Virtumonde.dll, vundo her er min kapre log ...

mason61391 · #1 21. sep 2008, 20:09

som tittelen sier i hhave et virus, som jeg mener er virtumonde.dll som Ive blitt fortalt er en form for vundo. Jeg har vært haveing en treg datamaskin og det er mange popup-vinduer for anti virus og ristry renere ... og strangest thing, jeg kan ikke oppdatere noe på datamaskinen min ?????? vennligst om noen kunne fortelle meg hva jeg må gjøre .... takket heres min kapre logg

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 4:55:10 AM, on 9/22/2008
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
C: \ WINDOWS \ system32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ progra ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
C: \ Programfiler \ Fellesfiler \ McAfee \ MNA \ mcnasvc.exe
c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
C: \ Programfiler \ McAfee \ VirusScan \ McShield.exe
C: \ Programfiler \ McAfee \ MPF \ MPFSrv.exe
C: \ Programfiler \ SiteAdvisor \ 6261 \ SAService.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ Explorer.exe
c: \ progra ~ 1 \ mcafee.com \ agent \ mcagent.exe
C: \ WINDOWS \ stsystra.exe
C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ Programfiler \ SiteAdvisor \ 6261 \ SiteAdv.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ Programfiler \ Windows Defender \ MsMpEng.exe
C: \ Programfiler \ Windows Defender \ MSASCui.exe
C: \ WINDOWS \ system32 \ taskmgr.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ Skrivebord \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4351-9252-17FE6E806AA0) - C: \ Programfiler \ SiteAdvisor \ 6261 \ SiteAdv.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Programfiler \ Roxio \ Easy Media Creator 7 \ Dra til Disc \ DrgToDsc.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Programfiler \ SiteAdvisor \ 6261 \ SiteAdv.exe"
O4 - HKLM \ .. \ Run: [McENUI] C: \ progra ~ 1 \ McAfee \ MHN \ McENUI.exe / skjul
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Programfiler \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Programfiler \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ RunOnce: [SpybotDeletingA5528] kommando / c del "C: \ WINDOWS \ SchedLgU.Txt"
O4 - HKLM \ .. \ RunOnce: [SpybotDeletingC6845] cmd / c del "C: \ WINDOWS \ SchedLgU.Txt"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [LogitechSetup] D: \ Setup \ Setup.exe / start / start / l: enu
O4 - HKCU \ .. \ Run: [DelayShred] c: \ progra ~ 1 \ McAfee \ mshr \ ShrCL.EXE / P10 / q C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ LOCALS ~ 1 \ TEMPOR ~ 1 \ Content . IE5 \ 13H31947 \ KB4564 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ LOCALS ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ 3P4O3QQE \ KB6712 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ LOCALS ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ H9JXXVQS \ KB7678 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD9100 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD9500 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD8A94 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD4B54 ~ 1.SH!
O4 - HKCU \ .. \ RunOnce: [SpybotDeletingB6548] kommando / c del "C: \ WINDOWS \ SchedLgU.Txt"
O4 - HKCU \ .. \ RunOnce: [SpybotDeletingD1472] cmd / c del "C: \ WINDOWS \ SchedLgU.Txt"
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Programfiler \ Fellesfiler \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video-m Logitech-d 10.5. 1,2023 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Programfiler \ Fellesfiler \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video-m Logitech-d 10.5.1.2023 (User 'Default Brukeren ")
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 3 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra knappen: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ WINDOWS \ system32 \ shdocvw.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - (no file)
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ progra ~ 1 \ FELLES ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: avgrsstx.dll zlpxgp.dll
O23 - Service: ATI Hurtigtast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C: \ Programfiler \ Fellesfiler \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C: \ Programfiler \ Fellesfiler \ McAfee \ MNA \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C: \ Programfiler \ McAfee \ VirusScan \ McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C: \ Programfiler \ McAfee \ MPF \ MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C: \ Programfiler \ SiteAdvisor \ 6261 \ SAService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
--
End of file - 7660 bytes

**evilfantasy** · #2 21. sep 2008, 21:28

Laste ned Malwarebytes' Anti-Malware (MBAM)

Dobbeltklikk mbam-setup.exe og følger instruksjonene for å installere programmet.
Ved utgangen, må du passe på et merke plasseres ved siden av det følgende:
- Oppdater Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Deretter klikker du Fullfør.
Hvis en oppdatering er funnet, vil laste ned og installere den nyeste versjonen.
Når programmet er lastet, velger du Utføre rask skanning, Og klikk Scan.
Når skanningen er fullført, klikker du OK, Deretter Vis resultater å vise resultater.
Pass på at alt er sjekket, og klikk Fjern valgte.
Når desinfeksjon er ferdig, en logg åpnes i Notepad, og du kan bli bedt om å starte. (Se Extra Note)
Loggen lagres automatisk ved MBAM og kan vises ved å klikke Logger kategorien i MBAM.
Kopier og lim inn hele rapporten i neste svaret.

Ekstra Merk: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli presentert med 1 av 2 ledetekster, klikk OK for å enten og la MBAM fortsette med desinfeksjon prosessen, hvis du blir bedt om å starte datamaskinen på nytt, kan du gjøre det umiddelbart.

----------

Nå kjøre en ny HijackThis skanner og post loggen.

mason61391 · #3 22. sep 2008, 13:31

Aright Jeg kjørte som malwarebytes .. ting, og det tok seg opp denne

Malwarebytes' Anti-Malware 1.28
Database versjon: 1194
Windows 5.1.2600 Service Pack 3
9/22/2008 8:55:50 PM
mbam-log-2008-09-22 (20-55-50). txt
Scan type: Quick Scan
Objekter skannet: 53105
Tid brukt: 6 minutt (er), 1 sekund (er)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registernøkler Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 15
Memory Processes Infected:
(Ingen skadelige eks oppdaget)
Memory Modules Infected:
C: \ WINDOWS \ system32 \ ssqpmmNf.dll (Trojan.Vundo.H) -> Delete on reboot.
Registernøkler Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (7b1b1537-fcd3-4186-b5b8-e454c2fddb24) (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT \ CLSID \ (7b1b1537-fcd3-4186-b5b8-e454c2fddb24) (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT \ WR (Malware.Trace) -> karantene og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> karantene og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ dslcnnct (Trojan.Vundo) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ IProxyProvid er (Trojan.Vundo) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aoprndtws (Trojan.Vundo) -> karantene og slettet.
Registry Values Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ 7c0a0557 (Trojan.Vundo) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ bm7f3936cb (Trojan.Agent) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Notification Packages (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ ssqpmmnf -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Authentication Packages (Trojan.Vundo) -> Data: c: \ windows \ system32 \ ssqpmmnf -> Slett på omstart.
Folders Infected:
C: \ WINDOWS \ system32 \ kBin02 (Trojan.Agent) -> karantene og slettet.
Files Infected:
C: \ WINDOWS \ system32 \ ssqpmmNf.dll (Trojan.Vundo.H) -> Delete on reboot.
C: \ WINDOWS \ system32 \ fNmmpqss.ini (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ fNmmpqss.ini2 (Trojan.Vundo.H) -> karantene og slettet.
C: \ WINDOWS \ system32 \ qwtbatxb.dll (Trojan.Vundo) -> karantene og slettet.
C: \ WINDOWS \ system32 \ ysirza.dll (Trojan.Vundo) -> karantene og slettet.
C: \ WINDOWS \ system32 \ vfcortyh.dll (Trojan.Vundo) -> Delete on reboot.
C: \ Documents and Settings \ Administrator \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 7LVEI8GK \ upd105320 [1] (Trojan.Vundo) -> Delete on reboot.
C: \ Documents and Settings \ Administrator \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ TPEY0D0R \ nd82m0 [1] (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ mcrh.tmp (Malware.Trace) -> karantene og slettet.
C: \ WINDOWS \ cookies.ini (Malware.Trace) -> karantene og slettet.
C: \ WINDOWS \ system32 \ jyyubyyg.dll (Trojan.Agent) -> Delete on reboot.
C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> karantene og slettet.
C: \ WINDOWS \ pskt.ini (Trojan.Vundo) -> karantene og slettet.
C: \ WINDOWS \ BM7f3936cb.xml (Trojan.Vundo) -> karantene og slettet.
C: \ WINDOWS \ BM7f3936cb.txt (Trojan.Vundo) -> karantene og slettet.
*
*
*
Jeg kjørte den flere ganger etter det, og nå står det at det er ingenting smittet ....

Jeg bare kjørte kapre .. og dette er resultatet

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 10:26:25 PM, on 9/22/2008
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
C: \ WINDOWS \ system32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ progra ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
C: \ Programfiler \ Fellesfiler \ McAfee \ MNA \ mcnasvc.exe
c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
C: \ Programfiler \ McAfee \ VirusScan \ McShield.exe
C: \ Programfiler \ McAfee \ MPF \ MPFSrv.exe
C: \ Programfiler \ SiteAdvisor \ 6261 \ SAService.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ Explorer.exe
c: \ progra ~ 1 \ mcafee.com \ agent \ mcagent.exe
C: \ WINDOWS \ stsystra.exe
C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Programfiler \ Roxio \ Easy Media Creator 7 \ Dra til Disc \ DrgToDsc.exe
C: \ Programfiler \ SiteAdvisor \ 6261 \ SiteAdv.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ Programfiler \ Windows Defender \ MSASCui.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programfiler \ Skype \ Phone \ Skype.exe
C: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
C: \ Programfiler \ Skype \ Plugin Manager \ skypePM.exe
C: \ Programfiler \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Skrivebord \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - (04F27F39-1C1B-4A4F-8B5A-A531E364B7A6) - (no file)
O2 - BHO: (no name) - (089FD14D-132B-48FC-8861-0048AE113215) - C: \ Programfiler \ SiteAdvisor \ 6261 \ SiteAdv.dll
O2 - BHO: (no name) - (12637832-85DB-4C63-B9D6-12B3E50A52C9) - (no file)
O2 - BHO: (no name) - (2504b4df-fd95-47a5-b804-b047829925c0) - (no file)
O2 - BHO: (no name) - (41E299D0-5CFF-4705-A8AD-67B02579661C) - (no file)
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: (no name) - (C089CFFD-5CAA-4DA6-BC8B-39965E47AAF9) - (no file)
O2 - BHO: (no name) - (D7C82C77-9CF6-4513-826E-B9B7ACDC4DB9) - (no file)
O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4351-9252-17FE6E806AA0) - C: \ Programfiler \ SiteAdvisor \ 6261 \ SiteAdv.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Programfiler \ Roxio \ Easy Media Creator 7 \ Dra til Disc \ DrgToDsc.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Programfiler \ SiteAdvisor \ 6261 \ SiteAdv.exe"
O4 - HKLM \ .. \ Run: [McENUI] C: \ progra ~ 1 \ McAfee \ MHN \ McENUI.exe / skjul
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Programfiler \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Programfiler \ Windows Defender \ MSASCui.exe"-hide
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [LogitechSetup] D: \ Setup \ Setup.exe / start / start / l: enu
O4 - HKCU \ .. \ Run: [DelayShred] c: \ progra ~ 1 \ McAfee \ mshr \ ShrCL.EXE / P10 / q C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ LOCALS ~ 1 \ TEMPOR ~ 1 \ Content . IE5 \ 13H31947 \ KB4564 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ LOCALS ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ 3P4O3QQE \ KB6712 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ LOCALS ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ H9JXXVQS \ KB7678 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD9100 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD9500 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD8A94 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD4B54 ~ 1.SH!
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Programfiler \ Fellesfiler \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video-m Logitech-d 10.5. 1,2023 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Programfiler \ Fellesfiler \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video-m Logitech-d 10.5.1.2023 (User 'Default Brukeren ")
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 3 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra knappen: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ WINDOWS \ system32 \ shdocvw.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - (no file)
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ progra ~ 1 \ FELLES ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: avgrsstx.dll zlpxgp.dll fgdygo.dll
O20 - Winlogon Notify: awtuutTk - awtuutTk.dll (fil mangler)
O23 - Service: ATI Hurtigtast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C: \ Programfiler \ Fellesfiler \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C: \ Programfiler \ Fellesfiler \ McAfee \ MNA \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C: \ Programfiler \ McAfee \ VirusScan \ McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C: \ Programfiler \ McAfee \ MPF \ MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C: \ Programfiler \ SiteAdvisor \ 6261 \ SAService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
--
End of file - 8474 bytes
*
*
*
Jeg trenger virkelig å vite hva som skjer her jeg trenger dette laptop tilbake, takk ... Gi meg beskjed hvis det er noe jeg kan gjøre for å hjelpe ...

**evilfantasy** · #4 22. sep 2008, 16:47

Deaktiver Windows Defender

Vi trenger å deaktivere Windows Defender Sanntidsprisdata beskyttelse som det kan forstyrre feilrettingsfilene at vi må gjøre.

Åpen Windows Defender
Klikk på Verktøy, Generelle innstillinger
Bla ned og fjern Slå på sanntids beskyttelse (anbefales)
Når du fjerner dette ved å klikke på Lagre knappen og lukke Windows Defender.

Etter alle reparasjonene er fullført er det svært viktig at du aktiverer Sanntidsprisdata Protection igjen.

----------

Åpne HijackThis og velg Gjør et søk.

Sett et merke ved siden av følgende oppføringer: (hvis det)

O2 - BHO: (no name) - (04F27F39-1C1B-4A4F-8B5A-A531E364B7A6) - (no file)
O2 - BHO: (no name) - (12637832-85DB-4C63-B9D6-12B3E50A52C9) - (no file)
O2 - BHO: (no name) - (2504b4df-fd95-47a5-b804-b047829925c0) - (no file)
O2 - BHO: (no name) - (41E299D0-5CFF-4705-A8AD-67B02579661C) - (no file)
O2 - BHO: (no name) - (C089CFFD-5CAA-4DA6-BC8B-39965E47AAF9) - (no file)
O2 - BHO: (no name) - (D7C82C77-9CF6-4513-826E-B9B7ACDC4DB9) - (no file)
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - (no file)
O20 - AppInit_DLLs: avgrsstx.dll zlpxgp.dll fgdygo.dll
O20 - Winlogon Notify: awtuutTk - awtuutTk.dll (fil mangler)

Viktig: Lukk alle vinduer unntatt HijackThis og klikk Fix kontrolleres.

Avslutt HijackThis og starte datamaskinen på nytt for å registrere endringer som er gjort av HijackThis.

----------

Last ned ComboFix av ubåter fra én av de nedenfor koblinger. Pass på at toppen lagre det til Desktop.

Link # 1
Link # 2

** Merk: Det er viktig at det er lagret direkte til skrivebordet ditt

Lukk alle åpne weblesere. (Firefox, Internet Explorer, osv.) før du starter ComboFix.

Midlertidig deaktivere din antivirus, Og eventuelle antispyware sanntid beskyttelse før utføre en skanning. Klikk denne koblingen å se en liste over sikkerhetsprogrammer som skal være deaktivert og hvordan du deaktiverer dem. (McAfee kan ikke slås helt av. Bare kjøre ComboFix likevel, og at den skal kjøres om noe forsøker å blokkere den.)

Dobbeltklikk combofix.exe og følg instruksjonene.
Når du er ferdig ComboFix vil produsere en logg for deg.
Poste ComboFix logg og en ny HijackThis log i neste svaret.

Viktig: Ikke mouseclick ComboFix's vinduet mens den kjører. Det kan føre til stall.

Husk å aktivere din antivirus og antispyware beskyttelse når ComboFix er fullført.

mason61391 · #5 22. sep 2008, 19:14

ok jeg kjørte kombinasjonsboksen feilrettingsfilen, her er reslults ...

ComboFix 08-09-20.05 - Administrator 2008-09-23 4:07:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.526 [GMT 2:00]
Running from: C: \ Documents and Settings \ Administrator \ Skrivebord \ ComboFix.exe
* Opprettet et nytt gjenopprettingspunkt
ADVARSEL-Denne maskinen har ikke gjenopprettingskonsollen INSTALLERT!
.
((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ system32 \ djynmrpe.ini
C: \ WINDOWS \ system32 \ EMVwxyay.ini
C: \ WINDOWS \ system32 \ fxdehybr.ini
C: \ WINDOWS \ system32 \ hgillUtv.ini
C: \ WINDOWS \ system32 \ hwpdknag.ini
C: \ WINDOWS \ system32 \ hytrocfv.ini
C: \ WINDOWS \ system32 \ jrawajwy.ini
C: \ WINDOWS \ system32 \ kruvwslm.ini
C: \ WINDOWS \ system32 \ ljbuenel.ini
C: \ WINDOWS \ system32 \ mbpyegow.ini
C: \ WINDOWS \ system32 \ MSINET.oca
C: \ WINDOWS \ system32 \ oopfgjdw.ini
C: \ WINDOWS \ system32 \ oujogpou.ini
C: \ WINDOWS \ system32 \ ovbmvuhg.ini
C: \ WINDOWS \ system32 \ rmkrhevi.ini
C: \ WINDOWS \ system32 \ uhikvuhh.ini
C: \ WINDOWS \ system32 \ vpgysgqj.ini
.
((((((((((((((((((((((((( Files Created fra 2008-08-23 til 2008-09-23 ))))))))))) ))))))))))))))))))))
.
2008-09-23 01:06. 2008-09-23 01:06 <DIR> d -------- C: \ Programfiler \ DivX
2008-09-22 22:11. 2008-09-22 22:20 1.374 - en ------ C: \ WINDOWS \ imsins.BAK
2008-09-22 21:30. 2008-05-01 16:33 331.776 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ msadce.dll
2008-09-22 21:25. 2008-04-11 21:04 691.712 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Inetcomm.dll
2008-09-22 20:47. 2008-09-22 20:47 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-09-22 20:47. 2008-09-22 20:47 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008-09-22 20:47. 2008-09-10 00:04 38.528 - en ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-22 20:47. 2008-09-10 00:03 17.200 - en ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-22 04:54. 2008-09-22 20:47 <DIR> d -------- C: \ Desktop
2008-09-22 04:47. 2008-09-22 04:48 <DIR> d -------- C: \ Programfiler \ Windows Defender
2008-09-22 04:36. 2008-09-22 04:36 <DIR> d - h ----- C: \ WINDOWS \ system32 \ GroupPolicy
2008-09-22 02:58. 2008-09-22 02:58 268 - ah ----- C: \ sqmdata00.sqm
2008-09-22 00:30. 2008-09-22 00:30 <DIR> d -------- C: \ VundoFix sikkerhetskopier
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 23:08 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ LimeWire
2008-09-22 20:34 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Skype
2008-09-22 20:25 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ skypePM
2008-09-22 03:36 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-09-22 00:07 --------- d ----- w C: \ Programfiler \ McAfee
2008-08-14 04:47 --------- d ----- w C: \ Documents and Settings \ Gjest \ Programdata \ SiteAdvisor
2008-08-02 01:04 --------- d ----- w C: \ Programfiler \ Enigma Software Group
2008-07-30 03:57 876.883 - SHA-w C: \ WINDOWS \ system32 \ EMVwxyay.ini2
2008-07-30 03:49 --------- d ----- w C: \ Programfiler \ CCleaner
2008-07-30 03:05 --------- d ----- w C: \ Documents and Settings \ Gjest \ Programdata \ ATI
2008-07-29 03:35 --------- d ----- w C: \ Programfiler \ Fellesfiler \ LogiShrd
2008-07-27 03:46 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Roxio
2008-07-26 06:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ McAfee
2008-07-26 03:45 --------- d ----- w C: \ Programfiler \ Spybot - Search & Destroy
2008-07-25 08:36 524.288 ---- aw C: \ WINDOWS \ system32 \ DivXsm.exe
2008-07-24 18:28 --------- d ----- w C: \ Programfiler \ SiteAdvisor
2008-07-24 16:32 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ SiteAdvisor
2008-07-23 16:50 9.464 ------ w C: \ WINDOWS \ system32 \ drivers \ cdralw2k.sys
2008-07-23 16:50 9.336 ------ w C: \ WINDOWS \ system32 \ drivers \ cdr4_xp.sys
2008-07-23 16:50 43.528 ------ w C: \ WINDOWS \ system32 \ drivers \ PxHelp20.sys
2008-07-23 16:50 3.596.288 ---- aw C: \ WINDOWS \ system32 \ qt-dx331.dll
2008-07-23 16:50 129.784 ------ w C: \ WINDOWS \ system32 \ pxafs.dll
2008-07-23 16:50 120.056 ------ w C: \ WINDOWS \ system32 \ pxcpyi64.exe
2008-07-23 16:50 118.520 ------ w C: \ WINDOWS \ system32 \ pxinsi64.exe
2008-07-23 16:48 200.704 ---- aw C: \ WINDOWS \ system32 \ ssldivx.dll
2008-07-23 16:48 1.044.480 ---- aw C: \ WINDOWS \ system32 \ libdivx.dll
2008-07-23 16:46 12.288 ---- aw C: \ WINDOWS \ system32 \ DivXWMPExtType.dll
2008-07-21 13:33 890.828 - SHA-w C: \ WINDOWS \ system32 \ hgillUtv.ini2
2008-07-21 10:06 10.520 ---- aw C: \ WINDOWS \ system32 \ avgrsstx.dll
2008-07-18 20:10 94.920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll
2008-07-18 20:10 53.448 ---- aw C: \ WINDOWS \ system32 \ wuauclt.exe
2008-07-18 20:10 45.768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
2008-07-18 20:10 36.552 ---- aw C: \ WINDOWS \ system32 \ wups.dll
2008-07-18 20:09 563.912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll
2008-07-18 20:09 325.832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll
2008-07-18 20:09 205.000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll
2008-07-18 20:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ wuaueng.dll
2008-07-18 20:07 210.976 ---- aw C: \ WINDOWS \ system32 \ muweb.dll
2008-07-18 14:29 77 ---- aw C: \ Documents and Settings \ Administrator \ 2064.bat
2008-07-07 20:26 253.952 ---- aw C: \ WINDOWS \ system32 \ es.dll
2008-06-24 16:43 74.240 ---- aw C: \ WINDOWS \ system32 \ mscms.dll
2008-06-23 16:57 826.368 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"SynTPEnh" = "C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI" = "C: \ WINDOWS \ system32 \ WLTRAY.exe" [2007-03-16 1392640]
"StartCCC" = "C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateSched" = "C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ jusched.exe" [2008-03-25 144784]
"RoxioDragToDisc" = "C: \ Programfiler \ Roxio \ Easy Media Creator 7 \ Dra til Disc \ DrgToDsc.exe" [2004-01-27 1179648]
"QuickTime Task" = "C: \ Programfiler \ QuickTime \ QTTask.exe" [2008-05-27 413696]
"SiteAdvisor" = "C: \ Programfiler \ SiteAdvisor \ 6261 \ SiteAdv.exe" [2007-06-21 36640]
"McENUI" = "C: \ progra ~ 1 \ McAfee \ MHN \ McENUI.exe" [2007-11-30 1164576]
"mcagent_exe" = "C: \ Programfiler \ McAfee.com \ Agent \ mcagent.exe" [2007-11-01 582992]
"SigmatelSysTrayApp" = "stsystra.exe" [2006-02-10 C: \ WINDOWS \ stsystra.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce]
"WUAppSetup" = "C: \ Programfiler \ Fellesfiler \ logishrd \ WUApp32.exe" [2007-02-04 435736]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center]
"AntiVirusDisableNotify" = dword: 00000001
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ McAfeeAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ McAfeeFirewall]
"DisableMonitoring" = dword: 00000001
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ McAfee \ \ MNA \ \ McNASvc.exe" =
"C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" =
S1 AvgLdx86; AVG Free AVI Loader Driver x86; C: \ WINDOWS \ system32 \ drivers \ avgldx86.sys [2008-07-21 96520]
S4 avg8wd; AVG Free8 Watchdog; c: \ progra ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe []
* Newly Created Service * - CatchMe
* Newly Created Service * - PROCEXP90
.
Innholdet i "Scheduled Tasks"-mappen
.
- - - - Orphans fjernet - - - --
HKCU-Run-LogitechSetup - D: \ Setup \ Setup.exe

.
------- Tilleggsavtale Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \ aqi5r52b.default \
.
************************************************** ************************
CatchMe 0.3.1361 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 04:09:28
Windows 5.1.2600 Service Pack 3 NTFS
skanning skjulte prosesser ...
scanning hidden autostart entries ...
skanning skjulte filer ...
skanning er fullført
skjulte filer: 0
************************************************** ************************
.
Fullføringstidspunkt: 2008-09-23 4:10:26
ComboFix-karantene-files.txt 2008-09-23 02:10:23
Pre-Run: 62363549696 bytes gratis
Post-Run: 62437605376 bytes gratis
153 --- EOF --- 2008-09-22 20:32:15
*
*
*
*
Da jeg kjørte kapre dette igjen

*
*
Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 4:11:27 AM, on 9/23/2008
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
C: \ WINDOWS \ system32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ progra ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
C: \ Programfiler \ Fellesfiler \ McAfee \ MNA \ mcnasvc.exe
c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
C: \ Programfiler \ McAfee \ VirusScan \ McShield.exe
C: \ Programfiler \ McAfee \ MPF \ MPFSrv.exe
C: \ Programfiler \ SiteAdvisor \ 6261 \ SAService.exe
C: \ WINDOWS \ system32 \ Svchost.exe
c: \ progra ~ 1 \ mcafee.com \ agent \ mcagent.exe
C: \ WINDOWS \ stsystra.exe
C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Programfiler \ Roxio \ Easy Media Creator 7 \ Dra til Disc \ DrgToDsc.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ Programfiler \ SiteAdvisor \ 6261 \ SiteAdv.exe
C: \ Programfiler \ Windows Defender \ MSASCui.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
c: \ progra ~ 1 \ McAfee \ msc \ mcuimgr.exe
C: \ WINDOWS \ system32 \ imapi.exe
C: \ WINDOWS \ system32 \ Notepad.exe
C: \ WINDOWS \ explorer.exe
C: \ Skrivebord \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - (089FD14D-132B-48FC-8861-0048AE113215) - C: \ Programfiler \ SiteAdvisor \ 6261 \ SiteAdv.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4351-9252-17FE6E806AA0) - C: \ Programfiler \ SiteAdvisor \ 6261 \ SiteAdv.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programfiler \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Programfiler \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Programfiler \ Roxio \ Easy Media Creator 7 \ Dra til Disc \ DrgToDsc.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Programfiler \ SiteAdvisor \ 6261 \ SiteAdv.exe"
O4 - HKLM \ .. \ Run: [McENUI] C: \ progra ~ 1 \ McAfee \ MHN \ McENUI.exe / skjul
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Programfiler \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Programfiler \ Fellesfiler \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video-m Logitech-d 10.5. 1,2023 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Programfiler \ Fellesfiler \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video-m Logitech-d 10.5.1.2023 (User 'Default Brukeren ")
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 3 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra knappen: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ WINDOWS \ system32 \ shdocvw.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasse) -- http://update.microsoft.com/microsof...?1222115615015
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ progra ~ 1 \ FELLES ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: ATI Hurtigtast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C: \ Programfiler \ Fellesfiler \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C: \ Programfiler \ Fellesfiler \ McAfee \ MNA \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - c: \ progra ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c: \ progra ~ 1 \ FELLES ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C: \ Programfiler \ McAfee \ VirusScan \ McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C: \ Programfiler \ McAfee \ MPF \ MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C: \ Programfiler \ SiteAdvisor \ 6261 \ SAService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
--
End of file - 6865 bytes

.... ideer ennå?

**evilfantasy** · #6 22. sep 2008, 19:46

Alt ser bra nå. Hvilke problemer er du fortsatt har?

----------

Laste ned CCleaner Slim og lagre det til skrivebordet ditt.
Når filen er lagret, gå til skrivebordet og dobbeltklikk på ccsetupxxx_slim.exe
Følg instruksjonene for å installere programmet.
Fullfør installasjonen deretter:

Dobbeltklikk CCleaner snarvei på skrivebordet for å starte programmet.
Klikk på Valg blokken til venstre, velg deretter Cookies.
- Under Cookies til SlettMarkerer alle cookies du vil beholde permanent
- Klikk høyrepilen > å flytte dem til Cookies til å vinduet.
Gå inn Valg > Avansert unsjekk Bare slette filer i Windows Temp mapper eldre enn 48 timer
Klikk Cleaner til venstre, deretter Kjør Cleaner til høyre for å kjøre programmet.
Viktig: Kontroller at ALL webleservinduer er lukket før du velger Kjør Cleaner
Forsiktig: Det anbefales ikke at du bruker "Register"-funksjonen med mindre du er veldig kjent med registret.
Avslutt CCleaner etter at det har fullført sin prosess.

----------

Java er utdatert.

Eldre versjoner har sårbarheter som skadelige nettsteder kan bruke til å infisere maskinen.

Først installerer den nye Sun Java Runtime Environment

Husk å lukke alle webleservinduer før du begynner å installere.

Fjern den gamle versjonen (e)

Last ned JavaRa og pakke ut filen på skrivebordet.
Åpne JavaRA.exe og velge Fjern eldre versjoner
Når avkjørsel JavaRA og slette programmet.
Kjør CCleaner.

----------

Laste ned Deaktiver / Fjern Windows Messenger på skrivebordet for å fjerne Windows Messenger.

Må ikke forveksles Windows Messenger med MSN Messenger fordi de ikke er det samme. Windows Messenger er en hyppig årsak til popups.

Unzip filen på skrivebordet. Åpne MessengerDisable.exe og velg den nederste boksen -- Avinstallere Windows Messenger og klikk Søke.

Avslutt ut av MessengerDisable deretter slette to filer som ble satt på skrivebordet.

Lignende Tråder
Tråd	Tråd startet	Forum	Svar	Siste innlegg
Venner Pc infiserte - Vundo / Variant-RONads - Vundo/Variant-0216 og-309k	redden137	Virus, spionprogrammer og sikkerhet	3	28 april 2009 15:18
Nafamamo.dll Feil Windows/system32 og Virtumonde	Jacko2983	Virus, spionprogrammer og sikkerhet	30	19 april 2009 17:24
Jeg kan ikke bli kvitt TROJAN.VUNDO.H fra PCen	theprodigycmb	Virus, spionprogrammer og sikkerhet	13	16 mars 2009 16:40
Hjelp nødvendig med Trojan.vundo.h (virtumonde) + loggfiler og ss	Jasperbak nl	Virus, spionprogrammer og sikkerhet	32	22 januar 2009 05:48
Win32/adware.virtumonde - bigmaq Verktøylinje	delboy2028	Virus, spionprogrammer og sikkerhet	1	1 mai 2008 09:50