Fjerne iexplore.exe virus / kapre logg

**xalice15x** · #1 10th 2008 nov 18:14

Hei folkens,
Um. Hver gang jeg starter datamaskinen, iexplore.exe (I oppgaven krybbe) kommer opp alt av seg selv. Jeg trenger aldri å bruke Internet Explorer, jeg bruker Firefox. men dette kommer opp på egen hånd. Det er også med de fleste av mine minne. Jeg er også å få en milliard popups som jeg er villig til å satse er fra dette. når jeg avslutter prosessen det gjelder sikkerhetskopiere 3 eller 4 ganger, da det vanligvis går bort etter den 5. gang i slutten det. men dette er bare for rundt 5min deretter sin tilbake igjen. does noen vite hva som skjer? Jeg har kjørt skanninger med Ad-Aware, Norton, etc, men de har ikke funnet noe.
Ytterligere informasjon:
Jeg har Window's XP
& & Også det stemmer fcoming fra annonser. Jeg prøvde alt. Takk på forhånd ^ __ ^

Jeg slags ny på dette. Så erm. Kan noen fortelle meg hvordan du fjerner det? På en enkel-ish måte? = P

Logfile of HijackThis v1.99.1
Scan lagret 6:14:25 PM, on 11/10/2008
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ WINDOWS \ SYSTEM \ hpsysdrv.exe
C: \ Programfiler \ HP \ Digital Imaging \ utlasting \ hpqcmon.exe
C: \ WINDOWS \ system32 \ hphmon05.exe
C: \ HP \ KBD \ KBD.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ Programfiler \ Multimedia Card Reader \ shwicon2k.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe
C: \ progra ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Updates fra HP \ 137903 \ Programfiler \ BackWeb-137903.exe
C: \ Programfiler \ Symantec AntiVirus \ DefWatch.exe
C: \ Programfiler \ Photodex \ ProShowGold \ ScsiAccess.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Symantec AntiVirus \ Rtvscan.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ 0LFlxR4x.exe
C: \ Programfiler \ Lavasoft \ Ad-Aware SE Professional \ Ad-Aware.exe
C: \ progra ~ 1 \ WinZip \ winzip32.exe
C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ LOCALS ~ 1 \ Temp \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (3615EE58-6F38-47BA-9DD9-C99BD611C6A6) - C: \ WINDOWS \ system32 \ efcdbxx.dll (fil mangler)
O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (fil mangler)
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - c: \ progra ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (fil mangler)
O2 - BHO: (684a8728-dd11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (fil mangler)
O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - c: \ Program Files \ HP \ Digital Imaging \ bin \ hpdtlk02.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ WINDOWS \ SYSTEM \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CamMonitor] c: \ Program Files \ HP \ Digital Imaging \ utlasting \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [HPHUPD05] c: \ Program Files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ system32 \ hphmon05.exe
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [AutoTKit] C: \ hp \ bin \ AUTOTKIT.EXE
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe
O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Programfiler \ Multimedia Card Reader \ shwicon2k.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ progra ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Programfiler \ Fellesfiler \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Programfiler \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKLM \ .. \ RunOnce: [Index Washer] C: \ Programfiler \ Webroot \ Washer \ WashIdx.exe "Administrator"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Programfiler \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [Window Washer] C: \ Programfiler \ Webroot \ Washer \ wwDisp.exe
O4 - HKCU \ .. \ RunOnce: [Index Washer] C: \ Programfiler \ Webroot \ Washer \ WashIdx.exe "Administrator"
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: Quicken Planlagt Updates.lnk = C: \ Programfiler \ Quicken \ bagent.exe
O4 - Global Startup: Oppdateringer fra HP.lnk = C: \ Program Files \ Updates fra HP \ 137903 \ Programfiler \ BackWeb-137903.exe
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000
O9 - Extra knappen: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra "Verktøy" MENUITEM: S & end til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Extra knappen: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fil mangler)
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - c: \ progra ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.DLL
O18 - Protocol: ms-help - (314111C7-A502-11D2-BBCA-00C04F8EC294) - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Help \ hxds.dll
O18 - Filter kapre: text / xml - (807563E5-5146-11D5-A672-00B0D022E945) - c: \ progra ~ 1 \ FELLES ~ 1 \ micros ~ 1 \ Office12 \ MSOXMLMF.DL L
O20 - Winlogon Notify: dimsntfy -% SystemRoot% \ System32 \ dimsntfy.dll (fil mangler)
O20 - Winlogon Notify: efcdbxx - efcdbxx.dll (fil mangler)
O20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ system32 \ igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C: \ WINDOWS \ system32 \ NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C: \ Programfiler \ Fellesfiler \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: ATI Hurtigtast Poller - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Programfiler \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Programfiler \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C: \ Programfiler \ Photodex \ ProShowGold \ ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Programfiler \ Symantec AntiVirus \ Rtvscan.exe

**evilfantasy** · #2 10th 2008 nov 20:23

Velkommen til CJ.

Vennligst skriv ut disse instruksjonene som de vil være nødvendig senere når Internett-tilgang er ikke tilgjengelig.

Laste ned SDFix av AndyManchesta og lagre den på skrivebordet.

Når du bruker dette verktøyet, må du bruke Administrator konto eller en konto med Administrative rettigheter

Dobbeltklikk SDFix.exe og det vil pakke ut filene i% systemdrive%
(dette er den stasjonen som inneholder Windows-katalogen, vanligvis C: \ SDFix).
Ikke bruker den ennå.

Start datamaskinen i Sikkermodus bruker F8 metode. Du gjør dette ved å starte datamaskinen, og etter å ha hørt maskinen piper én gang under oppstart (men før Windows ikonet) trykker du F8-tasten gjentatte ganger. En meny vises med flere alternativer. Bruk piltastene til å navigere og velge alternativet for å kjøre Windows i "sikker modus".

Åpne SDFix mappe og dobbeltklikk RunThis.bat å starte skriptet.

Type Y å starte Cleanup prosessen.
Det vil fjerne enhver Trojan Services eller registeroppføringer finnes deretter be deg om å trykke en tast for å starte på nytt.
Trykk på en tast og den vil starte PC.
Når PC-en startes på nytt, det Fixtool vil kjøre igjen og fullføre fjerningen deretter vise Ferdig, Trykker på en tast for å avslutte skriptet og laste desktop ikoner.
Når skrivebordsikonene laste SDFix rapporten åpnes på skjermen, og også lagre i SDFix mappen som Report.txt.
Kopier og lim innholdet av resultatene fil Report.txt i neste svaret.

----------

Også installere den nye versjonen av HijackThis og post en ny logg fra den i Normal oppstart etter SDFix er fullført.

Laste ned TrendMicro HijackThis.exe (HJT) til skrivebordet.

Dobbeltklikk på HJTInstall.
Klikk på Installer knappen.
Det vil automatisk plass HJT i C: \ Programfiler \ TrendMicro \ HijackThis \ HijackThis.exe.
Ved å installere, HijackThis skal åpne for deg.
Klikk på Gjør et system skanne og lagre en loggfil knappen
HijackThis skanner og deretter en logg åpnes i notepad.
Kopier og lim alt innholdet i loggen i innlegget.
Ikke har HijackThis fikse noe ennå. Det meste av det de finner vil være harmløs eller nødvendig.

**xalice15x** · #3 11th Nov 2008, 08:55

SDFix Report

SDFix: Versjon 1.240
Kjør av Administrator på tirsdag 11.11.2008 til 08:39

Microsoft Windows XP [Versjon 5.1.2600]
Running Fra: C: \ SDFix

Checking Services :

Gjenopprette Standard Security Verdier
Gjenopprette Default Hosts File

Start

Checking Files :

Trojan Files Found:

C: \ Programfiler \ nvcoi \ mst.stt - Slettet

Mappen C: \ Programfiler \ nvcoi - Removed
Mappen C: \ Program Files \ Temporary - Removed
Mappen C: \ Temp \ sanR24 - Removed

Fjerne Temp Files

ADS Check :

Final Check :

CatchMe 0.3.1361.2 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 08:47:19
Windows 5.1.2600 Service Pack 3 NTFS

skanning skjulte prosesser ...

skanning skjulte tjenester & Systemstrukturen ...

scanning hidden registeroppføringene ...

skanning skjulte filer ...

skanning er fullført
skjulte prosesser: 0
skjulte tjenester: 0
skjulte filer: 0

Resterende Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ standard profil \ authorizedapplications \ listen]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systemet m32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"C: \ \ Program Files \ \ Updates fra HP \ \ 137903 \ \ Programfiler \ \ BackWeb-137903.exe" = "C: \ \ Program Files \ \ Updates fra HP \ \ 137903 \ \ Programfiler \ \ BackWeb-137903 . exe: *: Disabled: BackWeb-137903 "
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe: *: Enabled: Microsoft Office Outlook"
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE: *: Enabled: Microsoft Office Groove"
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE: *: Enabled: Microsoft Office OneNote"
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe: *: Enabled : AOL Loader "
"C: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "C: \ \ Program Files \ \ AIM6 \ \ aim6.exe: *: Enabled: AIM"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ listen]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ systemet m32 \ \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"

Resterende Filer :

Fil sikkerhetskopier: - C: \ SDFix \ backup \ backups.zip

Filer med skjulte attributter :

Onsdag 14 november 2007 204 A. SHR --- "C: \ BOOT.BAK"
Fredag 22 august 2008 635.848 A.SH. --- "C: \ Programfiler \ Internet Explorer \ iexplore.exe"
Tor 15 juli 2004 0 A.SH. --- "C: \ WINDOWS \ SMINST \ HPCD.SYS"
Tor 10 jan 2008 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Tor 10 jan 2008 401 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv19.bak"
Onsdag 29 oktober 2008 3.442 A.SH. --- "C: \ Documents and Settings \ All Users \ Dokumenter \ Innspilte TV \ TempRec \ TempSBE \ SBE3.tmp"

Ferdig!

------------------------------------------

HijackThis Logg

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 8:55:16 AM, on 11.11.2008
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Symantec AntiVirus \ DefWatch.exe
C: \ Programfiler \ Photodex \ ProShowGold \ ScsiAccess.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Symantec AntiVirus \ Rtvscan.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ WINDOWS \ SYSTEM \ hpsysdrv.exe
C: \ Programfiler \ HP \ Digital Imaging \ utlasting \ hpqcmon.exe
C: \ WINDOWS \ system32 \ hphmon05.exe
C: \ HP \ KBD \ KBD.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ Programfiler \ Multimedia Card Reader \ shwicon2k.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe
C: \ progra ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ Webroot \ Washer \ wwDisp.exe
C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Updates fra HP \ 137903 \ Programfiler \ BackWeb-137903.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ Notepad.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = ca: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (fil mangler)
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - c: \ progra ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (fil mangler)
O2 - BHO: (684a8728-dd11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (fil mangler)
O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - c: \ Program Files \ HP \ Digital Imaging \ bin \ hpdtlk02.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ WINDOWS \ SYSTEM \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CamMonitor] c: \ Program Files \ HP \ Digital Imaging \ utlasting \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [HPHUPD05] c: \ Program Files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ system32 \ hphmon05.exe
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [AutoTKit] C: \ hp \ bin \ AUTOTKIT.EXE
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe
O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Programfiler \ Multimedia Card Reader \ shwicon2k.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ progra ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Programfiler \ Fellesfiler \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Programfiler \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Programfiler \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [Window Washer] C: \ Programfiler \ Webroot \ Washer \ wwDisp.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AdobeUpdater] C: \ Programfiler \ Fellesfiler \ Adobe \ Updater5 \ AdobeUpdater.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AdobeUpdater] C: \ Programfiler \ Fellesfiler \ Adobe \ Updater5 \ AdobeUpdater.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: Quicken Planlagt Updates.lnk = C: \ Programfiler \ Quicken \ bagent.exe
O4 - Global Startup: Oppdateringer fra HP.lnk = C: \ Program Files \ Updates fra HP \ 137903 \ Programfiler \ BackWeb-137903.exe
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000
O9 - Extra knappen: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra "Verktøy" MENUITEM: S & end til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Extra knappen: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fil mangler)
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - c: \ progra ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C: \ Programfiler \ Fellesfiler \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: ATI Hurtigtast Poller - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Programfiler \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Programfiler \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C: \ Programfiler \ Photodex \ ProShowGold \ ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Programfiler \ Symantec AntiVirus \ Rtvscan.exe

--
End of file - 9268 bytes

**evilfantasy** · #4 11th Nov 2008, 11:07

Laste ned Deaktiver / Fjern Windows Messenger på skrivebordet for å fjerne Windows Messenger.

Må ikke forveksles Windows Messenger med MSN Messenger fordi de ikke er det samme. Windows Messenger er en hyppig årsak til popups.

Unzip filen på skrivebordet. Åpne MessengerDisable.exe og velg den nederste boksen -- Avinstallere Windows Messenger og klikk Søke.

Avslutt ut av MessengerDisable deretter slette to filer som ble satt på skrivebordet.

----------

Åpne HijackThis og velg Gjør et søk.

Sett et merke ved siden av følgende oppføringer: (hvis det)

- O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
- O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (fil mangler)
- O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (fil mangler)
- O2 - BHO: (684a8728-dd11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (fil mangler)
- O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE

Viktig: Lukk alle vinduer unntatt HijackThis og klikk Fix kontrolleres.

Avslutt HijackThis.

----------

Merk: nedenstående instruksjoner ble laget spesielt for denne brukeren. Hvis du ikke bruker, IKKE Følg disse skiltene fordi de kan ødelegge hjemkomsten til systemet

Gå til Start> Kjør og skriver Notepad.exe deretter OK

Kopier og lim inn nedenfor i Notepad og lagre som fixme.reg til ditt Desktop

Code:

REGEDIT4 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run] "AlcxMonitor" =-

Finn fixme.reg på skrivebordet og dobbeltklikk på den. Svar Ja når du blir bedt om å fusjonere med Registry.

Kontroller at du fortelle meg hvis du mottar en suksess beskjed om å legge det over til registret. Hvis du ikke blir en suksess melding, det fungerte ikke.

Slett fixme.reg fra Desktop.

----------

Last ned ComboFix av ubåter fra én av de nedenfor koblinger. Pass på at toppen lagre det til Desktop.

Link # 1
Link # 2

** Merk: Det er viktig at det er lagret direkte til skrivebordet ditt

Lukk alle åpne weblesere. (Firefox, Internet Explorer, osv.) før du starter ComboFix.

Midlertidig deaktivere din antivirus, Og eventuelle antispyware sanntid beskyttelse før utføre en skanning. Klikk denne koblingen å se en liste over sikkerhetsprogrammer som skal være deaktivert og hvordan du deaktiverer dem.

Dobbeltklikk combofix.exe og følg instruksjonene.

For Windows XP systemer installere gjenopprettingskonsollen:

- Hvis du bruker Windows XP og ikke allerede har gjenopprettingskonsollen er installert, må du sørge for Internett-tilkoblingen er aktiv (hvis mulig) og klikk Ja.
- Hvis for noe grunn din Internett fungerer ikke klikker Nei.
-- Hvis du ikke bruker Windows XP, vil du ikke bli bedt om.
- Når du blir bedt om å godta lisensavtalen klikk OK.
- Godta Microsofts EULA (Klikk Ja).
- Når du blir fortalt at RC er riktig installert klikk JA å fortsette scanning for malware.

Når du er ferdig ComboFix vil produsere en logg for deg.
Poste ComboFix logg i neste svaret.

Viktig: Ikke mouseclick ComboFix's vinduet mens den kjører. Det kan føre til stall.

Husk å aktivere din antivirus og antispyware beskyttelse når ComboFix er fullført.

Også la meg vite hvor datamaskinen kjører nå.

**xalice15x** · #5 11th Nov 2008, 11:55

ComboFix logg

ComboFix 08-11-10.01 - Administrator 2008-11-11 11:39:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.176 [GMT -7:00]
Running from: C: \ Documents and Settings \ Administrator \ Skrivebord \ ComboFix.exe
* Opprettet et nytt gjenopprettingspunkt
.

((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ Documents and Settings \ Administrator \ Mine dokumenter \ TSKS ~ 1
c: \ Programfiler \ Fellesfiler \ racle ~ 1
C: \ Program Files \ stem32 ~ 1
C: \ Program Files \ wnsxs ~ 1
c: \ windows \ BMf3ec611b.txt
c: \ windows \ system32 \0LFlxR4x.exe.a_a
c: \ windows \ system32 \ epljwqgq.ini
c: \ windows \ system32 \ fj8wNOvc.exe.a_a
c: \ windows \ system32 \ icidbcft.ini
c: \ windows \ system32 \ iDlo01
c: \ windows \ system32 \ jrjvfibu.ini
c: \ windows \ system32 \ jryeuaqx.ini
c: \ windows \ system32 \ mcrh.tmp
c: \ windows \ system32 \ MSINET.oca
c: \ windows \ system32 \ mvmqocpc.ini
c: \ windows \ system32 \ oqstv.ini
c: \ windows \ system32 \ oqstv.ini2
D: \ Autorun.inf

.
((((((((((((((((((((((((( Files Created fra 2008-10-11 til 2008-11-11 ))))))))))) ))))))))))))))))))))
.

2008-11-11 08:54. 2008-11-11 08:54 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-11-11 08:38. 2008-11-11 08:38 578.560 - a - c --- C: \ Windows \ system32 \ dllcache \ user32.dll
2008-11-11 08:29. 2008-11-11 08:29 <DIR> d -------- C: \ Windows \ ERUNT
2008-11-11 08:23. 2008-11-11 08:51 <DIR> d -------- C: \ SDFix
2008-11-02 09:12. 2008-11-10 14:10 41.474 - en ------ c: \ windows \ system32 \0LFlxR4x.exe_
2008-11-02 09:12. 2008-11-11 09:12 40.450 - en ------ c: \ windows \ system32 \0LFlxR4x.exe
2008-10-31 18:00. 2008-10-31 18:00 <DIR> d -------- C: \ Documents and settings \ NetworkService \ Application Data \ Yahoo!
2008-10-31 16:40. 2008-10-31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Yahoo!
2008-10-31 16:39. 2008-11-10 17:27 <DIR> d -------- C: \ Program Files \ Yahoo!
2008-10-29 17:23. 2008-10-29 17:23 <DIR> d -------- C: \ Windows \ system32 \ CatRoot_bak
2008-10-29 17:23. 2008-09-08 03:41 333.824 ----- c --- C: \ Windows \ system32 \ dllcache \ Srv.sys
2008-10-29 17:23. 2008-06-13 04:05 272.128 ----- c --- C: \ Windows \ system32 \ dllcache \ bthport.sys
2008-10-29 17:23. 2008-08-14 03:04 138.496 ----- c --- C: \ Windows \ system32 \ dllcache \ afd.sys
2008-10-29 17:22. 2008-08-14 03:11 2.189.184 ----- c --- C: \ Windows \ system32 \ dllcache \ ntoskrnl.exe
2008-10-29 17:22. 2008-08-14 03:09 2.145.280 ----- c --- C: \ Windows \ system32 \ dllcache \ ntkrnlmp.exe
2008-10-29 17:22. 2008-08-14 02:33 2.066.048 ----- c --- C: \ Windows \ system32 \ dllcache \ ntkrnlpa.exe
2008-10-29 17:22. 2008-08-14 02:33 2.023.936 ----- c --- C: \ Windows \ system32 \ dllcache \ ntkrpamp.exe
2008-10-29 17:22. 2008-09-15 05:12 1.846.400 ----- c --- C: \ Windows \ system32 \ dllcache \ Win32k.sys
2008-10-29 17:22. 2008-04-11 12:04 691.712 ----- c --- C: \ Windows \ system32 \ dllcache \ Inetcomm.dll
2008-10-29 17:22. 2008-05-08 07:02 203.136 ----- c --- C: \ Windows \ system32 \ dllcache \ rmcast.sys
2008-10-28 18:39. 2008-10-28 18:39 10 - en ------ C: \ Windows \ Wininit.ini
2008-10-23 14:45. 2008-10-15 09:34 337.408 ----- c --- C: \ Windows \ system32 \ dllcache \ Netapi32.dll
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ scripting
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ no
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ bits
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ l2schemas
2008-10-15 18:23. 2007-06-13 03:23 1.033.216 - en ------ C: \ Windows \ SET25A.tmp
2008-10-15 18:22. 2008-08-14 03:09 2.145.280 - en ------ c: \ windows \ system32 \ ntoskrnl.exe
2008-10-15 16:09. 2008-10-15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ motiv
2008-10-12 17:26. 2008-10-12 17:25 30.272 - en ------ c: \ windows \ system32 \ fj8wNOvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 18:38 --------- d ----- wc: \ Programfiler \ Symantec AntiVirus
2008-11-10 22:05 --------- d ----- wc: \ Programfiler \ DivX
2008-11-10 22:03 --------- d ----- wc: \ Programfiler \ Java
2008-11-10 01:37 --------- d ----- wc: \ Programfiler \ Microsoft Plus! Digital Media Edition
2008-11-10 01:35 --------- d ----- wc: \ Programfiler \ Microsoft Works
2008-11-08 02:37 90.112 ---- aw C: \ Windows \ DUMP3a98.tmp
2008-11-08 01:26 30 ---- aw C: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. Dat
2008-10-29 22:21 77.824 ---- aw C: \ Windows \ PCHealth \ helpctr \ leverandører \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ FDIWrapper.dll
2008-10-29 22:21 69.632 ---- aw C: \ Windows \ PCHealth \ helpctr \ leverandører \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ msxmlwrapper.dll
2008-10-29 22:21 5.632 ---- aw C: \ Windows \ PCHealth \ helpctr \ leverandører \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ GUI.dll
2008-10-29 22:21 49.152 ---- aw C: \ Windows \ PCHealth \ helpctr \ leverandører \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ PCHI18N.dll
2008-10-29 22:21 32.768 ---- aw C: \ Windows \ PCHealth \ helpctr \ leverandører \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ pchapi.dll
2008-10-29 22:21 26.572 ---- aw C: \ Windows \ PCHealth \ helpctr \ leverandører \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ INV16.dll
2008-10-29 22:21 213.089 ---- aw C: \ Windows \ PCHealth \ helpctr \ leverandører \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ motive.zip
2008-10-29 22:21 139.264 ---- aw C: \ Windows \ PCHealth \ helpctr \ leverandører \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ ContentUpdater.exe
2008-10-29 22:21 114.688 ---- aw C: \ Windows \ PCHealth \ helpctr \ leverandører \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ ZipLib.dll
2008-10-29 22:21 114.688 ---- aw C: \ Windows \ PCHealth \ helpctr \ leverandører \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ asst_ui.dll
2008-10-29 22:11 --------- d - h - wc: \ Programfiler \ InstallShield Installasjonsinformasjon
2008-10-29 22:11 --------- d ----- wc: \ Programfiler \ ATI Technologies
2008-10-25 01:16 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Flytt Networks
2008-10-16 22:05 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Viewpoint
2008-10-16 01:06 --------- d ----- wc: \ Programfiler \ Google
2008-09-28 22:59 --------- d ----- wc: \ Programfiler \ Fellesfiler \ AOL
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL OCP
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ acccore
2008-09-22 21:27 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-09-17 01:24 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Vso
2008-09-15 12:12 1.846.400 ---- aw C: \ Windows \ system32 \ Win32k.sys
2008-08-26 07:24 826.368 ---- aw C: \ Windows \ system32 \ Wininet.dll
2008-08-14 09:33 2.023.936 ---- aw C: \ Windows \ system32 \ ntkrnlpa.exe
2007-12-28 00:53 79.738 ---- aw C: \ Documents and settings \ Fonts \ broken_ghost.zip
2007-11-23 01:25 81.920 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ ezpinst.exe
2007-11-23 01:25 47.360 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-13 15360]
"Window Washer" = "C: \ Program Files \ Webroot \ Washer \ wwDisp.exe" [2005-03-08 910336]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ehTray" = "c: \ windows \ ehome \ ehtray.exe" [2004-08-04 50176]
"hpsysdrv" = "c: \ WINDOWS \ SYSTEM \ hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds" = "c: \ windows \ system32 \ hkcmd.exe" [2003-10-02 118784]
"CamMonitor" = "C: \ Program Files \ HP \ Digital Imaging \ utlasting \ hpqcmon.exe" [2002-10-07 90112]
"HPHmon05" = "c: \ windows \ system32 \ hphmon05.exe" [2003-05-23 483328]
"KBD" = "c: \ HP \ KBD \ KBD.EXE" [2003-02-11 61440]
"TkBellExe" = "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe" [2003-12-17 151597]
"Recguard" = "c: \ windows \ SMINST \ RECGUARD.EXE" [2002-09-13 212992]
"PS2" = "c: \ windows \ system32 \ ps2.exe" [2002-10-16 81920]
"Sunkist2k" = "c: \ Programfiler \ Multimedia Card Reader \ shwicon2k.exe" [2003-08-14 139264]
"ccApp" = "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe" [2005-06-02 48752]
"vptray" = "c: \ progra ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2005-06-23 85696]
"RemoteControl" = "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck" = "c: \ windows \ system32 \ NeroCheck.e XE" [2001-07-09 155648]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 39792]
"ATIModeChange" = "Ati2mdxx.exe" [2001-09-05 C: \ Windows \ system32 \ Ati2mdxx.exe]
"LTMSG" = "LTMSG.exe" [2003-07-14 C: \ Windows \ ltmsg.exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AdobeUpdater" = "C: \ Programfiler \ Fellesfiler \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007-03-01 2321600]

C: \ Documents and settings \ All Users \ Start-meny \ Programmer \ Startup
Adobe Gamma Loader.lnk - c: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2007-11-22 113664]
HP Digital Imaging Monitor.lnk - c: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"c: \ \ Program Files \ \ Updates fra HP \ \ 137903 \ \ Programfiler \ \ BackWeb-137903.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =

R2 CX88XBAR; Conexant 2388x Crossbar Dual Input; c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003-12-10 7040]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ D]
\ Shell \ AutoRun \ command - D: \ Info.exe Folder.htt 480 480

* Newly Created Service * - PROCEXP90
.
Innholdet i "Scheduled Tasks"-mappen

2008-10-30 C: \ Windows \ Tasks \ At1.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-11 C: \ Windows \ Tasks \ At10.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-02 C: \ Windows \ Tasks \ At100.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 C: \ Windows \ Tasks \ At101.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 C: \ Windows \ Tasks \ At102.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 C: \ Windows \ Tasks \ At103.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 C: \ Windows \ Tasks \ At104.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 C: \ Windows \ Tasks \ At105.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-11 C: \ Windows \ Tasks \ At106.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-11 C: \ Windows \ Tasks \ At107.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-09 C: \ Windows \ Tasks \ At108.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-09 C: \ Windows \ Tasks \ At109.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-11 C: \ Windows \ Tasks \ At11.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-09 C: \ Windows \ Tasks \ At110.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-10 C: \ Windows \ Tasks \ At111.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-10 C: \ Windows \ Tasks \ At112.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-06 C: \ Windows \ Tasks \ At113.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-09 C: \ Windows \ Tasks \ At114.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-11 C: \ Windows \ Tasks \ At115.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-11 C: \ Windows \ Tasks \ At116.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-09 C: \ Windows \ Tasks \ At117.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 C: \ Windows \ Tasks \ At118.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 C: \ Windows \ Tasks \ At119.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-09 C: \ Windows \ Tasks \ At12.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-02 C: \ Windows \ Tasks \ At120.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-09 C: \ Windows \ Tasks \ At13.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-09 C: \ Windows \ Tasks \ At14.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-10 C: \ Windows \ Tasks \ At15.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-10 C: \ Windows \ Tasks \ At16.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-06 C: \ Windows \ Tasks \ At17.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-09 C: \ Windows \ Tasks \ At18.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-11 C: \ Windows \ Tasks \ At19.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 C: \ Windows \ Tasks \ At2.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-11 C: \ Windows \ Tasks \ At20.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-09 C: \ Windows \ Tasks \ At21.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 C: \ Windows \ Tasks \ At22.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 C: \ Windows \ Tasks \ At23.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 C: \ Windows \ Tasks \ At24.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 C: \ Windows \ Tasks \ At3.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 C: \ Windows \ Tasks \ At4.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 C: \ Windows \ Tasks \ At5.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 C: \ Windows \ Tasks \ At6.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-31 C: \ Windows \ Tasks \ At7.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-10-30 C: \ Windows \ Tasks \ At8.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-01 C: \ Windows \ Tasks \ At9.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008-11-02 C: \ Windows \ Tasks \ At97.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 C: \ Windows \ Tasks \ At98.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008-11-02 C: \ Windows \ Tasks \ At99.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]
.
- - - - Orphans fjernet - - - --

HKCU-Run-swg - c: \ Programfiler \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
HKCU-Run-RecordNow! - (No file)
HKLM-Run-HPHUPD05 - c: \ Programfiler \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
HKLM-Run-AutoTKit - c: \ hp \ bin \ AUTOTKIT.EXE
HKLM-Run-UpdateManager - c: \ Programfiler \ Fellesfiler \ Sonic \ Update Manager \ sgtray.exe
HKLM-Run-ATIPTA - c: \ Programfiler \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe

.
------- Tilleggsavtale Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \0rews22y.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - om: blank
FF -: plugin - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \0rews22y.default \ Extensions \ moveplayer @ movenetworks. com \ plattform \ WINNT_x86-MSVC \ plugins \ npmnqmp07076007.dll
FF -: plugin - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ plugins \ npPxPlay.dll
FF -: plugin - C: \ Programfiler \ Mozilla Firefox \ plugins \ npmozax.dll
FF -: plugin - C: \ Programfiler \ Mozilla Firefox \ plugins \ npsnapfish.dll
FF -: plugin - C: \ Program Files \ Real \ RealOne Player \ Netscape6 \ nppl3260.dll
FF -: plugin - C: \ Program Files \ Real \ RealOne Player \ Netscape6 \ nprjplug.dll
FF -: plugin - C: \ Program Files \ Real \ RealOne Player \ Netscape6 \ nprpjplug.dll
.

************************************************** ************************

CatchMe 0.3.1367 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 11:44:13
Windows 5.1.2600 Service Pack 3 NTFS

skanning skjulte prosesser ...

scanning hidden autostart entries ...

skanning skjulte filer ...

************************************************** ************************
.
Fullføringstidspunkt: 2008-11-11 11:47:43
ComboFix-karantene-files.txt 2008-11-11 18:46:39

Pre-Run: 89004101632 bytes gratis
Post-Run: 89081098240 bytes gratis

272 --- EOF --- 2008-10-30 03:01:59

~ ~
Så langt iexplore.exe hasn't popped opp ^ _ ^
Er det likevel å sikre at det er den borte?
& & Er det ok hvis jeg sletter ting som jeg laste ned?

**evilfantasy** · #6 11th Nov 2008, 12:04

Vi vil vaske alt før vi er ferdig. Det er fortsatt mer å gjøre, men jeg har til å kjøre på en stund. Komme tilbake senere.

**xalice15x** · #7 11th Nov 2008, 12:19

Flere trinn? Jeg trodde vi var ferdig D:
Quick spørsmålet; Er noe av dette kommer til å påvirke programmer som er installert i datamaskinen?
Alrightie, jeg har til å gå en bit og XP

**xalice15x** · #8 11th Nov 2008, 13:07

iexplore.exe er her fortsatt, -;

**evilfantasy** · #9 11th Nov 2008, 16:28

Nei vi er ikke ferdig. Jeg skal gi alt klart når det er over

Merk: nedenstående instruksjoner ble laget spesielt for denne brukeren. Hvis du ikke bruker, IKKE Følg disse skiltene fordi de kan ødelegge hjemkomsten til systemet

Slett disse filer / mapper som følger:

1. Gå til Start > Løpe > Type Notepad.exe og klikk OK å åpne Notisblokk.
Det må være Notisblokk ikke Wordpad.
2. Kopier teksten i under kode boksen ved å markere all teksten og trykke Ctrl + C

Code:

3. Gå til Notisblokk-vinduet og klikk Rediger > Lim
4. Deretter klikker du Fil > Lagre
5. Navn filen CFScript.txt - Lagre filen på skrivebordet
6. Dra CFScript (hold venstre museknapp mens du dra filen) og slipp den (release venstre museknapp) i ComboFix.exe som du ser i skjermbildet nedenfor. Viktig: Utføre denne instruksjonen nøye!

ComboFix begynner å kjøre, bare følg instruksjonene.
Etter reboot (i tilfelle den ber om å reboot), vil det generere en loggfil for deg.
Innlegg som log (Combofix.txt) i neste svaret.

Merk: Ikke mouseclick ComboFix's vinduet mens den kjører. Som kan føre til systemet ditt til å fryse

**xalice15x** · #10 11th Nov 2008, 17:36

Ok ^ __ ^

Combofix Logg

ComboFix 08-11-10.01 - Administrator 2008-11-11 17:21:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.153 [GMT -7:00]
Running from: C: \ Documents and Settings \ Administrator \ Skrivebord \ ComboFix.exe
Command brytere brukes:: C: \ Documents and Settings \ Administrator \ Skrivebord \ CFScript.txt
* Opprettet et nytt gjenopprettingspunkt

FIL::
c: \ windows \ SET25A.tmp
c: \ windows \ system32 \0LFlxR4x.exe
c: \ windows \ system32 \0LFlxR4x.exe_
c: \ windows \ system32 \ fj8wNOvc.exe
c: \ windows \ Tasks \ At1.job
c: \ windows \ Tasks \ At10.job
c: \ windows \ Tasks \ At100.job
c: \ windows \ Tasks \ At101.job
c: \ windows \ Tasks \ At102.job
c: \ windows \ Tasks \ At103.job
c: \ windows \ Tasks \ At104.job
c: \ windows \ Tasks \ At105.job
c: \ windows \ Tasks \ At106.job
c: \ windows \ Tasks \ At107.job
c: \ windows \ Tasks \ At108.job
c: \ windows \ Tasks \ At109.job
c: \ windows \ Tasks \ At11.job
c: \ windows \ Tasks \ At110.job
c: \ windows \ Tasks \ At111.job
c: \ windows \ Tasks \ At112.job
c: \ windows \ Tasks \ At113.job
c: \ windows \ Tasks \ At114.job
c: \ windows \ Tasks \ At115.job
c: \ windows \ Tasks \ At116.job
c: \ windows \ Tasks \ At117.job
c: \ windows \ Tasks \ At118.job
c: \ windows \ Tasks \ At119.job
c: \ windows \ Tasks \ At12.job
c: \ windows \ Tasks \ At120.job
c: \ windows \ Tasks \ At13.job
c: \ windows \ Tasks \ At14.job
c: \ windows \ Tasks \ At15.job
c: \ windows \ Tasks \ At16.job
c: \ windows \ Tasks \ At17.job
c: \ windows \ Tasks \ At18.job
c: \ windows \ Tasks \ At19.job
c: \ windows \ Tasks \ At2.job
c: \ windows \ Tasks \ At20.job
c: \ windows \ Tasks \ At21.job
c: \ windows \ Tasks \ At22.job
c: \ windows \ Tasks \ At23.job
c: \ windows \ Tasks \ At24.job
c: \ windows \ Tasks \ At3.job
c: \ windows \ Tasks \ At4.job
c: \ windows \ Tasks \ At5.job
c: \ windows \ Tasks \ At6.job
c: \ windows \ Tasks \ At7.job
c: \ windows \ Tasks \ At8.job
c: \ windows \ Tasks \ At9.job
c: \ windows \ Tasks \ At97.job
c: \ windows \ Tasks \ At98.job
c: \ windows \ Tasks \ At99.job
.

((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ windows \ SET25A.tmp
c: \ windows \ system32 \0LFlxR4x.exe
c: \ windows \ system32 \0LFlxR4x.exe.a_a
c: \ windows \ system32 \ fj8wNOvc.exe
c: \ windows \ Tasks \ At1.job
c: \ windows \ Tasks \ At10.job
c: \ windows \ Tasks \ At100.job
c: \ windows \ Tasks \ At101.job
c: \ windows \ Tasks \ At102.job
c: \ windows \ Tasks \ At103.job
c: \ windows \ Tasks \ At104.job
c: \ windows \ Tasks \ At105.job
c: \ windows \ Tasks \ At106.job
c: \ windows \ Tasks \ At107.job
c: \ windows \ Tasks \ At108.job
c: \ windows \ Tasks \ At109.job
c: \ windows \ Tasks \ At11.job
c: \ windows \ Tasks \ At110.job
c: \ windows \ Tasks \ At111.job
c: \ windows \ Tasks \ At112.job
c: \ windows \ Tasks \ At113.job
c: \ windows \ Tasks \ At114.job
c: \ windows \ Tasks \ At115.job
c: \ windows \ Tasks \ At116.job
c: \ windows \ Tasks \ At117.job
c: \ windows \ Tasks \ At118.job
c: \ windows \ Tasks \ At119.job
c: \ windows \ Tasks \ At12.job
c: \ windows \ Tasks \ At120.job
c: \ windows \ Tasks \ At13.job
c: \ windows \ Tasks \ At14.job
c: \ windows \ Tasks \ At15.job
c: \ windows \ Tasks \ At16.job
c: \ windows \ Tasks \ At17.job
c: \ windows \ Tasks \ At18.job
c: \ windows \ Tasks \ At19.job
c: \ windows \ Tasks \ At2.job
c: \ windows \ Tasks \ At20.job
c: \ windows \ Tasks \ At21.job
c: \ windows \ Tasks \ At22.job
c: \ windows \ Tasks \ At23.job
c: \ windows \ Tasks \ At24.job
c: \ windows \ Tasks \ At3.job
c: \ windows \ Tasks \ At4.job
c: \ windows \ Tasks \ At5.job
c: \ windows \ Tasks \ At6.job
c: \ windows \ Tasks \ At7.job
c: \ windows \ Tasks \ At8.job
c: \ windows \ Tasks \ At9.job
c: \ windows \ Tasks \ At97.job
c: \ windows \ Tasks \ At98.job
c: \ windows \ Tasks \ At99.job

.
((((((((((((((((((((((((( Files Created fra 2008-10-12 til 2008-11-12 ))))))))))) ))))))))))))))))))))
.

2008-11-11 08:54. 2008-11-11 08:54 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-11-11 08:38. 2008-11-11 08:38 578.560 - a - c --- C: \ Windows \ system32 \ dllcache \ user32.dll
2008-11-11 08:29. 2008-11-11 08:29 <DIR> d -------- C: \ Windows \ ERUNT
2008-11-11 08:23. 2008-11-11 08:51 <DIR> d -------- C: \ SDFix
2008-10-31 18:00. 2008-10-31 18:00 <DIR> d -------- C: \ Documents and settings \ NetworkService \ Application Data \ Yahoo!
2008-10-31 16:40. 2008-10-31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Yahoo!
2008-10-31 16:39. 2008-11-10 17:27 <DIR> d -------- C: \ Program Files \ Yahoo!
2008-10-29 17:23. 2008-10-29 17:23 <DIR> d -------- C: \ Windows \ system32 \ CatRoot_bak
2008-10-29 17:23. 2008-09-08 03:41 333.824 ----- c --- C: \ Windows \ system32 \ dllcache \ Srv.sys
2008-10-29 17:23. 2008-06-13 04:05 272.128 ----- c --- C: \ Windows \ system32 \ dllcache \ bthport.sys
2008-10-29 17:23. 2008-08-14 03:04 138.496 ----- c --- C: \ Windows \ system32 \ dllcache \ afd.sys
2008-10-29 17:22. 2008-08-14 03:11 2.189.184 ----- c --- C: \ Windows \ system32 \ dllcache \ ntoskrnl.exe
2008-10-29 17:22. 2008-08-14 03:09 2.145.280 ----- c --- C: \ Windows \ system32 \ dllcache \ ntkrnlmp.exe
2008-10-29 17:22. 2008-08-14 02:33 2.066.048 ----- c --- C: \ Windows \ system32 \ dllcache \ ntkrnlpa.exe
2008-10-29 17:22. 2008-08-14 02:33 2.023.936 ----- c --- C: \ Windows \ system32 \ dllcache \ ntkrpamp.exe
2008-10-29 17:22. 2008-09-15 05:12 1.846.400 ----- c --- C: \ Windows \ system32 \ dllcache \ Win32k.sys
2008-10-29 17:22. 2008-04-11 12:04 691.712 ----- c --- C: \ Windows \ system32 \ dllcache \ Inetcomm.dll
2008-10-29 17:22. 2008-05-08 07:02 203.136 ----- c --- C: \ Windows \ system32 \ dllcache \ rmcast.sys
2008-10-28 18:39. 2008-10-28 18:39 10 - en ------ C: \ Windows \ Wininit.ini
2008-10-23 14:45. 2008-10-15 09:34 337.408 ----- c --- C: \ Windows \ system32 \ dllcache \ Netapi32.dll
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ scripting
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ no
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ bits
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ l2schemas
2008-10-15 18:23. 2006-09-23 14:12 1.022.976 - en ------ c: \ windows \ system32 \ SETA0B.tmp
2008-10-15 18:22. 2008-08-14 03:09 2.145.280 - en ------ c: \ windows \ system32 \ ntoskrnl.exe
2008-10-15 16:09. 2008-10-15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ motiv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 00:29 --------- d ----- wc: \ Programfiler \ Symantec AntiVirus
2008-11-10 22:05 --------- d ----- wc: \ Programfiler \ DivX
2008-11-10 22:03 --------- d ----- wc: \ Programfiler \ Java
2008-11-10 01:37 --------- d ----- wc: \ Programfiler \ Microsoft Plus! Digital Media Edition
2008-11-10 01:35 --------- d ----- wc: \ Programfiler \ Microsoft Works
2008-11-08 02:37 90.112 ---- aw C: \ Windows \ DUMP3a98.tmp
2008-11-08 01:26 30 ---- aw C: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. Dat
2008-10-29 22:11 --------- d - h - wc: \ Programfiler \ InstallShield Installasjonsinformasjon
2008-10-29 22:11 --------- d ----- wc: \ Programfiler \ ATI Technologies
2008-10-25 01:16 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Flytt Networks
2008-10-16 22:05 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Viewpoint
2008-10-16 01:06 --------- d ----- wc: \ Programfiler \ Google
2008-09-28 22:59 --------- d ----- wc: \ Programfiler \ Fellesfiler \ AOL
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL OCP
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ acccore
2008-09-22 21:27 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-09-17 01:24 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Vso
2007-12-28 00:53 79.738 ---- aw C: \ Documents and settings \ Fonts \ broken_ghost.zip
2007-11-23 01:25 81.920 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ ezpinst.exe
2007-11-23 01:25 47.360 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-13 15360]
"Window Washer" = "C: \ Program Files \ Webroot \ Washer \ wwDisp.exe" [2005-03-08 910336]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ehTray" = "c: \ windows \ ehome \ ehtray.exe" [2004-08-04 50176]
"hpsysdrv" = "c: \ WINDOWS \ SYSTEM \ hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds" = "c: \ windows \ system32 \ hkcmd.exe" [2003-10-02 118784]
"CamMonitor" = "C: \ Program Files \ HP \ Digital Imaging \ utlasting \ hpqcmon.exe" [2002-10-07 90112]
"HPHmon05" = "c: \ windows \ system32 \ hphmon05.exe" [2003-05-23 483328]
"KBD" = "c: \ HP \ KBD \ KBD.EXE" [2003-02-11 61440]
"TkBellExe" = "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe" [2003-12-17 151597]
"Recguard" = "c: \ windows \ SMINST \ RECGUARD.EXE" [2002-09-13 212992]
"PS2" = "c: \ windows \ system32 \ ps2.exe" [2002-10-16 81920]
"Sunkist2k" = "c: \ Programfiler \ Multimedia Card Reader \ shwicon2k.exe" [2003-08-14 139264]
"ccApp" = "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe" [2005-06-02 48752]
"vptray" = "c: \ progra ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2005-06-23 85696]
"RemoteControl" = "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck" = "c: \ windows \ system32 \ NeroCheck.e XE" [2001-07-09 155648]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 39792]
"ATIModeChange" = "Ati2mdxx.exe" [2001-09-05 C: \ Windows \ system32 \ Ati2mdxx.exe]
"LTMSG" = "LTMSG.exe" [2003-07-14 C: \ Windows \ ltmsg.exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AdobeUpdater" = "C: \ Programfiler \ Fellesfiler \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007-03-01 2321600]

C: \ Documents and settings \ All Users \ Start-meny \ Programmer \ Startup
Adobe Gamma Loader.lnk - c: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2007-11-22 113664]
HP Digital Imaging Monitor.lnk - c: \ Programfiler \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"c: \ \ Program Files \ \ Updates fra HP \ \ 137903 \ \ Programfiler \ \ BackWeb-137903.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =

R2 CX88XBAR; Conexant 2388x Crossbar Dual Input; c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003-12-10 7040]
.

************************************************** ************************

CatchMe 0.3.1367 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 17:26:59
Windows 5.1.2600 Service Pack 3 NTFS

skanning skjulte prosesser ...

scanning hidden autostart entries ...

skanning skjulte filer ...

skanning er fullført
skjulte filer: 0

************************************************** ************************
.
------------------------ Other Running Prosesser ----------------------- --
.
c: \ windows \ system32 \ ati2evxx.exe
c: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
c: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Photodex \ ProShowGold \ scsiaccess.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Updates fra HP \ 137903 \ Programfiler \ BackWeb-137903.exe
c: \ windows \ system32 \ hpzipm12.exe
.
************************************************** ************************
.
Fullføringstidspunkt: 2008-11-11 17:34:29 - maskinen ble startet på nytt
ComboFix-karantene-files.txt 2008-11-12 00:34:22
ComboFix2.txt 2008-11-11 18:47:44

Pre-Run: 89064681472 bytes gratis
Post-Run: 89055629312 bytes gratis

239 --- EOF --- 2008-10-30 03:01:59

Lignende Tråder
Tråd	Tråd startet	Forum	Svar	Siste innlegg
Re: iexplore.exe virus	mpenney	Virus, spionprogrammer og sikkerhet	6	3 nov 2008 14:11
Iexplore virus og noe mer?	rreiss	Virus, spionprogrammer og sikkerhet	1	19 oktober 2008 18:46
Iexplore.exe virus igjen!	davejess00	Virus, spionprogrammer og sikkerhet	18	13 oktober 2008 10:16
IEXPLORER.EXE virus pls anmeldelse kapre logg	nitingaur	Virus, spionprogrammer og sikkerhet	15	22. sep 2008 16:40
Iexplore.exe virus	kfarns00	Virus, spionprogrammer og sikkerhet	9	4 desember 2007 14:26