kong_haakon Skrevet 29. april 2008 Skrevet 29. april 2008 (endret) Hei! Har fått noe dritt gjennom nettverket til en jeg bor med tror jeg.. Han hadde visst akkurat hatt noe som ligna og tipsa meg om at dere var magikere med sånt.. Har kjørt hele langversjonen på første sida og her er loggene mine.. håper dere kan hjelpe meg! CombofixLog: [skjult]ComboFix 08-04-28.2 - Ola Håkon 2008-04-29 19:46:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1451 [GMT 2:00] Running from: C:\Documents and Settings\Ola Håkon\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini C:\WINDOWS\system32\BHjlknmp.ini C:\WINDOWS\system32\BHjlknmp.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\thtwmcjk.dll C:\WINDOWS\system32\wwrkgxep.ini C:\WINDOWS\system32\yhwonsyx.dll . ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))) . 2008-04-29 18:51 . 2008-04-29 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-04-29 18:50 . 2008-04-29 18:50 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-04-29 18:47 . 2008-04-29 18:47 <DIR> d-------- C:\Programfiler\CCleaner 2008-04-28 23:51 . 2008-04-29 11:13 109,747 --a------ C:\WINDOWS\BM47b1b7ed.xml 2008-04-27 19:13 . 2005-05-13 09:21 120,832 --a------ C:\WINDOWS\system32\APFAXCNV.DLL 2008-04-27 19:13 . 2001-07-16 02:06 12,288 --a------ C:\WINDOWS\system32\APFMON40.DLL 2008-04-27 13:51 . 2008-04-27 13:51 413 --a------ C:\WINDOWS\BRWMARK.INI 2008-04-27 13:51 . 2008-04-27 13:51 34 --a------ C:\WINDOWS\system32\BD2030.DAT 2008-04-22 00:00 . 2008-04-22 00:01 <DIR> d-------- C:\Programfiler\CLUE 2008-04-20 00:18 . 2008-04-20 00:18 <DIR> d--h----- C:\WINDOWS\PIF 2008-04-13 21:09 . 2004-03-08 20:30 609,824 --a------ C:\WINDOWS\system32\ComCtl32.ocx 2008-04-13 21:09 . 2005-07-15 12:49 245,760 --a------ C:\WINDOWS\system32\aUpdateNow.ocx 2008-04-13 21:09 . 2004-03-08 18:00 132,880 --a------ C:\WINDOWS\system32\msinet.ocx 2008-04-12 00:58 . 2008-04-12 00:58 <DIR> d-------- C:\Programfiler\MySpace Views Increaser 2008-04-11 23:27 . 2008-04-14 11:49 <DIR> d-------- C:\Programfiler\Badder Adder 2008-04-11 23:27 . 2000-07-15 00:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL 2008-04-07 11:08 . 2008-04-07 11:08 <DIR> d-------- C:\Programfiler\iPod 2008-03-31 22:11 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-03-31 22:11 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-29 16:49 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-28 22:28 --------- d-----w C:\Programfiler\VideoLAN 2008-04-11 23:27 --------- d-----w C:\Programfiler\BitComet 2008-04-07 09:11 --------- d-----w C:\Programfiler\Free CD-DA Extractor 4.8 2008-04-07 09:09 --------- d-----w C:\Programfiler\iTunes 2008-04-07 09:07 --------- d-----w C:\Programfiler\QuickTime 2008-03-14 09:10 --------- d-----w C:\Programfiler\Java 2007-06-10 06:52 168 --sh--r C:\WINDOWS\system32\B320DFEDC0.sys 2007-06-10 06:54 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{990602cd-6671-4369-8217-37d438de5cee}] C:\WINDOWS\system32\ymregjqd.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2007-02-20 13:29 1191936] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056] "IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 19:04 802816] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 18:58 696320] "PCMService"="C:\Programfiler\Dell\MediaDirect\PCMService.exe" [2006-08-22 16:32 184320] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "Ad-Watch"="C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-07-06 13:12 2224128] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224] "H2O"="C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024] "Resume copy"="copyfstq.exe" [2007-10-15 19:29 73728 C:\WINDOWS\copyfstq.exe] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "44828471"="C:\WINDOWS\system32\pexgkrww.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-10 16:16:37 113664] Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2007-06-01 17:45:04 24576] M-Audio Ozone Control Panel Launcher.lnk - C:\Programfiler\M-Audio Ozone\OZTask.exe [2003-01-31 19:34:50 98304] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi2"= usbnz1x1.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Dell Network Assistant\\ezi_hnm2.exe"= "C:\\Programfiler\\Dell\\MediaDirect\\PCMService.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\BitComet\\BitComet.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC "15267:TCP"= 15267:TCP:BitComet 15267 TCP "15267:UDP"= 15267:UDP:BitComet 15267 UDP "22321:TCP"= 22321:TCP:BitComet 22321 TCP "22321:UDP"= 22321:UDP:BitComet 22321 UDP R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08] S3 ma763008;M-Audio Ozone;C:\WINDOWS\system32\drivers\MA763008.sys [2007-08-05 17:42] S3 MADFU008;MADFU008;C:\WINDOWS\system32\DRIVERS\MADFU008.sys [2007-08-05 17:42] S3 USBNZ1X1;M-Audio Ozone Midi;C:\WINDOWS\system32\drivers\usbnz1x1.sys [2007-08-05 17:42] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc *Newly Created Service* - AD-WATCH_REAL-TIME_SCANNER *Newly Created Service* - AD-WATCH_REGISTRY_FILTER . Contents of the 'Scheduled Tasks' folder "2008-04-19 14:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-04-25 01:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job" - C:\Programfiler\RegClean\RegClean.ex - C:\Programfiler\RegClea . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-29 19:50:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKEEPER.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Documents and Settings\All Users\Programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE C:\Programfiler\Dell Network Assistant\hnm_svc.exe C:\Programfiler\M-Audio Ozone\Install\ozinst.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Completion time: 2008-04-29 19:54:30 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-29 17:54:26 Pre-Run: 10,136,899,584 byte ledig Post-Run: 10,070,020,096 byte ledig 165 --- E O F --- 2008-04-11 05:49:40 [/skjult] Her er SAS logg: [skjult] SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/29/2008 at 07:20 PM Application Version : 4.0.1154 Core Rules Database Version : 3450 Trace Rules Database Version: 1442 Scan type : Complete Scan Total Scan Time : 00:20:37 Memory items scanned : 679 Memory threats detected : 4 Registry items scanned : 5328 Registry threats detected : 10 File items scanned : 12661 File threats detected : 4 Trojan.Vundo-Variant/F C:\WINDOWS\SYSTEM32\AWTROFDE.DLL C:\WINDOWS\SYSTEM32\AWTROFDE.DLL C:\WINDOWS\SYSTEM32\PEXGKRWW.DLL C:\WINDOWS\SYSTEM32\PEXGKRWW.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}\InprocServer32 HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awtrOfde Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\PMNKLJHB.DLL C:\WINDOWS\SYSTEM32\PMNKLJHB.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\YMREGJQD.DLL C:\WINDOWS\SYSTEM32\YMREGJQD.DLL Adware.Vundo-Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73B4F597-4145-4299-9D14-8C7C3E7A5C32} HKCR\CLSID\{73B4F597-4145-4299-9D14-8C7C3E7A5C32} HKCR\CLSID\{73B4F597-4145-4299-9D14-8C7C3E7A5C32}\InprocServer32 HKCR\CLSID\{73B4F597-4145-4299-9D14-8C7C3E7A5C32}\InprocServer32#ThreadingModel [/skjult] og til sist hijackthis loggen: [skjult] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:00:16, on 29.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Documents and Settings\All Users\Programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE C:\Programfiler\Dell Network Assistant\hnm_svc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\M-Audio Ozone\Install\Ozinst.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Dell\MediaDirect\PCMService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\M-Audio Ozone\OZTask.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Ola Håkon\Skrivebord\HiJackThis\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=6070601 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=no&s=gen R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=6070601 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.no/ig/dell?hl=no&cli...amp;ibd=6070601 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: {eec5ed83-4d73-7128-9634-1766dc206099} - {990602cd-6671-4369-8217-37d438de5cee} - C:\WINDOWS\system32\ymregjqd.dll (file missing) O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Ad-Watch] C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [44828471] rundll32.exe "C:\WINDOWS\system32\pexgkrww.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Programfiler\M-Audio Ozone\OZTask.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programfiler\Dell Network Assistant\hnm_svc.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: Ozone Installer (OzoneInstallerService) - Nemesis - C:\Programfiler\M-Audio Ozone\Install\Ozinst.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9443 bytes [/skjult] Endret 29. april 2008 av kong_haakon
norbat Skrevet 29. april 2008 Skrevet 29. april 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: {eec5ed83-4d73-7128-9634-1766dc206099} - {990602cd-6671-4369-8217-37d438de5cee} - C:\WINDOWS\system32\ymregjqd.dll (file missing) O4 - HKLM\..\Run: [44828471] rundll32.exe "C:\WINDOWS\system32\pexgkrww.dll",b Bruk utforsker til å finne og slette følgende fil (i fet skrift): C:\WINDOWS\BM47b1b7ed.xml Ut over dette ser loggene fine ut. Hvordan kjører PC-en?
kong_haakon Skrevet 29. april 2008 Forfatter Skrevet 29. april 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:O2 - BHO: {eec5ed83-4d73-7128-9634-1766dc206099} - {990602cd-6671-4369-8217-37d438de5cee} - C:\WINDOWS\system32\ymregjqd.dll (file missing) O4 - HKLM\..\Run: [44828471] rundll32.exe "C:\WINDOWS\system32\pexgkrww.dll",b Bruk utforsker til å finne og slette følgende fil (i fet skrift): C:\WINDOWS\BM47b1b7ed.xml Ut over dette ser loggene fine ut. Hvordan kjører PC-en? Nå er det som en drøm her i forhold til i stad ihvertfall! Tusen hjertelig takk for hjelpen!! Magisk!
norbat Skrevet 29. april 2008 Skrevet 29. april 2008 (endret) Du kan godt oppdatere til IE 7 (vil tro du har mulighet til å få den gjennom windows update). Du kan også avinstallere combofix. Det gjøres ved å skrive combofix /u fra kjør-feltet (start->kjør) Dette nullstiller også systemgjenopprettingen slik at du ikke blir infisert ved en evt. systemgjenoppretting senere. Surf trygt. Endret 29. april 2008 av norbat
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå