[rsteenoven]

Jeg har lest at dette er dårlig, jeg har ikke Internet Explorer, men det er fortsatt kjører i min Oppgavebehandling (jeg dont overveie det er ment å være i store bokstaver), er det sakker datamaskinen min. Er det et virus? spyware etc?

Hvordan fjerner jeg det?

[evilfantasy]

Kan ta en rask titt.

Last ned og endre navn HijackThis (HJT)

• Dobbeltklikk på HJTInstall.
• Klikk på Installer knappen.
• Det vil automatisk plass HJT i C: \ Programfiler \ TrendMicro \ HijackThis \ HijackThis.exe.
• Ved å installere, HijackThis skal åpne for deg.
  • Lukk HijackThis og endre navnet.
  • Gå til C: \ Programfiler \ Trend Micro \HijackThis.exe
  • Høyreklikk på HijackThis.exe og velg Rename.
  • Skriv inn sniper.exe og trykk Angi.
  • Høyreklikk på sniper.exe og velg Send til > Desktop (opprette snarvei)
• Fra skrivebordet åpner HiackThis.
• Hvis du bruker Windows Vista, må du Kjør som Administrator
• Klikk på Gjør et system skanne og lagre en loggfil knappen
• HijackThis skanner og deretter en logg åpnes i notepad.
• Kopier og lim loggen i innlegget.
  • Ikke har Hijackthis fikse noe ennå. Det meste av det de finner vil være harmløs eller kreves.

Selv om vi har omdøpt HijackThis til snikskytter, vi vil likevel se det som HijackThis eller HJT.

[rsteenoven]

Av en eller annen grunn jeg skrånende se IEXPLORE.EXE her, men det er definitivt i tm

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 7:02:55 PM, on 1/15/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Windows Live \ Messenger \ usnsvc.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe
C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Programfiler \ Logitech \ Video \ LogiTray.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ DNA \ btdna.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ Programfiler \ Logitech \ Video \ FxSvr2.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ Programfiler \ Windows Media Player \ wmplayer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Programfiler \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Programfiler \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Second balltre kreative topp] C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ døde lite.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Programfiler \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ PROGRAMMER ~ 1 \ WAYBOW ~ 1 \ Nurb mer noun.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra knappen: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra "Verktøy" MENUITEM: S & end til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Klassifikasjon) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Klassifikasjon) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
End of file - 7104 bytes

[evilfantasy]

Ja du har noen dårlige infeksjoner.

Trinn 1

Last ned NoLop.exe til skrivebordet:

• Lukk programmer du har publisert siden en omstart er nødvendig
• Dobbeltklikk NoLop.exe å kjøre den
• Neste Klikk: Search and Destroy
  <<your maskinen vil nå bli skannet for infisert files>>
• Når skanningen er fullført, hvis smittet, blir du bedt om å starte på nytt
• Klikk OK
• Nå klikker: Reboot
• En melding skal popup fra NoLop. Hvis ikke, dobbeltklikker du programmet på nytt og det vil finish.
• Post innholdet i C: \ NoLop.log i neste svaret.

Merk: Hvis du mottar en feilmelding, "mscomctl.ocx eller en av avhengigheter er ikke korrekt registrert, kan du laste ned mscomctl.ocx til System32 deretter kjøre programmet.

---------------

Trinn 2

Laste ned SUPERAntispyware Free Edition (SAS)

• Dobbeltklikk på ikonet på skrivebordet for å kjøre installasjonsprogrammet.
• Når spurt om å Oppdatering programmet definisjoner, klikk Ja
• Neste Klikk Preferanser knappen.
• Klikk Scanning Control tab.
• Under Scanner Valg sørg bare følgende er kontrollert:
  • Lukk lesere før skanning
  • Søk etter sporingskapsler
  • Terminate minne trusler før quarantining
  • Vennligst la andre ukontrollert.
  • Klikk Lukk for å forlate kontrollsenter skjermen.
• Klikk Lukke knappen for å forlate kontrollsenter skjermen.
• På hovedskjermen klikk Skanner datamaskinen
• På venstre sjekk C: \ Fixed Drive
• På høyre velge Utfør Complete Scan
• Klikk Neste å starte skanningen. Vær tålmodig mens den skanner datamaskinen din.
• Når skanningen er fullført et sammendrag boks. Klikk OK
• Sørg for at alt i den hvite boksen har et merke ved siden av den, klikk Neste
• Det vil karantene det funnet, og hvis den spør om du vil starte på nytt, klikker du Ja
• Å hente fjerningen informasjon, vennligst gjør følgende:
  • Etter omstart, dobbeltklikker SUPERAntiSpyware ikon på skrivebordet.
  • Klikk Preferanser. Klikk Statistikk / Logs tab.
  • Under Scanner Logger, dobbeltklikk SUPERAntiSpyware Scan Logg.
  • Det åpnes i standard tekstredigeringsprogram (for eksempel Notepad / Wordpad).
  • Lagre notisblokken filen på skrivebordet ved å klikke (i notepad) "Fil""Lagre som"
• Lagre loggen sted du lett kan finne den. (normalt skrivebordet)
• Klikk Lukk, og lukk igjen for å avslutte programmet.
• Vennligst kopier og lim loggen i innlegget.

----------

Trinn 3

Kjør en ny Hijackthis scan og post loggen

----------

Neste innlegg kan du legge til.
Innholdet i C: \ NoLop.log
SuperAntispyware logg
Ny Hijackthis logg

Det kan ta mer enn ett innlegg for å få alle de logger inn. Dette er greit hvis det er nødvendig.

[rsteenoven]

Nolop loggen:

NoLop! Logg av Skate_Punk_21

Fix kjører fra: C: \ Programfiler \ Mozilla Firefox
[1/15/2008]
[7:34:10 PM]

--- Smitte Files Found/Removed---
C: \ WINDOWS \ oppgaver \ ADB7C425918477B9.job

Begynnelsen fjerning ...
Start ...
Fjerne Løp's Leftover filer / mapper ...
Redigere registret ...
** Fix Complete! **

--- Listing AppData sub directories ---

C: \ Documents and Settings \ All Users \ Application Data \ Adobe
C: \ Documents and Settings \ All Users \ Application Data \ Apple
C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
C: \ Documents and Settings \ All Users \ Application Data \ Avg7
C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat
C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus! - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Help
C: \ Documents and Settings \ All Users \ Application Data \ Nvidia - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Sony
C: \ Documents and Settings \ All Users \ Application Data \ Temp - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Application Data \ Wlinstaller
C: \ Documents and Settings \ Default User \ Application Data \ Microsoft
C: \ Documents and Settings \ Localservice \ Application Data \ Avg7 - EMPTY Directory
C: \ Documents and Settings \ Localservice \ Application Data \ Microsoft
C: \ Documents and Settings \ Localservice \ Application Data \ Xfire - EMPTY Directory
C: \ Documents and Settings \ NetworkService \ Application Data \ Microsoft
C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire - EMPTY Directory
C: \ Documents and Settings \ Richard \ Application Data \ Adobe
C: \ Documents and Settings \ Richard \ Application Data \ Apple Computer
C: \ Documents and Settings \ Richard \ Application Data \ Avg7
C: \ Documents and Settings \ Richard \ Application Data \ Bittorrent
C: \ Documents and Settings \ Richard \ Application Data \ DivX
C: \ Documents and Settings \ Richard \ Application Data \ DNA
C: \ Documents and Settings \ Richard \ Application Data \ Dvdcss
C: \ Documents and Settings \ Richard \ Application Data \ Fotowire
C: \ Documents and Settings \ Richard \ Application Data \ gtk-2,0
C: \ Documents and Settings \ Richard \ Application Data \ Identities
C: \ Documents and Settings \ Richard \ Application Data \ InstallShield
C: \ Documents and Settings \ Richard \ Application Data \ Macromedia
C: \ Documents and Settings \ Richard \ Application Data \ Microsoft
C: \ Documents and Settings \ Richard \ Application Data \ Monkeyjam
C: \ Documents and Settings \ Richard \ Application Data \ Mozilla
C: \ Documents and Settings \ Richard \ Application Data \ Publiser Leverandører - EMPTY Directory
C: \ Documents and Settings \ Richard \ Application Data \ Real
C: \ Documents and Settings \ Richard \ Application Data \ Smartftp
C: \ Documents and Settings \ Richard \ Application Data \ Sony
C: \ Documents and Settings \ Richard \ Application Data \ Sony Setup
C: \ Documents and Settings \ Richard \ Application Data \ søndag
C: \ Documents and Settings \ Richard \ Application Data \ Systemrequirementslab
C: \ Documents and Settings \ Richard \ Application Data \ VLC
C: \ Documents and Settings \ Richard \ Application Data \ Waybowsreal
C: \ Documents and Settings \ Richard \ Application Data \ Xfire


Super anti spyware loggen:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/15/2008 at 08:32

Application Version: 3.9.1008

Core Rules Database Version: 3380
Trace Rules Database Version: 1374

Scan type: Complete Scan
Total Scan Time: 00:46:41

Minne eks skannet: 385
Minne trusler oppdages: 0
Registerelementene skannet: 5574
Registerverdi trusler oppdages: 0
Fil eks skannet: 40825
Fil trusler oppdages: 66

Adware.Tracking Cookie
C: \ Documents and Settings \ Richard \ Cookies \ richard @ Cassava [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ fastclick [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ casalemedia [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.ppctracking [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ serverer-sys [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.adserver5 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ carphonewarehouse .112.2 o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@m1.webstats.motig o [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.vlaze [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@reduxads.valuead [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@rotator.adjuggler [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 888 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ uk [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 247realmedia [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adfarm1.adition [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@login.tracking101 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@stats.channel4 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ azjmp [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@partygaming.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ DoubleClick [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ annonsering [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ bluestreak [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anad.tacoda [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ehg-youtube.hitbox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.carnavalca Sino [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 60915153 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@tracking.foxnews [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.veoh [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.clash-media [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@a.websponsors [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.casino.bla ckpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@prospect.adbureau [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ adrevolver [3]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.bingo.blac kpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ p [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ Lycos-de [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@eas.apm.emediate [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.zanox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ net-inntekter [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ hitbox [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ revsci [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@statse.webtrendsl Ive [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ questionmarket [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.addynamix [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 2o7 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ pacificpoker [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ mediaplex [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.xfire [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ atdmt [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ apmebf [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ partypoker [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ zedo [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ adrevolver [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adserver.filefron t [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ a [1]. Txt

Adware.180solutions/ZangoSearch
C: \ System Volume Information \ _Restore (39B7D61A-C471-441E-B6D4-5930E1D582CD) \ RP37 \ A0003673.EXE

Hi Jack loggen:

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 8:38:58 PM, on 1/15/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe
C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Programfiler \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ DNA \ btdna.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ Programfiler \ Logitech \ Video \ FxSvr2.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Programfiler \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Programfiler \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Second balltre kreative topp] C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ døde lite.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Programfiler \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ PROGRAMMER ~ 1 \ WAYBOW ~ 1 \ Nurb mer noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra knappen: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra "Verktøy" MENUITEM: S & end til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Klassifikasjon) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Klassifikasjon) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
End of file - 7041 bytes


Jeg håper dette er tilstrekkelig

[evilfantasy]

Åpne HijackThis og velg Gjør et søk deretter plassere et merke ved siden:

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)


Lukk alle vinduer unntatt HijackThis og klikk Fix kontrolleres

Avslutt Hijackthis.

----------

Last ned Combofix av ubåter fra én av de nedenfor koblinger.
(Prøv alle tre om nødvendig)

• Link # 1
• Link # 2
• Link # 3

VIKTIG - Combofix.exe MÅ være lagret på din Desktop.

• Lukk alle åpne weblesere. (Firefox, Internet Explorer, osv.)
• Lukk / deaktiver alle anti-virus og anti malware-programmene slik at de ikke forstyrrer Combofix. <- VIKTIG
  • Klikk på denne koblingen å se en liste over programmer som skal være deaktivert. Hvis din ikke er oppført og du ikke vet hvordan du deaktivere den, kan du spørre.
• Dobbeltklikk combofix.exe og følg instruksjonene.
  • Fra tastaturet velger 1 og trykk Angi
• Når du er ferdig, vil den produsere en logg for deg.
• Post denne loggen i din neste svaret.

Ikke mouseclick combofix's vinduet mens den kjører.
Skanningen vil midlertidig deaktivere skrivebordet.
Hvis avbrutt kan det forlater maskinen fryst.
Hvis dette skjer, kan du starte på nytt for å gjenopprette skrivebordet.


----------

Neste post
Combofix log

[rsteenoven]

ComboFix 08-01-15.4 - Richard 2008-01-15 21:03:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.587 [GMT 0:00]
Running from: C: \ Documents and Settings \ Richard \ Skrivebord \ ComboFix.exe
* Opprettet et nytt gjenopprettingspunkt

ADVARSEL-Denne maskinen har ikke gjenopprettingskonsollen INSTALLERT!
.

((((((((((((((((((((((((( Files Created fra 2007-12-15 til 2008-01-15 ))))))))))) ))))))))))))))))))))
.

2008-01-15 21:03. 2000-08-31 08:00 51.200 - en ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 19:41. 2008-01-15 20:38 <DIR> d -------- C: \ Programfiler \ SUPERAntiSpyware
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Wise Installation Wizard
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:34. 2008-01-15 19:36 <DIR> d -------- C: \ NoLopBackups
2008-01-15 19:01. 2008-01-15 19:01 <DIR> d -------- C: \ Programfiler \ Trend Micro
2008-01-15 16:32. 2008-01-15 16:32 <DIR> d -------- C: \ Programfiler \ WayBowsReal
2008-01-11 10:27. 2005-05-26 15:34 2.297.552 - en ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008-01-11 10:26. 2008-01-11 10:26 22.328 - en ------ C: \ Documents and Settings \ Richard \ Application Data \ PnkBstrK.sys
2008-01-11 10:25. 2008-01-11 10:25 319 - en ------ C: \ WINDOWS \ game.ini
2008-01-11 10:15. 2008-01-11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008-01-11 10:14. 2008-01-11 10:14 <DIR> d - hs ---- C: \ WINDOWS \ ftpcache
2008-01-11 00:29. 2008-01-11 00:29 54.608 - en ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008-01-05 21:00. 2008-01-05 21:00 <DIR> d - h ----- C: \ WINDOWS \ $ hf_mig $
2008-01-03 18:41. 2008-01-03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
2008-01-03 18:00. 2008-01-03 18:00 <DIR> d -------- C: \ Programfiler \ Messenger Plus! Leve
2008-01-03 18:00. 2008-01-15 19:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ WayBowsReal
2008-01-03 18:00. 2008-01-15 16:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat
2007-12-30 16:54. 2007-12-30 16:54 <DIR> d -------- C: \ Programfiler \ hviske Technology
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client 2.5 Setup Files
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SmartFTP
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Publish Providers
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Programfiler \ Vstplugins
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Programfiler \ Sony
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Programfiler \ Sony Setup
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony Setup
2007-12-29 23:30. 2008-01-15 17:00 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007-12-29 23:30. 2007-12-29 23:30 1.409 - en ------ C: \ WINDOWS \ QTFont.for
2007-12-29 15:45. 2007-12-29 15:45 <DIR> d -------- C: \ Programfiler \ FPS
2007-12-29 15:45. 2007-12-29 15:45 286.720 --------- C: \ WINDOWS \ Setup1.exe
2007-12-29 15:45. 2007-12-29 15:45 73.216 - en ------ C: \ WINDOWS \ ST6UNST.EXE
2007-12-29 12:08. 2004-08-03 23:10 10.880 - en ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007-12-29 12:08. 2004-08-03 23:10 10.880 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - en ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ SXS
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Programfiler \ Logitech
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ FotoWire
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ FotoWire
2007-12-29 12:03. 2007-12-29 12:03 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Logitech
2007-12-28 19:09. 2007-12-28 19:46 <DIR> d -------- C: \ Programfiler \ eMule
2007-12-28 17:29. 2007-12-28 17:29 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DivX
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Fraps
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2007-12-24 17:11. 2007-07-30 19:19 271.224 - en ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007-12-24 17:11. 2007-07-30 19:19 207.736 - en ------ C: \ WINDOWS \ system32 \ muweb.dll
2007-12-24 17:11. 2007-07-30 19:19 30.072 - en ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007-12-23 21:01. 2008-01-03 20:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ gtk-2,0
2007-12-23 21:01. 2007-12-23 21:01 <DIR> d -------- C: \ Documents and Settings \ Richard \. Miniatyrbilder
2007-12-23 21:00. 2007-12-23 21:00 <DIR> d -------- C: \ Programfiler \ GIMP-2,0
2007-12-23 21:00. 2008-01-03 20:54 <DIR> d -------- C: \ Documents and Settings \ Richard \. Gimp-2.4
2007-12-22 15:39. 2007-12-22 15:39 <DIR> d -------- C: \ Programfiler \ DNA
2007-12-22 15:39. 2008-01-15 20:56 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DNA
2007-12-22 15:39. 2007-12-28 19:40 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ BitTorrent
2007-12-22 15:22. 2007-12-22 15:22 <DIR> d -------- C: \ Program Files \ Audacity
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Programfiler \ MonkeyJam
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ MonkeyJam
2007-12-22 15:21. 2005-02-27 17:11 424.960 - en ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007-12-21 15:27. 2007-12-21 15:27 <DIR> d -------- C: \ Programfiler \ Microsoft Works
2007-12-21 15:27. 2006-10-26 19:56 32.592 - en ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007-12-21 15:26. 2007-12-21 15:26 <DIR> d -------- C: \ Programfiler \ MSBuild
2007-12-21 15:23. 2007-12-21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007-12-21 15:22. 2007-12-21 15:22 <DIR> dr-h ----- C: \ MSOCache
2007-12-21 15:22. 2007-12-21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Help
2007-12-19 19:56. 2007-12-28 13:01 <DIR> d -------- C: \ Programfiler \ DivX
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Programfiler \ Videolan
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ VLC
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ dvdcss
2007-12-15 23:36. 2007-12-22 15:29 <DIR> d -------- C: \ Programfiler \ Real
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ xing delt
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 19:36 --------- d ----- w C: \ Programfiler \ Xfire
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ AVG7
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-01-15 17:46 22.328 ---- aw C: \ WINDOWS \ system32 \ drivers \ PnkBstrK.sys
2008-01-15 17:46 107.832 ---- aw C: \ WINDOWS \ system32 \ PnkBstrB.exe
2008-01-15 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Xfire
2008-01-11 23:18 --------- d ----- w C: \ Programfiler \ SpeedFan
2008-01-11 22:26 5.615 ---- aw C: \ Programfiler \ install.log
2008-01-11 19:06 66.872 ---- aw C: \ WINDOWS \ system32 \ PnkBstrA.exe
2008-01-11 10:25 --------- d - h - w C: \ Programfiler \ InstallShield Installasjonsinformasjon
2007-12-22 15:26 --------- d ----- w C: \ Programfiler \ Fellesfiler \ InstallShield
2007-12-21 18:56 --------- d ----- w C: \ Programfiler \ Wolfenstein - Enemy Territory
2007-12-12 21:45 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Adobe
2007-12-12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007-12-12 21:31 --------- d ----- w C: \ Programfiler \ SystemRequirementsLab
2007-12-12 20:38 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Apple Computer
2007-12-12 20:32 --------- d ----- w C: \ Programfiler \ Windows Media Connect 2
2007-12-12 20:04 --------- d ----- w C: \ Programfiler \ QuickTime
2007-12-12 20:03 --------- d ----- w C: \ Programfiler \ Apple Software Update
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2007-12-10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ Xfire
2007-12-10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire
2007-12-10 18:58 --------- d ----- w C: \ Programfiler \ CCleaner
2007-12-10 18:02 --------- d ----- w C: \ Programfiler \ Java
2007-12-10 18:02 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ SystemRequirementsLab
2007-12-10 18:00 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Java
2007-12-10 17:54 --------- dcsh - w C: \ Programfiler \ Fellesfiler \ WindowsLiveInstaller
2007-12-10 17:54 --------- d ----- w C: \ Programfiler \ Windows Live
2007-12-10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2007-12-10 17:39 --------- d ----- w C: \ Programfiler \ RivaTuner v2.06
2007-12-08 22:50 12.464 ---- aw C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007-12-07 18:43 499.712 ---- aw C: \ WINDOWS \ system32 \ msvcp71.dll
2007-12-07 18:43 348.160 ---- aw C: \ WINDOWS \ system32 \ msvcr71.dll
2007-12-07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007-12-07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007-12-07 18:24 --------- d ----- w C: \ Programfiler \ AquaMark3
2007-12-07 17:45 --------- d ----- w C: \ Programfiler \ Realtek
2007-12-07 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ InstallShield
2007-12-07 17:44 4.716 ---- aw C: \ WINDOWS \ gdrv.sys
2007-12-07 17:43 --------- d ----- w C: \ Programfiler \ Intel
2007-12-07 17:42 --------- d ----- w C: \ Programfiler \ Yahoo!
2007-12-07 17:37 --------- d ----- w C: \ Programfiler \ Microsoft FrontPage
2007-12-04 01:33 823.296 ---- aw C: \ WINDOWS \ system32 \ divx_xx0c.dll
2007-12-04 01:33 823.296 ---- aw C: \ WINDOWS \ system32 \ divx_xx07.dll
2007-12-04 01:33 802.816 ---- aw C: \ WINDOWS \ system32 \ divx_xx11.dll
2007-12-04 01:33 682.496 ---- aw C: \ WINDOWS \ system32 \ DivX.dll
2007-11-29 22:30 524.288 ---- aw C: \ WINDOWS \ system32 \ DivXsm.exe
2007-11-29 22:30 3.596.288 ---- aw C: \ WINDOWS \ system32 \ qt-dx331.dll
2007-11-29 22:30 200.704 ---- aw C: \ WINDOWS \ system32 \ ssldivx.dll
2007-11-29 22:30 1.044.480 ---- aw C: \ WINDOWS \ system32 \ libdivx.dll
2007-11-29 22:28 81.920 ---- aw C: \ WINDOWS \ system32 \ dpl100.dll
2007-11-29 22:28 196.608 ---- aw C: \ WINDOWS \ system32 \ dtu100.dll
2007-11-28 21:55 156.992 ---- aw C: \ WINDOWS \ system32 \ DivXCodecVersionChecker.exe
2007-11-28 21:53 593.920 ---- aw C: \ WINDOWS \ system32 \ dpuGUI11.dll
2007-11-28 21:53 57.344 ---- aw C: \ WINDOWS \ system32 \ dpv11.dll
2007-11-28 21:53 53.248 ---- aw C: \ WINDOWS \ system32 \ dpuGUI10.dll
2007-11-28 21:53 344.064 ---- aw C: \ WINDOWS \ system32 \ dpus11.dll
2007-11-28 21:53 294.912 ---- aw C: \ WINDOWS \ system32 \ dpu11.dll
2007-11-28 21:53 294.912 ---- aw C: \ WINDOWS \ system32 \ dpu10.dll
2007-11-28 21:52 12.288 ---- aw C: \ WINDOWS \ system32 \ DivXWMPExtType.dll
2007-11-21 18:23 81.920 ---- aw C: \ WINDOWS \ system32 \ frapsvid.dll
2007-10-18 11:31 51.224 ---- aw C: \ WINDOWS \ system32 \ sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"BitTorrent DNA" = "C: \ Programfiler \ DNA \ btdna.exe" [2007-12-22 15:39 290112]
"curblicense" = "C: \ DOCUME ~ 1 \ Richard \ PROGRAMMER ~ 1 \ WAYBOW ~ 1 \ Nurb mer noun.exe" [2008-01-15 16:32 443904]
"SUPERAntiSpyware" = "C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task" = "C: \ Programfiler \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Programfiler \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Programfiler \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"Second bat kreative peak" = "C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ døde lite.exe" [2008-01-15 20:37 1348608]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Programfiler \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv; C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0); C: \ WINDOWS \ system32 \ drivers \ CamDrL2 1.sys [2004-02-14 04:09]

* Newly Created Service * - PROCEXP90
.
Innholdet i "Scheduled Tasks"-mappen
"2007-12-12 20:03:45 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Programfiler \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

CatchMe 0.3.1344 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 21:04:58
Windows 5.1.2600 Service Pack 2 NTFS

skanning skjulte prosesser ...

scanning hidden autostart entries ...

skanning skjulte filer ...

skanning er fullført
skjulte filer: 0

************************************************** ************************
.
Fullføringstidspunkt: 2008-01-15 21:05:11
.
2008-01-05 21:00:15 --- EOF ---

[evilfantasy]

Slett disse filer / mapper som følger:

1. Gå til Start > Løpe > Type Notepad.exe og klikk OK å åpne Notisblokk.
Det må være Notisblokk ikke Wordpad.

• Klikk Start , Deretter Løpe
• Type Notepad.exe i dialogboksen Kjør.

2. Kopier fet Teksten nedenfor ved å markere all teksten og trykke Ctrl + C


Arkiv::
C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ døde lite.exe
C: \ DOCUME ~ 1 \ Richard \ PROGRAMMER ~ 1 \ WAYBOW ~ 1 \ Nurb mer noun.exe

Registerverdi::
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"curblicense" =-
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Second bat kreative peak" =-


3. Gå til Notisblokk-vinduet og klikk Rediger > Lim
4. Deretter klikker du Fil > Lagre
5. Navn filen CFScript.txt - Lagre filen på skrivebordet
6. Dra CFScript (hold venstre museknapp mens du dra filen) og slipp den (release venstre museknapp) i ComboFix.exe som du ser i skjermbildet nedenfor. Viktig: Utføre denne instruksjonen nøye!



ComboFix begynner å kjøre, bare følg instruksjonene.
Etter reboot (i tilfelle den ber om å reboot), vil det generere en loggfil for deg.
Innlegg som log (Combofix.txt) i neste svaret.

Merk: Ikke mouseclick combofix's vinduet mens den kjører. Som kan føre til systemet ditt til å fryse

----------

Kjør en ny Hijackthis scan og post loggen.

----------

Neste post
Combofix log
Ny Hijackthis logg

[rsteenoven]

ComboFix 08-01-15.4 - Richard 2008-01-15 22:03:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.560 [GMT 0:00]
Running from: C: \ Documents and Settings \ Richard \ Skrivebord \ ComboFix.exe
Command brytere brukes:: C: \ Documents and Settings \ Richard \ Skrivebord \ CFScript.txt
* Opprettet et nytt gjenopprettingspunkt

ADVARSEL-Denne maskinen har ikke gjenopprettingskonsollen INSTALLERT!

FIL
C: \ DOCUME ~ 1 \ Richard \ PROGRAMMER ~ 1 \ WAYBOW ~ 1 \ Nurb mer noun.exe
C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ døde lite.exe
.

((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ DOCUME ~ 1 \ Richard \ PROGRAMMER ~ 1 \ WAYBOW ~ 1 \ Nurb mer noun.exe
C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ døde lite.exe

.
((((((((((((((((((((((((( Files Created fra 2007-12-15 til 2008-01-15 ))))))))))) ))))))))))))))))))))
.

2008-01-15 21:03. 2000-08-31 08:00 51.200 - en ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 19:41. 2008-01-15 20:38 <DIR> d -------- C: \ Programfiler \ SUPERAntiSpyware
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Wise Installation Wizard
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:34. 2008-01-15 19:36 <DIR> d -------- C: \ NoLopBackups
2008-01-15 19:01. 2008-01-15 19:01 <DIR> d -------- C: \ Programfiler \ Trend Micro
2008-01-15 16:32. 2008-01-15 16:32 <DIR> d -------- C: \ Programfiler \ WayBowsReal
2008-01-11 10:27. 2005-05-26 15:34 2.297.552 - en ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008-01-11 10:26. 2008-01-11 10:26 22.328 - en ------ C: \ Documents and Settings \ Richard \ Application Data \ PnkBstrK.sys
2008-01-11 10:25. 2008-01-11 10:25 319 - en ------ C: \ WINDOWS \ game.ini
2008-01-11 10:15. 2008-01-11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008-01-11 10:14. 2008-01-11 10:14 <DIR> d - hs ---- C: \ WINDOWS \ ftpcache
2008-01-11 00:29. 2008-01-11 00:29 54.608 - en ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008-01-05 21:00. 2008-01-05 21:00 <DIR> d - h ----- C: \ WINDOWS \ $ hf_mig $
2008-01-03 18:41. 2008-01-03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
2008-01-03 18:00. 2008-01-03 18:00 <DIR> d -------- C: \ Programfiler \ Messenger Plus! Leve
2008-01-03 18:00. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ WayBowsReal
2008-01-03 18:00. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat
2007-12-30 16:54. 2007-12-30 16:54 <DIR> d -------- C: \ Programfiler \ hviske Technology
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client 2.5 Setup Files
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SmartFTP
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Publish Providers
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Programfiler \ Vstplugins
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Programfiler \ Sony
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Programfiler \ Sony Setup
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony Setup
2007-12-29 23:30. 2008-01-15 17:00 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007-12-29 23:30. 2007-12-29 23:30 1.409 - en ------ C: \ WINDOWS \ QTFont.for
2007-12-29 15:45. 2007-12-29 15:45 <DIR> d -------- C: \ Programfiler \ FPS
2007-12-29 15:45. 2007-12-29 15:45 286.720 --------- C: \ WINDOWS \ Setup1.exe
2007-12-29 15:45. 2007-12-29 15:45 73.216 - en ------ C: \ WINDOWS \ ST6UNST.EXE
2007-12-29 12:08. 2004-08-03 23:10 10.880 - en ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007-12-29 12:08. 2004-08-03 23:10 10.880 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - en ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ SXS
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Programfiler \ Logitech
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ FotoWire
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ FotoWire
2007-12-29 12:03. 2007-12-29 12:03 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Logitech
2007-12-28 19:09. 2007-12-28 19:46 <DIR> d -------- C: \ Programfiler \ eMule
2007-12-28 17:29. 2007-12-28 17:29 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DivX
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Fraps
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2007-12-24 17:11. 2007-07-30 19:19 271.224 - en ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007-12-24 17:11. 2007-07-30 19:19 207.736 - en ------ C: \ WINDOWS \ system32 \ muweb.dll
2007-12-24 17:11. 2007-07-30 19:19 30.072 - en ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007-12-23 21:01. 2008-01-03 20:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ gtk-2,0
2007-12-23 21:01. 2007-12-23 21:01 <DIR> d -------- C: \ Documents and Settings \ Richard \. Miniatyrbilder
2007-12-23 21:00. 2007-12-23 21:00 <DIR> d -------- C: \ Programfiler \ GIMP-2,0
2007-12-23 21:00. 2008-01-03 20:54 <DIR> d -------- C: \ Documents and Settings \ Richard \. Gimp-2.4
2007-12-22 15:39. 2007-12-22 15:39 <DIR> d -------- C: \ Programfiler \ DNA
2007-12-22 15:39. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DNA
2007-12-22 15:39. 2007-12-28 19:40 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ BitTorrent
2007-12-22 15:22. 2007-12-22 15:22 <DIR> d -------- C: \ Program Files \ Audacity
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Programfiler \ MonkeyJam
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ MonkeyJam
2007-12-22 15:21. 2005-02-27 17:11 424.960 - en ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007-12-21 15:27. 2007-12-21 15:27 <DIR> d -------- C: \ Programfiler \ Microsoft Works
2007-12-21 15:27. 2006-10-26 19:56 32.592 - en ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007-12-21 15:26. 2007-12-21 15:26 <DIR> d -------- C: \ Programfiler \ MSBuild
2007-12-21 15:23. 2007-12-21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007-12-21 15:22. 2007-12-21 15:22 <DIR> dr-h ----- C: \ MSOCache
2007-12-21 15:22. 2007-12-21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Help
2007-12-19 19:56. 2007-12-28 13:01 <DIR> d -------- C: \ Programfiler \ DivX
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Programfiler \ Videolan
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ VLC
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ dvdcss
2007-12-15 23:36. 2007-12-22 15:29 <DIR> d -------- C: \ Programfiler \ Real
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ xing delt
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 19:36 --------- d ----- w C: \ Programfiler \ Xfire
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ AVG7
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-01-15 17:46 22.328 ---- aw C: \ WINDOWS \ system32 \ drivers \ PnkBstrK.sys
2008-01-15 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Xfire
2008-01-11 23:18 --------- d ----- w C: \ Programfiler \ SpeedFan
2008-01-11 22:26 5.615 ---- aw C: \ Programfiler \ install.log
2008-01-11 10:25 --------- d - h - w C: \ Programfiler \ InstallShield Installasjonsinformasjon
2007-12-22 15:26 --------- d ----- w C: \ Programfiler \ Fellesfiler \ InstallShield
2007-12-21 18:56 --------- d ----- w C: \ Programfiler \ Wolfenstein - Enemy Territory
2007-12-12 21:45 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Adobe
2007-12-12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007-12-12 21:31 --------- d ----- w C: \ Programfiler \ SystemRequirementsLab
2007-12-12 20:38 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Apple Computer
2007-12-12 20:32 --------- d ----- w C: \ Programfiler \ Windows Media Connect 2
2007-12-12 20:04 --------- d ----- w C: \ Programfiler \ QuickTime
2007-12-12 20:03 --------- d ----- w C: \ Programfiler \ Apple Software Update
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2007-12-10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ Xfire
2007-12-10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire
2007-12-10 18:58 --------- d ----- w C: \ Programfiler \ CCleaner
2007-12-10 18:02 --------- d ----- w C: \ Programfiler \ Java
2007-12-10 18:02 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ SystemRequirementsLab
2007-12-10 18:00 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Java
2007-12-10 17:54 --------- dcsh - w C: \ Programfiler \ Fellesfiler \ WindowsLiveInstaller
2007-12-10 17:54 --------- d ----- w C: \ Programfiler \ Windows Live
2007-12-10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2007-12-10 17:39 --------- d ----- w C: \ Programfiler \ RivaTuner v2.06
2007-12-08 22:50 12.464 ---- aw C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007-12-07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007-12-07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007-12-07 18:24 --------- d ----- w C: \ Programfiler \ AquaMark3
2007-12-07 17:45 --------- d ----- w C: \ Programfiler \ Realtek
2007-12-07 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ InstallShield
2007-12-07 17:44 4.716 ---- aw C: \ WINDOWS \ gdrv.sys
2007-12-07 17:43 --------- d ----- w C: \ Programfiler \ Intel
2007-12-07 17:42 --------- d ----- w C: \ Programfiler \ Yahoo!
2007-12-07 17:37 --------- d ----- w C: \ Programfiler \ Microsoft FrontPage
.

((((((((((((((((((((((((((((( Snapshot@2008-01-15_21.05.00.95 )))))))))) )))))))))))))))))))))))))))))))
.
- 2008-01-15 21:03:50 225.280 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000001 \ Ntuser.dat
+ 2008-01-15 22:03:02 225.280 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000001 \ Ntuser.dat
- 2008-01-15 21:03:50 8.192 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000002 \ UsrClass.dat
+ 2008-01-15 22:03:02 8.192 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000002 \ UsrClass.dat
- 2008-01-15 21:03:50 229.376 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000003 \ Ntuser.dat
+ 2008-01-15 22:03:02 229.376 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000003 \ Ntuser.dat
- 2008-01-15 21:03:50 8.192 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000004 \ UsrClass.dat
+ 2008-01-15 22:03:02 8.192 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000004 \ UsrClass.dat
- 2008-01-15 21:03:50 3.670.016 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000005 \ Ntuser.dat
+ 2008-01-15 22:03:02 3.670.016 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000005 \ Ntuser.dat
- 2008-01-15 21:03:50 208.896 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000006 \ UsrClass.dat
+ 2008-01-15 22:03:02 208.896 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000006 \ UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"BitTorrent DNA" = "C: \ Programfiler \ DNA \ btdna.exe" [2007-12-22 15:39 290112]
"curblicense" = "C: \ DOCUME ~ 1 \ Richard \ PROGRAMMER ~ 1 \ WAYBOW ~ 1 \ Nurb mer noun.exe" []
"SUPERAntiSpyware" = "C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task" = "C: \ Programfiler \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Programfiler \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Programfiler \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"Second bat kreative peak" = "C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ døde lite.exe" []

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Programfiler \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv; C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0); C: \ WINDOWS \ system32 \ drivers \ CamDrL2 1.sys [2004-02-14 04:09]

.
Innholdet i "Scheduled Tasks"-mappen
"2007-12-12 20:03:45 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Programfiler \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

CatchMe 0.3.1344 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:05:20
Windows 5.1.2600 Service Pack 2 NTFS

skanning skjulte prosesser ...

scanning hidden autostart entries ...

skanning skjulte filer ...

skanning er fullført
skjulte filer: 0

************************************************** ************************
.
Fullføringstidspunkt: 2008-01-15 22:06:11 - maskinen ble startet på nytt
ComboFix-karantene-files.txt 2008-01-15 22:06:09
ComboFix2.txt 2008-01-15 21:05:12
.
2008-01-05 21:00:15 --- EOF ---


Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 10:07:19 PM, on 1/15/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe
C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Programfiler \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ DNA \ btdna.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programfiler \ Logitech \ Video \ FxSvr2.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ Notepad.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Programfiler \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Programfiler \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Second balltre kreative topp] C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ døde lite.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Programfiler \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ PROGRAMMER ~ 1 \ WAYBOW ~ 1 \ Nurb mer noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra knappen: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra "Verktøy" MENUITEM: S & end til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Klassifikasjon) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Klassifikasjon) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
End of file - 6716 bytes

[evilfantasy]

Gå til Min datamaskin-> Verktøy-> Mappealternativer-> Vis kategori:

• Under Skjulte filer og mapper posisjon:
• Velg Vis skjulte filer og mapper.
• Fjern merkingen Skjul beskyttede operativsystemfiler (anbefales) alternativet.
• Også gjøre at det ikke er noe hakemerke ved siden Skjul filetternavn for kjente filtyper.
• Klikk OK

----------

Trykk CTRL + ALT + DEL for å få opp Process Monitor. Klikk kategorien Prosesser og drepe prosessene for

lite.exe <<Eller død Lite.exe
noun.exe <<Eller Nurb mer noun.exe

----------

Åpne HijackThis og velg Gjør et søk deretter plassere et merke ved siden av: (hvis det finnes)

O4 - HKLM \ .. \ Run: [Second balltre kreative topp] C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ døde lite.exe
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ PROGRAMMER ~ 1 \ WAYBOW ~ 1 \ Nurb mer noun.exe

Lukk alle vinduer unntatt HijackThis og klikk Fix kontrolleres

Avslutt Hijackthis.

----------

Åpne Min datamaskin på skrivebordet og locathe og slett disse filer. (hvis det finnes)

C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \døde lite.exe

C: \ DOCUME ~ 1 \ Richard \ PROGRAMMER ~ 1 \ WAYBOW ~ 1 \Nurb mer noun.exe

----------

Kjør F-Secure Online Scanner

Merk: Dette Scanner fungerer med Internet Explorer Only!

• Bla til nederst på siden og klikk Start scanning knappen. Et vindu vil komme opp.
• Tillater Active X-kontroll til å være installert på datamaskinen, deretter godkjenningsknappen
• Klikk Full System Scan og lar komponenter å laste ned og skanningen å fullføre.
• Hvis malware er funnet, sjekk Sende vareprøver til F-Secure velg deretter Automatisk rensing
• Når renhold har finitished Klikk Vis rapport (Dette åpner et Internet Explorer-vindu inneholder rapporten)
• Marker og Kopier (Ctrl + C) fullstendig rapport og Lim inn (Ctrl + V) i en ny svare på dette innlegget
  • Hvis Automatisk rensing med Innsendingshjelp prøvene henger, klikk Avbryt, Deretter Nye Scan
• Når renhold er presentert, Fjern merkingen Sende vareprøver til F-Secure
• Klikk Automatisk rensing
• Når renhold har finitished, klikk Vis rapport (dette vil åpne et Internet Explorer-vinduet inneholder rapporten)
• Marker og Kopier (Ctrl + C) fullstendig rapport og Lim inn (Ctrl + V) i en ny svare på dette innlegget
• Denne skanningen kan ta en stund, så vær tålmodig

----------

Neste innlegg legge
F-Secure logg
Ny Hijackthis logg