Noen som orker se på denne Combo + HiJack loggen? -Takk

[nasse222]

Tok først Combo , så HiJackThis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:07:27, on 10.04.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Programfiler\Symantec AntiVirus\DefWatch.exe

C:\Programfiler\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Programfiler\HP\HP Software Update\HPwuSchd2.exe

C:\Programfiler\Windows Defender\MSASCui.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\Grisoft\AVG7\avgwb.dat

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.startsiden.no

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programfiler\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll

O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: important - {9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} - (no file)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programfiler\Spyware Terminator\sp_rsser.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 8200 bytes

 

 

------------------------

Combo:

 

 

 

ComboFix 08-04-09.5 - HP_Eier 2008-04-10 0:01:24.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.107 [GMT 2:00]

Running from: C:\Documents and Settings\HP_Eier\Lokale innstillinger\Temporary Internet Files\Content.IE5\D14MEVIY\ComboFix[1].exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\375013\375013.dll

D:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))

.

 

2008-04-09 23:54 . 2008-04-09 23:54 <DIR> d-------- C:\Programfiler\Trend Micro

2008-04-09 23:53 . 2008-04-09 23:53 <DIR> d-------- C:\ComboFix 28Mars08

2008-04-09 21:01 . 2008-04-09 21:03 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy2

2008-04-09 20:58 . 2008-04-09 20:58 691,545 --a------ C:\WINDOWS\unins000.exe

2008-04-09 20:58 . 2008-04-09 20:58 2,548 --a------ C:\WINDOWS\unins000.dat

2008-04-09 20:36 . 2008-04-09 20:38 <DIR> d-------- C:\WINDOWS\$regcmp$

2008-04-09 20:35 . 2008-04-09 20:35 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy

2008-04-09 20:35 . 2008-04-09 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-04-09 20:34 . 2008-04-09 20:34 <DIR> d-------- C:\Programfiler\Registry Clean Expert

2008-04-09 20:34 . 2008-04-09 20:34 <DIR> d-------- C:\Documents and Settings\HP_Eier\Programdata\Auslogics

2008-04-09 20:33 . 2008-04-09 20:33 <DIR> d-------- C:\Programfiler\AusLogics Disk Defrag

2008-04-09 20:28 . 2008-04-09 20:31 <DIR> d-------- C:\Documents and Settings\HP_Eier\Programdata\Spyware Terminator

2008-04-09 20:26 . 2008-04-09 20:26 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2008-04-09 20:25 . 2008-04-09 20:25 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe

2008-04-09 20:22 . 2008-04-09 20:31 <DIR> d-------- C:\Programfiler\Spyware Terminator

2008-04-09 20:22 . 2008-04-09 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spyware Terminator

2008-04-09 19:44 . 2008-04-09 19:44 <DIR> d-------- C:\Programfiler\Windows Defender

2008-04-09 19:19 . 2008-04-09 19:19 276 --a------ C:\WINDOWS\system32\MRT.INI

2008-04-09 19:16 . 2008-04-09 19:29 <DIR> d-------- C:\Documents and Settings\HP_Eier\Programdata\AVG7

2008-04-09 19:14 . 2008-04-09 19:14 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7

2008-04-09 19:13 . 2008-04-09 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft

2008-04-09 19:13 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7

2008-04-09 19:11 . 2008-04-09 19:23 1,355 --a------ C:\WINDOWS\imsins.BAK

2008-04-09 18:55 . 2008-04-09 18:57 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-04-09 18:55 . 2008-04-09 18:55 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-04-09 18:55 . 2008-04-09 18:55 <DIR> d-------- C:\Documents and Settings\HP_Eier\Programdata\SUPERAntiSpyware.com

2008-04-09 18:55 . 2008-04-09 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-04-09 18:50 . 2008-04-09 18:58 <DIR> d-------- C:\Programfiler\NoAdware5.0

2008-04-09 18:49 . 2008-04-09 18:49 <DIR> d-------- C:\Programfiler\ffdshow

2008-04-09 18:49 . 2008-10-02 20:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-04-09 18:49 . 2008-10-02 20:30 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-04-09 18:49 . 2008-10-02 20:30 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm

2008-04-09 18:49 . 2008-10-02 20:30 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-04-09 16:31 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-04-09 16:31 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys

2008-04-09 16:28 . 2004-08-04 00:57 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-04-09 16:28 . 2004-08-04 00:57 14,720 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-04-09 16:08 . 2008-04-09 19:27 <DIR> d-------- C:\Programfiler\Fellesfiler\AdvancedCleaner

2008-04-04 16:32 . 2008-04-04 16:34 <DIR> d-------- C:\Documents and Settings\HP_Eier\Programdata\RegSweep

2008-04-04 16:31 . 2008-04-04 16:39 <DIR> d-------- C:\Programfiler\RegSweep

2008-04-02 20:43 . 2008-04-02 21:08 <DIR> d-------- C:\Programfiler\MinneSparere

2008-04-02 20:26 . 2008-04-10 00:03 <DIR> d-------- C:\WINDOWS\system32\375013

2008-04-02 20:25 . 2008-04-09 22:03 <DIR> d-------- C:\Programfiler\NetProject

2008-03-29 11:42 . 2008-04-09 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-03-23 23:39 . 2008-03-23 23:39 <DIR> d-------- C:\Programfiler\FBrowserAdvisor

2008-03-22 16:25 . 2008-03-22 16:25 <DIR> d-------- C:\Programfiler\Fellesfiler\xing shared

2008-03-22 16:09 . 2008-03-22 16:48 <DIR> d-------- C:\Programfiler\StreamerOne

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-09 21:51 --------- d-----w C:\Programfiler\Symantec AntiVirus

2008-04-09 16:23 --------- d-----w C:\Programfiler\Sonic

2008-04-09 16:23 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-04-09 16:14 --------- d-----w C:\Programfiler\Windows Live Toolbar

2008-04-09 16:13 --------- d-----w C:\Programfiler\Symantec

2008-04-09 15:14 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-04-09 14:58 --------- d-----w C:\Programfiler\Microsoft Works

2008-04-09 14:27 --------- d-----w C:\Programfiler\Google

2008-04-09 14:25 --------- d-----w C:\Programfiler\Cyanide

2008-04-09 14:23 --------- d-----w C:\Programfiler\DivX

2008-04-09 14:18 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-04-06 17:38 --------- d-----w C:\Documents and Settings\HP_Eier\Programdata\LimeWire

2008-04-02 18:45 203,792 ----a-w C:\Documents and Settings\HP_Eier\Programdata\setup_no[1].exe

2008-03-29 11:03 6,636 ----a-w C:\Documents and Settings\HP_Eier\Programdata\wklnhst.dat

2008-03-23 23:08 --------- d-----w C:\Programfiler\Java

2008-03-22 14:25 --------- d-----w C:\Programfiler\Fellesfiler\Real

2008-02-20 00:47 --------- d-----w C:\Programfiler\LimeWire

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 01:44 61440]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-26 00:17 90112]

"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 07:12 49152]

"Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 05:05 344064]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-09 23:46 579072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-09 19:14 219136]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 07:23:26 282624]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"C:\\Programfiler\\StreamerOne\\StreamerOne.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"=

 

R3 HPKBCCID;HP Keyboard Smart Card Driver;C:\WINDOWS\system32\DRIVERS\HPKBCCID.sys [2006-11-07 04:32]

R3 WLD675;3Com 3CRDAG675 Wireless LAN PCI Adapter;C:\WINDOWS\system32\DRIVERS\wld675f.sys [2003-07-10 12:00]

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03]

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2007-10-14 20:44:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-03-12 19:27:50 C:\WINDOWS\Tasks\Internett-tjenester.job"

- C:\Programfiler\Hewlett-Packard\SDP\HPSdpApp.exea/remind /LaunchPoint reminder /App C:\Programfiler\Hewlett-Packard\Internet Services\StartIS.aml

"2008-04-09 21:53:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-10 00:03:46

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-04-10 0:05:10

ComboFix-quarantined-files.txt 2008-04-09 22:05:01

Pre-Run: 152,432,685,056 byte ledig

Post-Run: 152,423,268,352 byte ledig

.

2008-04-09 17:24:01 --- E O F ---

Endret 9. april 2008 av nasse222

[r2d290]

kjør BARE hijackthis, søk gjennom, sett hake foran følgende linjer, og trykk fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

 

edit: du har tre forskjellige spyware-programmer:

spyware terminator

spybot search and destroy

superantispyware

 

jeg fårslår at du beholder et (gjerne det siste), og avinstallerer resten med legg til/fjern programmer.

 

Du har både AVG og Norton på maskinen din. Velg et av de. Hvis du alerede har prøvd å avinstallere norton, så har du ikke fått med deg alt. kjør isåfall Norton removal tool.

 

Combofix-loggen får noen andre se på

Endret 10. april 2008 av r2d290

[norbat]

Avinstaller fra legg til/fjern programmer, hvis mulig:

NetProject

Minnesparere

AdvancedCleaner

NoAdware5.0

 

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\imsins.BAK

 

Folder::

C:\Programfiler\NetProject

C:\WINDOWS\system32\375013

C:\Programfiler\MinneSparere

C:\Programfiler\Fellesfiler\AdvancedCleaner

C:\Programfiler\NoAdware5.0

 

Post Combofix-loggen + ny hjt-logg.

[nasse222]

takker for svar, men lynet tok knekken på pcen!!!!! At det går ann

 

Jaja, det kommer sikkert fler spørsmål fra meg etterhvert...

Ikke akkurat dagen min idag, spysyke, ryggoperert, nakkesleng etter bilulykke, og mistet lappen etter å ha knust Mercedesen min..

Heja Nårje..

 

Men takk for svar og hjelp!!!

 

 

Mvh

Nasse-søvnløs.

[r2d290]

er det mulig

 

jaja... du får si ifra hvis det blir flere problemer da...