Kuuket Skrevet 23. januar 2008 Skrevet 23. januar 2008 Hei, har fått virus og er jo ikke den beste til og fjerne og fikse på akkurat detta:P Jeg har i allefall fått virus som Popup og at explorer klikker. Vis jeg kunne fått hjelp til og fjerne dette så hadde det vært fint : ) Her har dere Hijackthis loggen: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:34:52, on 23.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\System32\wltrysvc.exe C:\windows\System32\bcmwltry.exe C:\WINDOWS\system32\LEXBCES.EXE C:\windows\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\windows\system32\uilecsad.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\windows\system32\nvsvc32.exe C:\windows\system32\PnkBstrA.exe C:\Programfiler\Silicon Image\3132-W-I32-R SATARAID5\SATARaid5ConfigService.exe C:\windows\system32\svchost.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\windows\system32\wscntfy.exe C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe C:\windows\CTHELPER.EXE C:\windows\system32\CTXFIHLP.EXE C:\Programfiler\AGEIA Technologies\TrayIcon.exe C:\Programfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu .exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Programfiler\Logitech\G-series Software\LCDMon.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm .exe C:\Programfiler\Creative\Shared Files\Module Loader\DLLML .exe C:\Programfiler\AGEIA Technologies\TrayIcon .exe C:\Programfiler\Logitech\G-series Software\LGDCore .exe C:\Programfiler\Logitech\Video\LogiTray.exe C:\Programfiler\Logitech\G-series Software\LCDMon .exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm .exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe C:\Programfiler\Logitech\Video\LogiTray .exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\iTunes\iTunesHelper .exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched .exe C:\windows\system32\ctfmon.exe C:\WINDOWS\system32\LVComsX.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe C:\Programfiler\Winamp\winampa .exe C:\Programfiler\Logitech\Video\FxSvr2.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\BitTorrent\bittorrent.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\BitTorrent\bittorrent .exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Messenger\msnmsgr .exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe E:\Programfiler\Steam\Steam.exe C:\Programfiler\internet explorer\iexplore.exe C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\agent.exe C:\windows\explorer.exe C:\Programfiler\internet explorer\iexplore.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hardware.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F3 - REG:win.ini: load=C:\windows\system32\ddccc.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VolPanel] "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Programfiler\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programfiler\ASUS\AI Booster\OverClk.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm .exe" -scheduler O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [38b51b0a] rundll32.exe "C:\windows\system32\fhlcmbye.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr .exe" /background O4 - HKCU\..\Run: [MtdAcqu] "C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe" /s O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [igndlm.exe] C:\Programfiler\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent .exe" --force_start_minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Stefan Bakken\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Stefan Bakken\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180224437421 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180224428937 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: DomainService - - C:\windows\system32\uilecsad.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Programfiler\Silicon Image\3132-W-I32-R SATARAID5\SATARaid5ConfigService.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\windows\System32\wltrysvc.exe -- End of file - 13806 bytes Jeg fant ikke noen feil på Hijackthis.de Mvh Stefan
snippsat Skrevet 23. januar 2008 Skrevet 23. januar 2008 (endret) last ned Vundofix Scan for Vundo. Når det er ferdig "Remove vundo" Logg fra vundofix,vanligvis C:\vundofix.txt Poster du. ------------------- Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt ------------------ Last ned kjør SAS Post logg. ----------------- Last ned kjør CCleaner ----------------- Etter dette restart og ny hjt-logg. Endret 23. januar 2008 av SNIPPSAT
Kuuket Skrevet 24. januar 2008 Forfatter Skrevet 24. januar 2008 Driver på med det du sa nå;)men så fikk opp noe da jeg starta pcn i dag.(vedlegg)
Kuuket Skrevet 24. januar 2008 Forfatter Skrevet 24. januar 2008 HJT-loggen: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:17, on 2008-01-24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\System32\wltrysvc.exe C:\windows\System32\bcmwltry.exe C:\WINDOWS\system32\LEXBCES.EXE C:\windows\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\windows\Explorer.EXE C:\windows\CTHELPER.EXE C:\windows\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\windows\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\windows\system32\nvsvc32.exe C:\windows\system32\PnkBstrA.exe C:\Programfiler\Silicon Image\3132-W-I32-R SATARAID5\SATARaid5ConfigService.exe C:\windows\system32\svchost.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\windows\system32\wscntfy.exe C:\windows\system32\wuauclt.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\internet explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hardware.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: {7dd58b99-43f0-85ab-15f4-8e346bd20d37} - {73d02db6-43e8-4f51-ba58-0f3499b85dd7} - C:\windows\system32\alhvdlrp.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VolPanel] "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Programfiler\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programfiler\ASUS\AI Booster\OverClk.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [iSUSPM] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm .exe" -scheduler O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MtdAcqu] "C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe" /s O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [igndlm.exe] C:\Programfiler\IGN\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent .exe" --force_start_minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Stefan Bakken\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Stefan Bakken\Start-meny\Programmer\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180224437421 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180224428937 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\windows\system32\windows (file missing) O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Programfiler\Silicon Image\3132-W-I32-R SATARAID5\SATARaid5ConfigService.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\windows\System32\wltrysvc.exe -- End of file - 12365 bytes VundoFix logg: Klikk for å se/fjerne innholdet nedenfor VundoFix V6.7.7 Checking Java version... Sun Java not detected Scan started at 15:18:33 24.01.2008 Listing files found while scanning.... C:\windows\system32\alhvdlrp.dll C:\windows\system32\cbxvvst.dll C:\windows\system32\cccdd.ini C:\windows\system32\cccdd.ini2 C:\windows\system32\ddccc.dll C:\windows\system32\ddccc.exe C:\windows\system32\gagixsei.dll C:\windows\system32\opnoolj.dll C:\windows\system32\qomkjhi.dll C:\windows\system32\sfrdipid.dll C:\windows\system32\sfrdipid.dllbox C:\windows\system32\uilecsad.exe Beginning removal... Attempting to delete C:\windows\system32\alhvdlrp.dll C:\windows\system32\alhvdlrp.dll Has been deleted! Attempting to delete C:\windows\system32\cbxvvst.dll C:\windows\system32\cbxvvst.dll Has been deleted! Attempting to delete C:\windows\system32\cccdd.ini C:\windows\system32\cccdd.ini Has been deleted! Attempting to delete C:\windows\system32\cccdd.ini2 C:\windows\system32\cccdd.ini2 Has been deleted! Attempting to delete C:\windows\system32\ddccc.dll C:\windows\system32\ddccc.dll Has been deleted! Attempting to delete C:\windows\system32\ddccc.exe C:\windows\system32\ddccc.exe Has been deleted! Attempting to delete C:\windows\system32\gagixsei.dll C:\windows\system32\gagixsei.dll Has been deleted! Attempting to delete C:\windows\system32\opnoolj.dll C:\windows\system32\opnoolj.dll Could not be deleted. Attempting to delete C:\windows\system32\qomkjhi.dll C:\windows\system32\qomkjhi.dll Has been deleted! Attempting to delete C:\windows\system32\sfrdipid.dll C:\windows\system32\sfrdipid.dll Has been deleted! Attempting to delete C:\windows\system32\sfrdipid.dllbox C:\windows\system32\sfrdipid.dllbox Has been deleted! Attempting to delete C:\windows\system32\uilecsad.exe C:\windows\system32\uilecsad.exe Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\opnoolj.dll C:\windows\system32\opnoolj.dll Could not be deleted. Attempting to delete C:\windows\system32\uilecsad.exe C:\windows\system32\uilecsad.exe Could not be deleted. Performing Repairs to the registry. Done! SAS logg: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 01/24/2008 at 04:12 PM Application Version : 3.9.1008 Core Rules Database Version : 3259 Trace Rules Database Version: 1270 Scan type : Quick Scan Total Scan Time : 00:24:43 Memory items scanned : 472 Memory threats detected : 0 Registry items scanned : 920 Registry threats detected : 9 File items scanned : 42402 File threats detected : 226 Adware.Tracking Cookie C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@clickbank[1].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan [email protected][2].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan [email protected][1].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@adbrite[2].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@atdmt[2].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@partypoker[2].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@tradedoubler[1].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan [email protected][1].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@counter-strike[1].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@bizadverts[1].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@adtech[1].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@advertising[1].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan [email protected][2].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@zedo[2].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@socialmedia[1].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan [email protected][2].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@doubleclick[1].txt C:\Documents and Settings\Stefan Bakken\Cookies\stefan bakken@ad[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@2adultflashgames[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@2o7[2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@adbrite[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@adlegend[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@adrevolver[2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][3].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@adtech[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@adultadworld[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@adultcheck[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@adultfriendfinder[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@advertising[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@apmebf[2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@atdmt[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@athomesexnetwork[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@atwola[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@belnk[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@bluestreak[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@burstnet[2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@casalemedia[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@click24[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@clickbank[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@clicktorrent[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@cpvfeed[2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@dhdmedia[2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@doubleclick[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@drivecleaner[2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@fastclick[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@findwhat[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@hitbox[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@homemadeporn[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@hotbar[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@hotlog[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@indexstats[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@indextools[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@kmpads[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@latinadultery[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@livesex[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@mediaplex[2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@optimost[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@overture[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@paycounter[2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@pornaccess[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@pornoarkivet[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@pornsickle[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@precisionclick[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@qksrv[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@questionmarket[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@revenue[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@revsci[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@serving-sys[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@serving-sys[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@sexlist[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@sexsearchcom[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@sextracker[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@sextv1[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@spylog[2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@statcounter[2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@tacoda[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@teenpinkvideos[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@teensforcash[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@toplist[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@toplist[2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@tradedoubler[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@trafficmp[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@tribalfusion[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@tripod[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@usenext[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@virginteenlesbians[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@weborama[1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][3].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][3].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][4].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][3].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][2].txt F:\Documents and Settings\Aleksander\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@xiti[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@xxxcounter[1].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@yadro[2].txt F:\Documents and Settings\Aleksander\Cookies\aleksander@zedo[1].txt F:\Documents and Settings\Aleksander\Lokale innstillinger\Temp\Cookies\aleksander@atdmt[2].txt F:\Documents and Settings\Aleksander\Lokale innstillinger\Temp\Cookies\aleksander@doubleclick[2].txt F:\Documents and Settings\Aleksander\Lokale innstillinger\Temp\Cookies\[email protected][1].txt F:\Documents and Settings\Aleksander\Lokale innstillinger\Temp\Cookies\aleksander@mediaplex[1].txt F:\Documents and Settings\Aleksander\Lokale innstillinger\Temp\Cookies\[email protected][1].txt Adware.RX Toolbar HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\InprocServer32 HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\InprocServer32#ThreadingModel HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\ProgID HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\Programmable HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\TypeLib HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\VersionIndependentProgID Adware.WhenU HKCR\WUSE.1 HKCR\WUSE.1#WUSE_Id Takker: ) Mvh Stefan
r2d290 Skrevet 24. januar 2008 Skrevet 24. januar 2008 bruk hijack this, og sett hake forran følgende linjer, og trykk på fix: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\windows\system32\windows (file missing) det var det jeg kunne sile ut...
Programvare Skrevet 24. januar 2008 Skrevet 24. januar 2008 I tillegg til r2d290 nevner, kan du også trykke fix checked på følgende: O2 - BHO: {7dd58b99-43f0-85ab-15f4-8e346bd20d37} - {73d02db6-43e8-4f51-ba58-0f3499b85dd7} - C:\windows\system32\alhvdlrp.dll (file missing) SAS tok med seg en del filer
snippsat Skrevet 24. januar 2008 Skrevet 24. januar 2008 (endret) Viss du ikke kjenner til disse fix dem med hjt + linjer som nevnt over. O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab Ser greit ut nå. Pcen kjører greit? Kan godt ta en runde med combofix. Gjør dette så du ikke blir infisert ved systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting[slå av restart]-*-[slå på igjen] Endret 24. januar 2008 av SNIPPSAT
Kuuket Skrevet 24. januar 2008 Forfatter Skrevet 24. januar 2008 Tusen takk for all hjelpen : ) PCn er som før : ) Takker igjen : ) Mvh Stefan
seruz Skrevet 7. februar 2008 Skrevet 7. februar 2008 har fått samme virus , her er Hijackthis loggen min ,noen som kan se på den?? Logfile of HijackThis v1.99.1 Scan saved at 22:04:17, on 07.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe C:\Programfiler\ASUS\AI Gear\GearHelp.exe C:\Programfiler\ASUS\AI Nap\AiNap.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\System32\Rundll32.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Steam\Steam.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\seruz\Skrivebord\rw2_021_w02_enu.exe c:\temp\HP All-in-One Series Web Release\Setup.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\iTunes\iTunes.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\distnoted.exe C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Documents and Settings\seruz\Skrivebord\Ventrilo 2.1.4.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {39634E30-9C20-4B70-8B92-040B4D9A4C90} - C:\WINDOWS\system32\bat.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: superiorads - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - C:\WINDOWS\system32\sprt_ads.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [AsusStartupHelp] C:\Programfiler\ASUS\AASP\1.00.15\AsRunHelp.exe O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programfiler\ASUS\AI Booster\OverClk.exe" O4 - HKLM\..\Run: [Ai Gear Help] "C:\Programfiler\ASUS\AI Gear\GearHelp.exe" O4 - HKLM\..\Run: [Ai Nap] "C:\Programfiler\ASUS\AI Nap\AiNap.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart O4 - HKLM\..\Run: [sBCSTray] C:\Programfiler\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programfiler\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
r2d290 Skrevet 7. februar 2008 Skrevet 7. februar 2008 bruk hijack this, og sett hake forran følgende linjer, og trykk på fix: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart last ned combofix link Legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt). og deretter en ny hijack this log.
seruz Skrevet 7. februar 2008 Skrevet 7. februar 2008 (endret) takk ;D skal prøve her er combifix loggen : ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39634E30-9C20-4B70-8B92-040B4D9A4C90}] 2004-08-04 13:00 84480 --a------ C:\WINDOWS\system32\bat.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Steam"="C:\Programfiler\Steam\Steam.exe" [2008-01-15 22:47 1266936] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2008-01-17 18:10 21686568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 03:51 352256] "AsusStartupHelp"="C:\Programfiler\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 07:25 363008] "Launch Ai Booster"="C:\Programfiler\ASUS\AI Booster\OverClk.exe" [2006-11-28 17:20 3714048] "Ai Gear Help"="C:\Programfiler\ASUS\AI Gear\GearHelp.exe" [2006-07-27 20:39 415744] "Ai Nap"="C:\Programfiler\ASUS\AI Nap\AiNap.exe" [2006-11-30 11:23 1419776] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-13 06:58 7770112] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-13 06:58 81920] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-15 23:10 579072] "PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "SBCSTray"="C:\Programfiler\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17 699120] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-01-15 23:54 37376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-15 23:10 219136] R0 dglyfvkn;dglyfvkn;C:\WINDOWS\system32\drivers\xofvifhu.dat [] R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-02-07 13:47] R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys [] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 19:17] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a89d81-c387-11dc-b7ba-806d6172696f}] \Shell\AutoRun\command - I:\AUTORUN.EXE *Newly Created Service* - GTNDIS5 *Newly Created Service* - SBAPIFS . Contents of the 'Scheduled Tasks' folder "2008-02-07 20:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-07 23:40:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-07 23:40:42 ComboFix-quarantined-files.txt 2008-02-07 22:40:40 . 2008-02-07 12:45:23 --- E O F --- Og her er Hijack loggen : Logfile of HijackThis v1.99.1 Scan saved at 23:42:08, on 07.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe C:\Programfiler\ASUS\AI Gear\GearHelp.exe C:\Programfiler\ASUS\AI Nap\AiNap.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Steam\Steam.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {39634E30-9C20-4B70-8B92-040B4D9A4C90} - C:\WINDOWS\system32\bat.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [AsusStartupHelp] C:\Programfiler\ASUS\AASP\1.00.15\AsRunHelp.exe O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Programfiler\ASUS\AI Booster\OverClk.exe" O4 - HKLM\..\Run: [Ai Gear Help] "C:\Programfiler\ASUS\AI Gear\GearHelp.exe" O4 - HKLM\..\Run: [Ai Nap] "C:\Programfiler\ASUS\AI Nap\AiNap.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sBCSTray] C:\Programfiler\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programfiler\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing) Endret 7. februar 2008 av seruz
r2d290 Skrevet 8. februar 2008 Skrevet 8. februar 2008 nå får du bare vente på en raport fra geniene på forumet Er problemet der fortsatt farresten?
norbat Skrevet 8. februar 2008 Skrevet 8. februar 2008 Gå til nettstedet http://virusscan.jotti.org/ og last opp følgende fil for sjekk (i fet): C:\WINDOWS\system32\bat.dll Last ned SAS (gratisversjonen), installer, oppdater og kjør en full (Complete) scan. Gi tilbakemelding på fila bat.dll samt om SAS fant noe av betydning (preferences->statistics/logs)
seruz Skrevet 9. februar 2008 Skrevet 9. februar 2008 her er scannen av bat fila > Scan taken on 09 Feb 2008 22:53:47 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found Win32:BHO-KD AVG Antivirus Found nothing BitDefender Found Trojan.Spy.Bzub.NGP (probable variant) ClamAV Found nothing CPsecure Found Troj.Downloader.W32.Delf.dzq Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found Trojan-PWS.Win32.Lmir Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found Mal/Behav-187 VirusBuster Found nothing VBA32 Found nothing men SaS merket ingenting da
norbat Skrevet 9. februar 2008 Skrevet 9. februar 2008 (endret) Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O2 - BHO: (no name) - {39634E30-9C20-4B70-8B92-040B4D9A4C90} - C:\WINDOWS\system32\bat.dll Bruk utforsker og slett fila (i fet): C:\WINDOWS\system32\bat.dll Kjør gjerne combofix på nytt og post loggen, så tar vi en ekstra look Endret 9. februar 2008 av norbat
seruz Skrevet 9. februar 2008 Skrevet 9. februar 2008 når jeg trykker fix checked står det at jeg må gå ut av internett explorer og alle windows vinduer.... men det er jeg :S
norbat Skrevet 9. februar 2008 Skrevet 9. februar 2008 Ja, du bør lukke nettleseren før du tar Fix checked.
seruz Skrevet 9. februar 2008 Skrevet 9. februar 2008 jeg gjor det , men det kom fortsatt : / , ok va mener du me (i fet)?
r2d290 Skrevet 9. februar 2008 Skrevet 9. februar 2008 han mener den delen av linja han har skrevet, som har tykk skrift...
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå