Virus eller er det noe annet rart jeg har fått? =S

J@9 · 4. september 2008

Hei.

Sliter litt med at det spretter opp virus varsler i tide og utide

Bruker Avira Antivir free edition.

Det er som regel samme filene som blir varslet hver gang, husker ikke helt hva det står på dem i farta.

Men den ene heter noe sånt som portal[1].htm

Har også et annet merkelig problem på maskinen..

Har flytta om litt på rommet mitt, og koblet derfor ifra pc'en..

Da sto den uten strøm i 1-2 dager (ikke at det skal ha noe å si men), og når jeg da slo den på igjen hadde jeg fått et nytt brukernavn.. dette brukernavet kalles: IUSER_Admin, og det er passord beskyttet, dette er ikke noe jeg selv har lagd, eller noe andre her.

Kjørte Ophcrack mot det, og fant ut at passordet er 1A2b3C4d eller noe sånt, prøvde å logge inn, men alt hang seg etter velkomst skjermen, og jeg fikk beskjed om at explorer.exe hadde utført en ulovlig handlig eller noe sånt, så det ble avsluttet, prøvde å starte xplorer.exe manuelt, men det samme skjedde da også.

Brukernavnet er satt opp som begrenset bruker.

Prøvde å slette brukernavnet, noe som gikk fint.. men det kom tilbake ved neste reboot.

Noen som har noen tips her?? eller burde jeg bare få lagt inn windows på nytt?

Tror muligens jeg fikk noe dritt ganske kjappt etter at jeg la inn windows sist (for noen mnd siden), for da begynte pc'en plutselig å spille av noe reklame (kun lyd, ikke noe bilde eller film), og mp3 filer kunne plutselig begynne å hakke som ei hakkete plate, lyden hoppet mellom 2 punkter, mens telleren bare fortsatte, og om jeg spolte frem eller tilbake ble det bra igjen, så dette var noe som plutselig bare skjedde, og filene var ikke ødelagt.

Kjører XP Pro SP3 med det meste av oppdateringer installert.

raWrz · 4. september 2008

innstaler Mbam og kjør en skann:) og gjør klar combofix og hijakthis som proffene vil ha logger av innen 2-3 min

Endret 4. september 2008 av Submit

J@9 · 5. september 2008

Hei igjen.. googlet problemet mitt med det nye brukernavnet, og det viste seg at det bare var å restarte i sikkermodus, kjøre "control userpasswords2" og slette det nye brukernavnet derifra.

Når jeg da restarta maskinen igjen så var det borte

Skal kjøre MBAM nå, også skal jeg skaffe disse andre 2 du nevnte!

Mener jeg har combofix ifra før, men alltids greit å laste ned på nytt, siden jeg kan ha en eldre versjon

Logger kommer snart!

J@9 · 5. september 2008

Mbam fant over 70 feil som ble fikset!

ComboFix Log:

ComboFix 08-09-04.08 - J@9 2008-09-05 12:19:03.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1044.18.566 [GMT 2:00]
Running from: C:\Documents and Settings\J@9\Skrivebord\Virus og anna dritt fjerning\ComboFix.exe
* Created a new restore point

[color="red"][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\J@9\Cookies\j@9@2o7[2].txt
C:\Documents and Settings\J@9\Cookies\j@[email protected][2].txt
C:\Documents and Settings\J@9\Cookies\j@9@clicktorrent[2].txt
C:\Documents and Settings\J@9\Cookies\j@[email protected][2].txt
C:\Documents and Settings\J@9\Cookies\j@9@serving-sys[1].txt
C:\Documents and Settings\J@9\Cookies\j@9@tradedoubler[1].txt
C:\WINDOWS\Install.txt
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\tmp0_465487328098.bk
C:\WINDOWS\system32\tmp0_517358689581.bk
C:\WINDOWS\system32\tmp0_82703459718.bk
C:\WINDOWS\system32\tpszxyd.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_AFISICX
-------\Legacy_MABIDWE
-------\Legacy_MACIDWE
-------\Legacy_NOXTCYR
-------\Legacy_NOYTCYR
-------\Legacy_PERFMONS
-------\Legacy_PERFS
-------\Legacy_ROUTING
-------\Legacy_ROXTCTM
-------\Legacy_ROYTCTM
-------\Legacy_SOBICYT
-------\Legacy_SOTPECA
-------\Legacy_SOXPECA
-------\Legacy_TDXDOWKC
-------\Legacy_TDYDOWKC
-------\Legacy_WSERVING
-------\Legacy_WSLDOEKD


(((((((((((((((((((((((((   Files Created from 2008-08-05 to 2008-09-05  )))))))))))))))))))))))))))))))
.

2008-09-05 10:51 . 2008-09-05 10:51	<DIR>	d--------	C:\Programfiler\Malwarebytes' Anti-Malware
2008-09-05 10:51 . 2008-09-05 10:51	<DIR>	d--------	C:\Documents and Settings\J@9\Programdata\Malwarebytes
2008-09-05 10:51 . 2008-09-05 10:51	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-09-05 10:51 . 2008-09-02 00:26	38,528	--a------	C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 10:51 . 2008-09-02 00:25	17,200	--a------	C:\WINDOWS\system32\drivers\mbam.sys
2008-09-05 01:17 . 2008-06-22 19:59	<DIR>	dr-------	C:\Documents and Settings\Administrator\Start-meny
2008-09-05 01:17 . 2008-06-22 19:59	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Skrivere
2008-09-05 01:17 . 2008-06-22 19:59	<DIR>	d--------	C:\Documents and Settings\Administrator\Skrivebord
2008-09-05 01:17 . 2008-06-22 19:59	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Siste
2008-09-05 01:17 . 2008-06-22 19:59	<DIR>	dr-h-----	C:\Documents and Settings\Administrator\Programdata
2008-09-05 01:17 . 2008-06-22 19:59	<DIR>	d--------	C:\Documents and Settings\Administrator\Mine dokumenter
2008-09-05 01:17 . 2008-06-22 18:05	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Maler
2008-09-05 01:17 . 2008-06-22 19:59	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Lokale innstillinger
2008-09-05 01:17 . 2008-06-22 19:59	<DIR>	d--------	C:\Documents and Settings\Administrator\Favoritter
2008-09-05 01:17 . 2008-06-22 19:59	<DIR>	d--h-----	C:\Documents and Settings\Administrator\AndrMask
2008-09-05 01:17 . 2008-09-05 01:17	<DIR>	d--------	C:\Documents and Settings\Administrator
2008-09-04 22:35 . 2008-09-04 23:05	8	--a------	C:\WINDOWS\system32\nvModes.dat
2008-09-04 22:28 . 2008-09-04 23:20	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\nView_Profiles
2008-09-04 16:16 . 2008-09-04 16:18	162,008	--a------	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-04 16:15 . 2008-09-04 16:18	111,928	--a------	C:\WINDOWS\system32\PnkBstrB.exe
2008-09-04 16:15 . 2008-09-04 16:15	66,872	--a------	C:\WINDOWS\system32\PnkBstrA.exe
2008-09-04 16:05 . 2008-09-04 16:05	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\LogiShrd
2008-09-04 16:03 . 2008-09-04 16:03	<DIR>	d--------	C:\Documents and Settings\J@9\Programdata\Logitech
2008-09-04 16:03 . 2008-09-04 16:03	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-09-04 16:03 . 2008-09-04 16:03	0	--ah-----	C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-09-04 16:02 . 2008-09-04 16:02	<DIR>	d--------	C:\Programfiler\Logitech
2008-09-04 16:02 . 2008-09-04 16:03	<DIR>	d--------	C:\Programfiler\Fellesfiler\Logishrd
2008-09-04 16:02 . 2008-09-04 16:02	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Logitech
2008-09-04 16:02 . 2008-05-02 02:38	301,656	--a------	C:\WINDOWS\system32\BtCoreIf.dll
2008-09-04 16:02 . 2008-05-02 02:39	170,512	--a------	C:\WINDOWS\system32\kemutb.dll
2008-09-04 16:02 . 2008-05-02 02:39	145,936	--a------	C:\WINDOWS\system32\KemUtil.dll
2008-09-04 16:02 . 2008-05-02 02:40	117,264	--a------	C:\WINDOWS\system32\KemWnd.dll
2008-09-04 16:02 . 2008-05-02 02:40	84,496	--a------	C:\WINDOWS\system32\KemXML.dll
2008-09-04 16:01 . 2008-09-04 23:20	<DIR>	d--------	C:\WINDOWS\nview
2008-09-04 16:01 . 2008-09-05 12:22	186,500	--a------	C:\WINDOWS\system32\nvapps.xml
2008-09-04 16:01 . 2008-05-16 14:01	18,070	--a------	C:\WINDOWS\system32\nvdisp.nvu
2008-08-30 11:26 . 2003-09-24 09:43	626,960	-ra------	C:\WINDOWS\system32\hpvaut32.dll
2008-08-30 11:26 . 2003-09-24 09:43	487,424	-ra------	C:\WINDOWS\system32\hpvcp70.dll
2008-08-30 11:26 . 2003-09-24 09:43	344,064	-ra------	C:\WINDOWS\system32\hpvcr70.dll
2008-08-30 11:26 . 2003-09-24 09:44	44,544	-ra------	C:\WINDOWS\system32\MSXML4a.dll
2008-08-29 13:51 . 2008-04-13 11:47	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-29 13:50 . 2008-08-29 13:50	<DIR>	d--------	C:\Programfiler\HP
2008-08-29 13:50 . 2008-08-29 13:50	<DIR>	d--------	C:\Programfiler\Hewlett-Packard
2008-08-29 13:48 . 2008-08-29 13:53	229,382	--a------	C:\WINDOWS\hpdj3600.his
2008-08-29 13:48 . 2008-08-29 13:53	10,503	--a------	C:\WINDOWS\hpdj3600.ini
2008-08-27 23:15 . 2008-08-27 23:15	<DIR>	d--------	C:\Programfiler\Microsoft CAPICOM 2.1.0.2
2008-08-26 22:37 . 2008-08-26 22:37	<DIR>	d--------	C:\Documents and Settings\J@9\Programdata\IsolatedStorage
2008-08-26 21:45 . 2008-08-26 22:35	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Symantec
2008-08-26 21:44 . 2008-08-26 21:45	<DIR>	d--------	C:\Programfiler\Symantec
2008-08-26 21:44 . 2008-08-26 21:45	<DIR>	d--------	C:\Programfiler\Fellesfiler\Symantec Shared
2008-08-22 16:47 . 2008-08-30 13:56	<DIR>	d--------	C:\Documents and Settings\J@9\.mania_drive
2008-08-18 00:20 . 2008-08-18 00:21	345,505,792	--a------	C:\Carputer XP.iso
2008-08-16 01:45 . 2008-08-16 01:45	<DIR>	d--------	C:\Programfiler\DirectX 9
2008-08-16 01:39 . 2008-08-16 01:39	<DIR>	d--------	C:\Documents and Settings\J@9\Programdata\InstallShield
2008-08-15 23:40 . 2008-04-13 11:46	51,200	--a------	C:\WINDOWS\system32\drivers\msdv.sys
2008-08-15 23:40 . 2008-04-13 11:46	51,200	--a--c---	C:\WINDOWS\system32\dllcache\msdv.sys
2008-08-15 23:40 . 2008-04-13 11:46	48,128	--a------	C:\WINDOWS\system32\drivers\61883.sys
2008-08-15 23:40 . 2008-04-13 11:46	48,128	--a--c---	C:\WINDOWS\system32\dllcache\61883.sys
2008-08-15 23:40 . 2008-04-13 11:46	38,912	--a------	C:\WINDOWS\system32\drivers\avc.sys
2008-08-15 23:40 . 2008-04-13 11:46	38,912	--a--c---	C:\WINDOWS\system32\dllcache\avc.sys
2008-08-15 16:20 . 2008-04-13 11:46	61,696	--a------	C:\WINDOWS\system32\drivers\ohci1394.sys
2008-08-15 16:20 . 2008-04-13 11:46	61,696	--a--c---	C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-08-15 16:20 . 2008-04-13 11:46	53,376	--a------	C:\WINDOWS\system32\drivers\1394bus.sys
2008-08-15 16:20 . 2008-04-13 11:46	53,376	--a--c---	C:\WINDOWS\system32\dllcache\1394bus.sys
2008-08-15 16:20 . 2001-08-17 21:46	6,400	--a------	C:\WINDOWS\system32\drivers\enum1394.sys
2008-08-15 16:20 . 2001-08-17 21:46	6,400	--a--c---	C:\WINDOWS\system32\dllcache\enum1394.sys
2008-08-14 10:33 . 2008-04-14 09:22	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2008-08-14 10:26 . 2008-08-14 10:26	<DIR>	d--h-----	C:\WINDOWS\system32\GroupPolicy
2008-08-13 20:40 . 2008-08-13 20:40	<DIR>	d--------	C:\Documents and Settings\J@9\Programdata\DivX
2008-08-13 16:04 . 2008-08-13 16:04	<DIR>	d--------	C:\Programfiler\proDAD
2008-08-13 16:04 . 2008-08-13 16:04	<DIR>	d--------	C:\Programfiler\LooksBuilderSE
2008-08-13 16:04 . 2008-08-13 16:04	<DIR>	d--------	C:\Documents and Settings\J@9\Programdata\proDAD
2008-08-13 16:04 . 2004-03-29 16:23	90,112	--a------	C:\WINDOWS\unvise32.exe
2008-08-13 16:03 . 2003-06-26 10:04	237,568	-ra------	C:\WINDOWS\system32\qtmlClient.dll
2008-08-13 16:03 . 2003-07-01 16:49	69,632	--a------	C:\WINDOWS\system32\MtxPreview.dll
2008-08-13 16:03 . 2003-07-01 16:49	49,152	--a------	C:\WINDOWS\system32\MtxParhBFXPreview.dll
2008-08-13 16:03 . 2003-01-20 09:08	49,152	--a------	C:\WINDOWS\system32\CvoAPI.dll
2008-08-13 16:03 . 2003-07-09 10:43	45,056	--a------	C:\WINDOWS\system32\BFXSrcFilter.ax
2008-08-13 16:03 . 2007-12-12 19:02	0	--a------	C:\WINDOWS\Graffiti5.2Pin.ini
2008-08-13 16:02 . 2008-08-13 16:03	<DIR>	d--------	C:\Programfiler\Boris FX, Inc
2008-08-13 16:00 . 2005-09-23 23:18	171,520	--a------	C:\WINDOWS\system32\drivers\MarvinBus.sys
2008-08-13 15:59 . 2008-08-13 15:59	<DIR>	d--------	C:\Programfiler\Fellesfiler\Pinnacle
2008-08-13 15:59 . 2008-08-13 15:59	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Pinnacle Studio Ultimate
2008-08-13 15:50 . 2008-08-13 16:01	<DIR>	d--------	C:\Programfiler\Pinnacle
2008-08-13 15:50 . 2008-08-13 15:50	<DIR>	d--------	C:\Programfiler\Fellesfiler\Yahoo!
2008-08-13 15:50 . 2008-08-13 15:50	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Studio 12
2008-08-13 15:50 . 2008-08-13 15:50	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Pinnacle Studio Plus
2008-08-13 15:46 . 2008-08-13 15:50	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Pinnacle
2008-08-13 13:55 . 2008-08-13 13:55	<DIR>	d--------	C:\Programfiler\Avira
2008-08-13 13:55 . 2008-08-13 13:55	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Avira
2008-08-11 23:32 . 2007-06-22 12:34	1,419,232	--a------	C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-08-11 23:32 . 2008-05-07 07:38	659,968	--a------	C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-11 23:32 . 2008-05-07 07:38	20,864	--a------	C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-11 23:32 . 2008-05-07 07:38	17,536	--a------	C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-11 23:32 . 2008-05-07 07:38	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-11 23:32 . 2008-06-06 09:24	8,064	--a------	C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 10:23	---------	d-----w	C:\Documents and Settings\J@9\Programdata\Hamachi
2008-09-04 20:29	---------	d-----w	C:\Documents and Settings\All Users\Programdata\PC Suite
2008-09-04 14:02	---------	d--h--w	C:\Programfiler\InstallShield Installation Information
2008-08-22 14:44	---------	d-----w	C:\Programfiler\nLite
2008-08-19 07:33	---------	d-----w	C:\Programfiler\Microsoft Silverlight
2008-08-18 20:53	---------	d-----w	C:\Documents and Settings\J@9\Programdata\Winamp
2008-08-14 08:36	---------	d-----w	C:\Documents and Settings\All Users\Programdata\Microsoft Help
2008-08-13 11:58	---------	d-----w	C:\Programfiler\ESET
2008-08-11 21:32	---------	d-----w	C:\Programfiler\Nokia
2008-08-11 21:21	---------	d-----w	C:\Programfiler\Fellesfiler\Nokia
2008-08-11 21:18	---------	d-----w	C:\Documents and Settings\All Users\Programdata\Installations
2008-07-18 20:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll
2008-07-18 20:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07	270,880	----a-w	C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07	210,976	----a-w	C:\WINDOWS\system32\muweb.dll
2008-07-17 20:01	---------	d-----w	C:\Programfiler\PowerISO
2008-07-11 17:14	---------	d-----w	C:\Programfiler\Java
2008-07-11 17:13	---------	d-----w	C:\Programfiler\Fellesfiler\Java
2008-07-08 20:06	---------	d-----w	C:\Programfiler\SignSIS-GUI
2008-07-08 19:23	---------	d-----w	C:\Programfiler\MSBuild
2008-07-08 19:18	---------	d-----w	C:\Programfiler\Reference Assemblies
2008-07-07 20:29	253,952	----a-w	C:\WINDOWS\system32\es.dll
2008-06-24 16:46	74,240	----a-w	C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-06-22 20:03	218,624	----a-w	C:\WINDOWS\system32\uxtheme.dll
2008-06-20 17:49	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll
2008-06-06 20:25	99,840	----a-w	C:\WINDOWS\system32\wmpshell.dll
2008-06-06 20:25	8,247,296	----a-w	C:\WINDOWS\system32\wmploc.dll
2008-06-06 20:25	603,648	----a-w	C:\WINDOWS\system32\wmspdmod.dll
2008-06-06 20:25	4,096	----a-w	C:\WINDOWS\system32\wmvdmoe2.dll
2008-06-06 20:25	4,096	----a-w	C:\WINDOWS\system32\wmvdmod.dll
2008-06-06 20:25	4,096	----a-w	C:\WINDOWS\system32\wmsdmoe2.dll
2008-06-06 20:25	4,096	----a-w	C:\WINDOWS\system32\wmsdmod.dll
2008-06-06 20:25	314,880	----a-w	C:\WINDOWS\system32\wmpdxm.dll
2008-06-06 20:25	242,688	----a-w	C:\WINDOWS\system32\wmpasf.dll
2008-06-06 20:25	1,329,152	----a-w	C:\WINDOWS\system32\wmspdmoe.dll
2008-06-06 20:22	992,256	----a-w	C:\WINDOWS\system32\syssetup.dll
2008-06-06 20:22	1,573,376	----a-w	C:\WINDOWS\system32\sfcfiles.dll
2008-06-06 20:21	26,112	----a-w	C:\WINDOWS\system32\idndl.dll
2008-06-06 20:21	24,576	----a-w	C:\WINDOWS\system32\nlsdl.dll
2008-06-06 20:21	23,552	----a-w	C:\WINDOWS\system32\normaliz.dll
2008-06-06 20:20	48,128	----a-w	C:\WINDOWS\system32\mshtmler.dll
2008-06-06 20:20	45,568	----a-w	C:\WINDOWS\system32\mshta.exe
2008-06-06 20:20	40,960	----a-w	C:\WINDOWS\system32\licmgr10.dll
2008-06-06 20:20	156,160	----a-w	C:\WINDOWS\system32\msls31.dll
2008-06-06 20:19	78,336	----a-w	C:\WINDOWS\system32\ieencode.dll
2008-06-06 20:19	55,296	----a-w	C:\WINDOWS\system32\iesetup.dll
2008-06-06 20:19	36,352	----a-w	C:\WINDOWS\system32\imgutil.dll
2008-06-06 20:18	17,408	----a-w	C:\WINDOWS\system32\corpol.dll
2008-06-06 20:17	71,680	----a-w	C:\WINDOWS\system32\admparse.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"StatBar"="C:\Programfiler\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MULTIMEDIA KEYBOARD"="C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-23 167936]
"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 36352]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Norton Ghost 9.0"="C:\Programfiler\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
"HP Component Manager"="C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 176128]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

C:\Documents and Settings\J@9\Start-meny\Programmer\Oppstart\
hamachi.lnk - C:\Programfiler\Hamachi\hamachi.exe [2008-06-23 625952]
Microsoft Office Outlook.lnk - C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE [2008-05-21 12844576]
Replicator.lnk - C:\Programfiler\Karen's Power Tools\Replicator\PTReplicator.exe [2007-03-29 980728]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-09-04 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= avnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"VIDC.YV12"= yv12vfw.dll
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Spill\\TrackMania United\\TmUnited.exe"=
"C:\\Programfiler\\TmUnitedForever\\TmForever.exe"=
"D:\\Programmer\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"D:\\Programmer\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"D:\\Programmer\\Pinnacle\\Studio 12\\Programs\\umi.exe"=

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 138780]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-29 46779]
R2 nhksrv;Netropa NHK Server;C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
S2 mshlpkd;Microsoft File Mapping Service;C:\WINDOWS\system32\mshlp.exe [2008-04-14 62464]
S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2003-09-19 759050]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27715fbe-6834-11dd-95b7-0016ec9bc405}]
\Shell\AutoRun\command - M:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a8cddad-5478-11dd-95ad-0016ec9bc405}]
\Shell\AutoRun\command - N:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://codecs.r8.org/
O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Åpne bilde i Microsoft Photo&Draw - C:\PROGRA~1\MICROS~2\Office\1044\phdintl.dll/phdContext.htm
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-09-05 12:22:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programfiler\Netropa\Multimedia Keyboard\Traymon.exe
C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programfiler\Netropa\Onscreen Display\osd.exe
C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe
C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2008-09-05 12:25:37 - machine was rebooted
ComboFix-quarantined-files.txt  2008-09-05 10:25:22

Pre-Run: 1,252,978,688 byte ledig
Post-Run: 2,152,955,904 byte ledig

317	--- E O F ---	2008-08-27 21:16:02

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:09, on 05.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programfiler\Winamp\winampa.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programfiler\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\DAEMON Tools Lite\daemon.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programfiler\Globe Software\StatBar\StatBar.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programfiler\Hamachi\hamachi.exe
C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Programfiler\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programfiler\Netropa\Onscreen Display\OSD.exe
C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe
C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\J@9\Skrivebord\Virus og anna dritt fjerning\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://codecs.r8.org/"]http://codecs.r8.org/[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programfiler\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programfiler\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [statBar] C:\Programfiler\Globe Software\StatBar\StatBar.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Microsoft Office Outlook.lnk = C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Replicator.lnk = C:\Programfiler\Karen's Power Tools\Replicator\PTReplicator.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office Outlook.lnk = C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE (User 'Default user')
O4 - .DEFAULT Startup: Replicator.lnk = C:\Programfiler\Karen's Power Tools\Replicator\PTReplicator.exe (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe
O4 - Startup: Microsoft Office Outlook.lnk = C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE
O4 - Startup: Replicator.lnk = C:\Programfiler\Karen's Power Tools\Replicator\PTReplicator.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Åpne bilde i Microsoft Photo&Draw - res://C:\PROGRA~1\MICROS~2\Office\1044\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [url="http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1215796475_f4822e579ba29ce85c8237642c6eaed3&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab"]http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab[/url]
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Microsoft File Mapping Service (mshlpkd) - Unknown owner - C:\WINDOWS\system32\mshlp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programfiler\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10264 bytes

Sånn, da får proffene ta over

PS, etter at jeg kjørte ComboFix så fikk jeg tilbake det derre IUSER_Admin brukernavnet

snippsat · 5. september 2008

Start->kjør->cmd

Skriv inn fet tekst

sc stop mshlpkd

sc delete mshlpkd

---

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

---

Ikke bruk både skjult tekst og codebox

Da ser det greit ut,bruk pcen litt og gi tilbakemelding.

Endret 5. september 2008 av SNIPPSAT

J@9 · 5. september 2008

Da er alt du sa gjort, fikk fiksa bortimot 220 feil i registeret.

Så nå gjenstår det bare å bruke maskina litt, også finne ut om dette nye brukernavnet fremdeles er her.. hvis det er her får jeg starte i sikkermodus og få fjerna det igjen.

Men, med det samme jeg har denne tråden her.. Sitter også med en bærbar her nå (ikke min, men fikk beskjed om å ta en titt på den).

La inn windows på den for et par mnd siden.. og nå er den veeeldig treg.. den har stått å kjørt MBAM (fullstendig scan, kun disk c) i 4 timer og 47 min.

Den har scannet 95 000 filer, og er ikke ferdig enda.

Gjorde det samme på min maskin, den scannet vel 60-70 000 filer på ca 15-20 min.

Noen forslag til hva problemene på den kan være? Og MBAM har ikke funnet noe feil enda.

Bør jeg prøve combofix, hijackthis (poste logger) og kjøre CCleaner på denne også?

snippsat · 5. september 2008

kun disk c) i 4 timer og 47 min.

Er det en eldere laptop kan hdd gå 4200rpm = treg.

Alle nyere hdd på stasjoner går på 7200rpm og oppover.

Du kan godt poste logger,så får du et sikkert svar.

Endret 5. september 2008 av SNIPPSAT

J@9 · 5. september 2008

Er nok ikke så gamle maskina.

Er en HP Pavilion dv8000 serie maskin.

Men her kommer ihvertfall noen logger, og uten codebox denne gangen

ComboFix:

ComboFix 08-09-04.09 - Eier 2008-09-05 19:12:00.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.565 [GMT 2:00]

Running from: C:\Documents and Settings\Eier\Skrivebord\Virus og anna drittfjerning\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Eier\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\WINDOWS\Downloaded Program Files\setup.inf

.

((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))

.

2008-09-05 12:39 . 2008-09-05 12:39 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-09-05 12:39 . 2008-09-05 12:39 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\Malwarebytes

2008-09-05 12:39 . 2008-09-05 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-09-05 12:39 . 2008-09-02 00:26 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-05 12:39 . 2008-09-02 00:25 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-30 21:47 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-30 21:42 . 2008-08-30 21:47 <DIR> d-------- C:\Programfiler\Java

2008-08-30 21:41 . 2008-08-30 21:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-08-30 19:48 . 2008-06-30 17:16 234,640 --a------ C:\WINDOWS\system32\drivers\afwcore.sys

2008-08-30 19:48 . 2007-10-25 19:17 49 --a------ C:\WINDOWS\transp.gif

2008-08-30 19:47 . 2008-06-04 17:36 1,072,722 --a------ C:\WINDOWS\system32\drivers\VBEngNT.sys

2008-08-30 19:47 . 2008-07-11 15:41 673,920 --a------ C:\WINDOWS\system32\drivers\SandBox.sys

2008-08-30 19:47 . 2008-06-30 17:16 30,864 --a------ C:\WINDOWS\system32\drivers\afw.sys

2008-08-30 19:45 . 2008-09-05 16:25 <DIR> d-------- C:\WINDOWS\system32\Filt

2008-08-30 19:45 . 2008-08-30 19:45 <DIR> d-------- C:\Programfiler\Agnitum

2008-08-30 19:44 . 2008-08-30 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Agnitum

2008-08-05 16:41 . 2008-08-05 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Fitn17

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-31 20:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-08-31 20:26 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-08-30 19:26 --------- d-----w C:\Programfiler\ESET

2008-08-27 07:14 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-08-27 06:04 --------- d-----w C:\Programfiler\Fitness Frenzy

2008-08-01 17:34 --------- d-----w C:\Documents and Settings\Eier\Programdata\LimeWire

2008-08-01 14:00 --------- d-----w C:\Programfiler\QuickTime

2008-07-31 18:56 --------- d-----w C:\Programfiler\Spa Mania

2008-07-24 10:01 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-07-18 18:38 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-07-13 13:34 --------- d-----w C:\Documents and Settings\Eier\Programdata\blg

2008-07-13 13:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\blg

2008-07-07 17:14 --------- d-----w C:\Documents and Settings\All Users\Programdata\PlayFirst

2008-06-20 05:55 0 ----a-w C:\Programfiler\temp01

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]

"NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"QlbCtrl.exe"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-01 344064]

"SynTPStart"="C:\Programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"fssui"="C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" [2007-12-17 243240]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-08-01 413696]

"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-08-17 983360]

"OutpostFeedBack"="C:\Programfiler\Agnitum\Outpost Antivirus Pro\feedback.exe" [2008-07-15 435520]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-05-12 581693]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

R1 SandBox;SandBox;C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-07-11 673920]

R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-08-17 397632]

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]

R2 fsssvc;Windows Live OneCare Tryggere for familien;C:\Programfiler\Windows Live\Tryggere for familien\fsssvc.exe [2007-12-17 523816]

R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2008-06-30 30864]

R3 afwcore;afwcore;C:\WINDOWS\system32\drivers\afwcore.sys [2008-06-30 234640]

R3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll [2008-07-11 33408]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]

R3 VBEngNT;VBEngNT;C:\WINDOWS\system32\DRIVERS\VBEngNT.sys [2008-06-04 1072722]

R3 VBFilt;VBFilt;C:\WINDOWS\system32\Filt\VBFilt.dll [2008-07-11 158816]

.

Contents of the 'Scheduled Tasks' folder

.

------- Supplementary Scan -------

.

O8 -: &Windows Live Search - C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 -: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-05 19:27:52

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

.

**************************************************************************

.

Completion time: 2008-09-05 19:37:44 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-05 17:36:36

Pre-Run: 57,366,220,800 byte ledig

Post-Run: 58,492,035,072 byte ledig

134 --- E O F --- 2008-08-31 20:43:14

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:39:07, on 05.09.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Eier\Skrivebord\Virus og anna drittfjerning\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programfiler\Windows Live\Tryggere for familien\fssbho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [fssui] "C:\Programfiler\Windows Live\Tryggere for familien\fssui.exe" -autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programfiler\Agnitum\Outpost Antivirus Pro\feedback.exe" /dump:os_startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212781538671

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--

End of file - 9557 bytes

snippsat · 5. september 2008

Set bra ut :thumbup:

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

Surf trygt.

Logg inn

Virus eller er det noe annet rart jeg har fått? =S

Anbefalte innlegg

J@9

Lenke til kommentar

Videoannonse

raWrz

Lenke til kommentar

J@9

Lenke til kommentar

J@9

Lenke til kommentar

snippsat

Lenke til kommentar

J@9

Lenke til kommentar

snippsat

Lenke til kommentar

J@9

Lenke til kommentar

snippsat

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Skal man selv avbryte sykemelding om man blir bedre under sykemelding? Selv om arbeidsgiver er grunnen 1 2 3 4

Elbil-tråden 1 2 3 4 1014

Hvem er aktive 0 medlemmer