm.exe 2009-06-04 17:45 . 2004-08-04 12:00 24576 ----a-w- c:\windows\system32\at.exe 2009-06-04 17:45 . 2004-08-04 12:00 19456 ----a-w- c:\windows\system32\arp.exe 2009-06-04 17:45 . 2004-08-04 12:00 98304 ----a-w- c:\windows\system32\ahui.exe 2009-06-04 17:45 . 2004-08-04 12:00 4096 ----a-w- c:\windows\system32\actmovie.exe 2009-06-04 17:45 . 2009-01-09 19:05 185344 ----a-w- c:\windows\system32\accwiz.exe 2009-06-04 17:44 . 2009-01-09 19:05 126464 ----a-w- c:\windows\system32\wbem\wmiapsrv.exe 2009-06-04 17:44 . 2009-01-09 19:06 13312 ----a-w- c:\windows\system32\wbem\winmgmt.exe 2009-06-04 17:44 . 2004-08-04 12:00 290304 ----a-w- c:\windows\system32\vssvc.exe 2009-06-04 17:44 . 2004-08-04 12:00 24576 ----a-w- c:\windows\system32\userinit.exe 2009-06-04 17:44 . 2004-08-04 12:00 18432 ----a-w- c:\windows\system32\ups.exe 2009-06-04 17:44 . 2004-08-04 12:00 157184 ----a-w- c:\windows\system32\taskmgr.exe 2009-06-04 17:44 . 2004-08-04 12:00 57856 ----a-w- c:\windows\system32\spoolsv.exe 2009-06-04 17:44 . 2004-08-04 12:00 90112 ----a-w- c:\windows\system32\smlogsvc.exe 2009-06-04 17:44 . 2004-08-04 12:00 42496 ----a-w- c:\windows\system32\shmgrate.exe 2009-06-04 17:44 . 2009-01-09 19:05 140288 ----a-w- c:\windows\system32\sessmgr.exe 2009-06-04 17:42 . 2004-08-04 12:00 44544 ----a-w- c:\windows\system32\alg.exe 2009-06-04 17:42 . 2009-01-09 19:24 77824 ----a-w- c:\windows\SOUNDMAN.EXE 2009-06-04 17:42 . 2004-08-04 12:00 1052672 ----a-w- c:\windows\explorer.exe 2009-05-28 06:39 . 2009-01-09 20:24 -------- d-----w- c:\documents and settings\All Users\Programdata\avg8 2009-05-28 06:29 . 2009-05-28 06:29 0 ----a-w- c:\windows\system32\6.tmp 2009-05-28 04:44 . 2004-08-04 12:00 67646 ----a-w- c:\windows\system32\perfc014.dat 2009-05-28 04:44 . 2004-08-04 12:00 399790 ----a-w- c:\windows\system32\perfh014.dat 2009-05-27 20:04 . 2009-05-27 20:04 120 ----a-w- c:\windows\system32\3B.tmp 2009-05-27 19:50 . 2009-02-23 14:18 -------- d-----w- c:\documents and settings\All Users\Programdata\Google Updater 2009-05-27 19:17 . 2009-05-27 19:17 120 ----a-w- c:\windows\system32\38.tmp 2009-05-27 18:42 . 2009-05-27 18:41 120 ----a-w- c:\windows\system32\37.tmp 2009-05-27 15:50 . 2009-05-27 15:50 0 ----a-w- c:\windows\system32\35.tmp 2009-05-27 15:50 . 2009-05-27 15:50 124 ----a-w- c:\windows\system32\33.tmp 2009-05-27 15:47 . 2009-05-27 15:47 0 ----a-w- c:\windows\system32\32.tmp 2009-05-27 15:47 . 2009-05-27 15:47 124 ----a-w- c:\windows\system32\2F.tmp 2009-05-27 12:32 . 2009-05-27 12:32 84 ----a-w- c:\windows\system32\2B.tmp 2009-05-27 05:15 . 2009-05-27 05:15 84 ----a-w- c:\windows\system32\28.tmp 2009-05-26 20:34 . 2009-05-26 20:31 -------- d-----w- c:\documents and settings\Karianne\Programdata\LimeWire 2009-05-26 18:20 . 2009-03-14 14:01 1 ----a-w- c:\documents and settings\Karianne\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-05-26 17:16 . 2009-05-26 17:16 84 ----a-w- c:\windows\system32\25.tmp 2009-05-26 13:44 . 2009-05-26 13:44 0 ----a-w- c:\windows\system32\1E.tmp 2009-05-26 13:44 . 2009-05-26 13:44 0 ----a-w- c:\windows\system32\1B.tmp 2009-05-26 13:44 . 2009-05-26 13:44 124 ----a-w- c:\windows\system32\14.tmp 2009-05-26 13:44 . 2009-05-26 13:44 124 ----a-w- c:\windows\system32\12.tmp 2009-05-26 13:37 . 2009-05-26 13:37 0 ----a-w- c:\windows\system32\A6.tmp 2009-05-26 13:37 . 2009-05-26 13:37 124 ----a-w- c:\windows\system32\A5.tmp 2009-05-26 05:10 . 2009-05-26 05:10 120 ----a-w- c:\windows\system32\23.tmp 2009-05-26 05:10 . 2009-05-26 05:10 120 ----a-w- c:\windows\system32\19.tmp 2009-05-25 21:02 . 2004-08-04 12:00 212480 ----a-w- c:\windows\system32\drivers\ndis.sys 2009-05-25 21:00 . 2009-05-25 21:00 120 ----a-w- c:\windows\system32\16.tmp 2009-05-25 21:00 . 2009-05-25 21:00 120 ----a-w- c:\windows\system32\11.tmp 2009-05-25 20:35 . 2009-01-09 19:07 22796 ----a-w- c:\windows\system32\emptyregdb.dat 2009-05-21 13:25 . 2009-05-21 13:25 120 ----a-w- c:\windows\system32\36.tmp 2009-05-21 10:57 . 2009-05-21 10:57 164 ----a-w- c:\windows\system32\2A.tmp 2009-05-20 15:10 . 2009-05-20 15:10 84 ----a-w- c:\windows\system32\39.tmp 2009-05-20 15:10 . 2009-01-22 19:54 -------- d-----w- c:\programfiler\Lexmark 6200 Series 2009-05-20 11:09 . 2009-05-20 11:09 84 ----a-w- c:\windows\system32\10.tmp 2009-05-20 05:33 . 2009-01-22 20:23 -------- d-----w- c:\programfiler\QuickTime 2009-05-19 14:46 . 2009-05-19 14:46 0 ----a-w- c:\windows\system32\1A.tmp 2009-05-19 14:46 . 2009-05-19 14:46 192 ----a-w- c:\windows\system32\18.tmp 2009-05-18 19:56 . 2009-01-22 20:33 -------- d-----w- c:\documents and settings\Thomas\Programdata\LimeWire 2009-05-15 20:33 . 2009-01-26 15:27 1 ----a-w- c:\documents and settings\Thomas\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-05-11 19:34 . 2009-01-22 19:55 -------- d-----w- c:\programfiler\Lx_cats 2009-05-08 07:12 . 2009-01-09 20:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll . ------- Sigcheck ------- [-] 2004-08-04 12:00 577024 BAB45056164CD9585E5E673A0DE78931 c:\windows\system32\user32.dll [-] 2004-08-04 12:00 577024 BAB45056164CD9585E5E673A0DE78931 c:\windows\system32\dllcache\user32.dll [-] 2004-08-04 12:00 82944 B169D7467910A23FACB7EE0D557ABB92 c:\windows\system32\ws2_32.dll [-] 2004-08-04 12:00 82944 B169D7467910A23FACB7EE0D557ABB92 c:\windows\system32\dllcache\ws2_32.dll [-] 2008-08-26 09:12 827904 98C80E9B356C50645C31B9F607543649 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll [-] 2008-10-16 01:06 666624 447E194390349284C2613274025C361D c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll [-] 2008-10-16 19:50 827904 8B0B339A2F3572C82331D84A2348DF8D c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll [-] 2008-12-20 23:49 827904 484F946C80FB38855F59E13D676F36E4 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll [-] 2009-03-03 00:17 828416 784F219A9692B09710CFE91A9F5E4C3D c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [-] 2008-10-16 01:02 665600 DE9FB3FB88F5AEA5FC6D7F1DB11413A7 c:\windows\ie7\wininet.dll [-] 2007-08-13 17:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB956390-IE7\wininet.dll [-] 2008-08-26 08:30 826368 C1AD172CE43D33D3DAFE6F297E9D3C50 c:\windows\ie7updates\KB958215-IE7\wininet.dll [-] 2008-10-16 20:33 826368 D5C68D18F2EC4C5F7425F8FF1C1607C2 c:\windows\ie7updates\KB961260-IE7\wininet.dll [-] 2008-12-20 23:03 826368 57B6EA4018F6706462DCE6898C88E754 c:\windows\ie7updates\KB963027-IE7\wininet.dll [-] 2008-08-26 08:30 826368 C1AD172CE43D33D3DAFE6F297E9D3C50 c:\windows\SoftwareDistribution\Download\32cdf8def2b341bd6ff320b7af8cbb7d\SP2GDR\wininet.dll [-] 2008-08-26 09:12 827904 98C80E9B356C50645C31B9F607543649 c:\windows\SoftwareDistribution\Download\32cdf8def2b341bd6ff320b7af8cbb7d\SP2QFE\wininet.dll [-] 2008-10-16 20:33 826368 D5C68D18F2EC4C5F7425F8FF1C1607C2 c:\windows\SoftwareDistribution\Download\b2d3e471d162afd9fa71ebdccacb7349\SP2GDR\wininet.dll [-] 2008-10-16 19:50 827904 8B0B339A2F3572C82331D84A2348DF8D c:\windows\SoftwareDistribution\Download\b2d3e471d162afd9fa71ebdccacb7349\SP2QFE\wininet.dll [-] 2004-08-04 12:00 655872 10F493204EBE9EAAD8664819E97C36CF c:\windows\system32\wininet.dll [-] 2004-08-04 12:00 655872 10F493204EBE9EAAD8664819E97C36CF c:\windows\system32\dllcache\wininet.dll [-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2004-08-04 12:00 359040 1745B00FC1141404B28F4B94F69A8871 c:\windows\system32\dllcache\tcpip.sys [-] 2004-08-04 12:00 359040 1745B00FC1141404B28F4B94F69A8871 c:\windows\system32\drivers\tcpip.sys [-] 2004-08-04 12:00 501248 765B39061CA16D01ABFEA752C5E2DB8F c:\windows\system32\winlogon.exe [-] 2009-06-04 18:40 501248 7EB1DF8095971A4AEA6527BC9E104A17 c:\windows\system32\dllcache\winlogon.exe [-] 2009-05-25 21:02 212480 !HASH: COULD NOT OPEN FILE ! c:\windows\system32\dllcache\ndis.sys [-] 2009-05-25 21:02 212480 A31311DE5E03811C79E0ADA584EE5ABB c:\windows\system32\drivers\ndis.sys [-] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys [-] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys [-] 2009-02-09 11:20 2067968 03BCDF3E7CC50EAA4DF9FFDC4CC178D3 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 18:28 2067840 9FB08D3EAC41E7CDF0C1F5AD39F8E691 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [-] 2004-08-04 12:00 2058624 3940FDFE93612E32B924930FA6CBDC48 c:\windows\system32\ntkrnlpa.exe [-] 2009-02-10 17:19 2190976 0A00211A1F0AD77AAF57997E296836FA c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [-] 2008-08-14 18:28 2190976 CCCEACCDF603068FB5FEA158356D1EC8 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [-] 2004-08-04 12:00 2182784 C6AB83A76CB28D82E800FF4D2D975034 c:\windows\system32\ntoskrnl.exe [-] 2009-06-04 17:42 1052672 1817E7643DF8F9FD113E5531D07407A7 c:\windows\explorer.exe [-] 2009-06-04 19:38 111104 B0912DCA19BB096C05DDC0125FC3712B c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2004-08-04 12:00 108544 B44F7F43D33E308D07BA54C23B897E20 c:\windows\system32\services.exe [-] 2009-06-04 18:40 108544 9E39F0A11738BA3B0D3F01FA2AE97485 c:\windows\system32\dllcache\services.exe [-] 2004-08-04 12:00 13312 8235198CDB70AAEB3C1435C1911641F9 c:\windows\system32\lsass.exe [-] 2009-06-04 18:39 13312 3E63A104B9DB37C024E402D836B2B40A c:\windows\system32\dllcache\lsass.exe [-] 2009-06-04 17:43 35840 4ADBF84A0E64183037A554237963475B c:\windows\system32\ctfmon.exe [-] 2009-06-04 18:39 15360 55A4755CCD184A9F3D74AC4DD56C09E7 c:\windows\system32\dllcache\ctfmon.exe [-] 2009-06-04 17:44 57856 896EDB63F1F72D8A991E0CD9AB8E785C c:\windows\system32\spoolsv.exe [-] 2009-06-04 18:40 57856 37717DA956769EAFA12D1E0CF3BEA5AA c:\windows\system32\dllcache\spoolsv.exe [-] 2009-06-04 18:38 111616 B294605F92D4B94FC3B6FEE80286741C c:\windows\system32\wuauclt.exe [-] 2009-06-04 17:44 24576 D750D311148D30AB659BC0C6A5DCFBF8 c:\windows\system32\userinit.exe [-] 2009-06-04 18:40 24576 501C885BD3DD9078FF89A6A7B99197AD c:\windows\system32\dllcache\userinit.exe [-] 2004-08-04 12:00 294912 CDFDE4AC03BF56BF5B383C4F849D34E5 c:\windows\system32\termsrv.dll [-] 2004-08-04 12:00 294912 CDFDE4AC03BF56BF5B383C4F849D34E5 c:\windows\system32\dllcache\termsrv.dll [-] 2009-03-21 14:04 992768 9DB523045B2ED048E8EDE9776165B124 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2004-08-04 12:00 984576 50FEF76905F65824A58073E663140617 c:\windows\system32\kernel32.dll [-] 2004-08-04 12:00 984576 50FEF76905F65824A58073E663140617 c:\windows\system32\dllcache\kernel32.dll [-] 2004-08-04 12:00 17408 24097802A77BE4C2CE1DF928211AE806 c:\windows\system32\powrprof.dll [-] 2004-08-04 12:00 17408 24097802A77BE4C2CE1DF928211AE806 c:\windows\system32\dllcache\powrprof.dll [-] 2004-08-04 12:00 110080 E68CFF083BEC05A7E716E00FF437A330 c:\windows\system32\imm32.dll [-] 2004-08-04 12:00 110080 E68CFF083BEC05A7E716E00FF437A330 c:\windows\system32\dllcache\imm32.dll [-] 2004-08-04 12:00 1550336 8793627B38B74DB31D3DE0EE2D2A2E87 c:\windows\system32\sfcfiles.dll [-] 2004-08-04 12:00 1550336 8793627B38B74DB31D3DE0EE2D2A2E87 c:\windows\system32\dllcache\sfcfiles.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F735F5B-74D2-4165-AF22-1EC35D008874}] 2004-08-04 12:00 103424 ----a-w- c:\windows\system32\fzigfhy.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2009-06-04 35840] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-22 39408] "SUPERAntiSpyware"="e:\superantispyware\SUPERANTISPYWARE.EXE" [2009-06-04 1826816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-22 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-04-02 342312] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016] "LXBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 69632] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2009-06-04 77824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-06-04 35840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-08 07:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cfdffwme] 2004-08-04 12:00 103424 ----a-w- c:\windows\system32\fzigfhy.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\iWin Games\\iWinGames.exe"= "c:\\Programfiler\\iWin Games\\WebUpdater.exe"= "c:\\Programfiler\\Java\\jre6\\bin\\java.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Microsoft Games\\Rise of Nations\\rise.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-05-08 908568] R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2009-03-26 36864] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-05-08 325896] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-08 108552] S1 SASDIFSV;SASDIFSV;e:\superantispyware\SASDIFSV.SYS [2009-03-27 9968] S1 SASKUTIL;SASKUTIL;e:\superantispyware\SASKUTIL.sys [2008-11-06 55024] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-05-08 298776] S2 iWinTrusted;iWinTrusted;c:\programfiler\iWin Games\iWinTrusted.exe [2008-12-17 78104] S3 SASENUM;SASENUM;e:\superantispyware\SASENUM.SYS [2008-11-06 7408] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - AFD *Deregistered* - Apple Mobile Device *Deregistered* - Arp1394 *Deregistered* - atapi *Deregistered* - audstub *Deregistered* - avg8wd *Deregistered* - AvgLdx86 *Deregistered* - AvgMfx86 *Deregistered* - AvgTdiX *Deregistered* - Beep *Deregistered* - Bonjour Service *Deregistered* - Cdfs *Deregistered* - Fastfat *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - iWinTrusted *Deregistered* - JavaQuickStarterService *Deregistered* - KSecDD *Deregistered* - mnmdd *Deregistered* - Mouclass *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - NVSvc *Deregistered* - PartMgr *Deregistered* - ParVdm *Deregistered* - PCIIde *Deregistered* - PptpMiniport *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - SASDIFSV *Deregistered* - SASENUM *Deregistered* - SASKUTIL *Deregistered* - sr *Deregistered* - swenum *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - Update *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - Wanarp *Deregistered* - WudfPf *Deregistered* - X4HSX32 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs gezgjsny . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-05-28 c:\windows\Tasks\Google Software Updater.job - c:\programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-22 04:26] . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-EasyTuneV - c:\programfiler\Gigabyte\ET5\GUI.exe HKLM-Run-lxbumon.exe - c:\programfiler\Lexmark 6200 Series\lxbumon.exe HKLM-Run-EzPrint - c:\programfiler\Lexmark 6200 Series\ezprint.exe HKLM-Run-QuickTime Task - c:\programfiler\QuickTime\qttask.exe HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe Notify-jwjrtrw - jwjrtrw32.dll . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.sol.no/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programfiler\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-04 23:15 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\programfiler\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Tidspunkt ferdig: 2009-06-04 23:17 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-06-04 21:17 Pre-Run: 228 831 588 352 byte ledig Post-Run: 229 282 758 656 byte ledig 429 --- E O F --- 2009-05-14 01:02 Hijackthis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:03:43, on 04.06.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\iWin Games\iWinTrusted.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Programfiler\AVG\AVG8\avgrsx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe E:\HiJT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {2F735F5B-74D2-4165-AF22-1EC35D008874} - c:\windows\system32\fzigfhy.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programfiler\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programfiler\iWin\tbiWi0.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programfiler\iWin\tbiWi0.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [EasyTuneV] C:\Programfiler\Gigabyte\ET5\GUI.exe O4 - HKLM\..\Run: [lxbumon.exe] "C:\Programfiler\Lexmark 6200 Series\lxbumon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Programfiler\Lexmark 6200 Series\ezprint.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] E:\SUPERAntiSpyware\SUPERANTISPYWARE.EXE O4 - HKUS\S-1-5-21-1078081533-2025429265-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1078081533-2025429265-725345543-1004\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?') O4 - HKUS\S-1-5-21-1078081533-2025429265-725345543-1004\..\Run: [sUPERAntiSpyware] E:\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-1078081533-2025429265-725345543-1004 Startup: OpenOffice.org 3.0.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe (User '?') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1231533220781 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programfiler\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: cfdffwme - C:\WINDOWS\SYSTEM32\fzigfhy.dll O20 - Winlogon Notify: jwjrtrw - jwjrtrw32.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Wired AutoConfig (Dot3svc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Tjenesten Extensible Authentication Protocol (EapHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: COM+-hendelsessystem (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Human Interface Device Access (HidServ) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Health Key and Certificate Management Service (hkmsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: iWinTrusted - iWin Inc. - C:\Programfiler\iWin Games\iWinTrusted.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe O23 - Service: Agent for beskyttelse av nettverkstilgang (napagent) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Terminal Services TermServiceBrowser (TermServiceBrowser) - Unknown owner - C:\WINDOWS\system32\5.tmp.exe (file missing) O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Time (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Tjenesten Portable Media Serial Number (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) -- End of file - 14233 bytes Endret 5. juni 2009 av maheath Lenke til kommentar
norbat Skrevet 5. juni 2009 Rapporter Del Skrevet 5. juni 2009 Det er lov å være tøff. Problemet er at du/vedkommende er infisert med Virut (ting kan også tyde på en Conficer-infeksjon). Dette er noe av det verste man kan få og sannsynligheten for at denne infeksjonen ikke lar seg rense er stor. Om man skulle få renset, så er sjansen for at mange sitter igjen med korrupte systemfiler og ubrukelige program også stor. Mitt råd er derfor å kjøre en reinstallering av windows (ikke repair). Lenke til kommentar
maheath Skrevet 6. juni 2009 Forfatter Rapporter Del Skrevet 6. juni 2009 Takk for svar. Joda er enig der, men jeg tar det som en utfordring og reinstallerer til sist hvis jeg ikke er helt sikker. Går det an å se av nye logger om det er helt rent eller ikke? Tar selvsagt rådet ditt og installerer på nytt hvis det er noe som helst tvil. Fikk kopiert inn svchost.exe fra en annen PC, den var slettet. Da kom nettet tilbake og alt ser normalt ut. Avira ble installert og fant litt rester i system restore katalogene. Så installerte jeg XP SP3 og PCen virker nå OK.. skal kjøre en full MBAM og se også. Noe annet? Lenke til kommentar
norbat Skrevet 6. juni 2009 Rapporter Del Skrevet 6. juni 2009 Kjør en ny runde med Combofix og post loggen. Lenke til kommentar
maheath Skrevet 6. juni 2009 Forfatter Rapporter Del Skrevet 6. juni 2009 (endret) Merkelig... får ikke lagt inn loggen, innlegget blir blankt. Legger den ved som en fil håper det går greit. Siste Combofix logg. log.txt Endret 6. juni 2009 av maheath Lenke til kommentar
snippsat Skrevet 9. juni 2009 Rapporter Del Skrevet 9. juni 2009 (endret) Det ser ikke så ille ut nå. Kan du kjøre dr.web som dette. Denne vriut infeksjonen vil vi være sikker på at er helt borte. Er som sakt noe av det værre som som finnes der ute. Last ned DrWeb og legg det på skrivebordet. Restart i Sikker modus (trykkk flere gange på F8 under oppstart) Ikke adminstrator men normal. Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Option -> Change settings. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions, skal alle punkt under Malware settes til Rename. Velg partisjon du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Når scanningen er ferdig, gå til "file" – Trykk på- "Save Report list". En fil med navn "drweb.csv" vil da ligge på skrivebordet. Den poster du senere Endret 9. juni 2009 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå