HJT, MBAM & ComboFix logger!

[Gjest bruker-45896]

Jeg holdt på med noen mindre smarte ting, som dere kan se i loggene Men det funket, så hvis jeg bare får fjernet dette faenskapet så er nesten alt bra =)

 

Har vært oppe i 5-6 timer nå og stresset med AVG antivir, spybot, nod32 og disse tre:

 

HJT:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:45:05, on 27.10.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\ctfmon.exe

D:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe

J:\Prog\AVGANT~1\avgcc.exe

D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

D:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

J:\Prog\RocketDock\RocketDock.exe

D:\Programfiler\uTorrent\uTorrent.exe

D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

D:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

J:\Prog\AVGANT~1\avgamsvr.exe

J:\Prog\AVGANT~1\avgupsvc.exe

D:\Programfiler\Bonjour\mDNSResponder.exe

D:\WINDOWS\system32\svchost.exe

D:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - J:\Prog\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [sSBkgdUpdate] D:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [iMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [H2O] D:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "J:\Prog\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [AVG7_CC] J:\Prog\AVGANT~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] D:\WINDOWS\ASScrProlog.exe

O4 - HKLM\..\Run: [startCCC] "D:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RocketDock] "J:\Prog\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [uTorrent] "D:\Programfiler\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [MsnMsgr] "D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] J:\Prog\AVGANT~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Reset.lnk = D:\WINDOWS\repair\reset.bat

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Prog\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Prog\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe

O15 - Trusted Zone: *.line6.net

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: AODService - Unknown owner - D:\Programfiler\AMD\OverDrive\AODAssist (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk - D:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - J:\Prog\AVGANT~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - J:\Prog\AVGANT~1\avgupsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Programfiler\WinPcap\rpcapd.exe

 

--

End of file - 6830 bytes

 

 

 

ComboFix:

 

ComboFix 08-10-25.01 - ragz 2008-10-27 4:16:45.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2765 [GMT 1:00]

Running from: S:\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\WINDOWS\system32\msvcsv60.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ABEL

-------\Legacy_NPF

-------\Service_Abel

-------\Service_NPF

 

 

((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))

.

 

2008-10-27 04:07 . 2008-10-27 04:07 <DIR> d-------- D:\Programfiler\Malwarebytes' Anti-Malware

2008-10-27 04:07 . 2008-10-27 04:07 <DIR> d-------- D:\Documents and Settings\ragz\Programdata\Malwarebytes

2008-10-27 04:07 . 2008-10-27 04:07 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-10-27 04:07 . 2008-10-22 16:10 38,496 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-27 04:07 . 2008-10-22 16:10 15,504 --a------ D:\WINDOWS\system32\drivers\mbam.sys

2008-10-27 02:14 . 2008-10-27 02:14 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Office Genuine Advantage

2008-10-27 01:35 . 2008-10-27 02:00 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\AVG7

2008-10-27 00:45 . 2007-09-28 21:05 593,920 --------- D:\WINDOWS\system32\ati2sgag.exe

2008-10-27 00:19 . 2005-09-18 01:32 5,376 --a------ D:\WINDOWS\system32\antiwpa.dll21505

2008-10-25 02:20 . 2008-10-15 17:38 337,408 -----c--- D:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-20 15:59 . 2008-10-20 18:01 16 --a------ D:\WINDOWS\system32\w3data.vss

2008-10-20 15:59 . 2008-10-20 18:01 16 --a------ D:\WINDOWS\msocreg32.dat

2008-10-16 01:26 . 2008-09-15 16:29 1,846,400 -----c--- D:\WINDOWS\system32\dllcache\win32k.sys

2008-10-16 01:26 . 2008-09-08 11:41 333,824 -----c--- D:\WINDOWS\system32\dllcache\srv.sys

2008-10-16 01:25 . 2008-08-14 14:27 2,190,976 -----c--- D:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-16 01:25 . 2008-08-14 14:27 2,147,328 -----c--- D:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-16 01:25 . 2008-08-14 14:27 2,067,840 -----c--- D:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-16 01:25 . 2008-08-14 14:27 2,025,984 -----c--- D:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-06 15:59 . 2008-10-06 15:59 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Ahead

2008-09-28 16:44 . 2008-09-28 16:45 <DIR> d-------- D:\Documents and Settings\ragz\Programdata\SecondLife

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-27 03:13 --------- d-----w D:\Documents and Settings\ragz\Programdata\uTorrent

2008-10-27 01:25 --------- d-----w D:\Documents and Settings\ragz\Programdata\AVG7

2008-10-26 23:45 --------- d--h--w D:\Programfiler\InstallShield Installation Information

2008-10-26 22:11 --------- d-----w D:\Documents and Settings\ragz\Programdata\NoNameScript

2008-10-25 07:07 --------- d-----w D:\Programfiler\Windows Live

2008-10-25 07:07 --------- d-----w D:\Documents and Settings\All Users\Programdata\WLInstaller

2008-10-24 08:15 --------- d-----w D:\Documents and Settings\ragz\Programdata\Vidalia

2008-10-24 08:15 --------- d-----w D:\Documents and Settings\ragz\Programdata\tor

2008-10-16 00:17 --------- d-----w D:\Documents and Settings\ragz\Programdata\OpenOffice.org2

2008-10-10 02:31 --------- d---a-w D:\Documents and Settings\All Users\Programdata\TEMP

2008-10-10 02:17 --------- d-----w D:\Documents and Settings\ragz\Programdata\Publish Providers

2008-09-24 23:33 --------- d-----w D:\Documents and Settings\ragz\Programdata\dvdcss

2008-09-23 15:13 --------- d-----w D:\Programfiler\AMD

2008-09-23 14:58 --------- d-----w D:\Documents and Settings\ragz\Programdata\ATI

2008-09-23 14:56 --------- d-----w D:\Programfiler\ATI Technologies

2008-09-23 10:59 451,072 ----a-w D:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe

2008-09-23 10:59 --------- d-----w D:\Programfiler\Radeon Omega Drivers

2008-09-23 09:37 --------- d-----w D:\Documents and Settings\All Users\Programdata\ATI

2008-09-23 00:00 --------- d-----w D:\Programfiler\SystemRequirementsLab

2008-09-21 12:39 1,755 ----a-w D:\Documents and Settings\ragz\Programdata\SAS7_000.DAT

2008-09-08 20:28 --------- d-----w D:\Documents and Settings\ragz\Programdata\Spore

2008-09-08 10:41 333,824 ----a-w D:\WINDOWS\system32\drivers\srv.sys

2008-09-06 20:45 --------- d-----w D:\Documents and Settings\ragz\Programdata\HLSW

2008-08-29 03:31 --------- d-----w D:\Documents and Settings\ragz\Programdata\Wireshark

2008-08-29 02:22 --------- d-----w D:\Programfiler\WinPcap

2008-08-03 16:24 472,576 ----a-w D:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe

2008-05-14 15:15 22,328 ----a-w D:\Documents and Settings\ragz\Programdata\PnkBstrK.sys

.

 

------- Sigcheck -------

 

2007-11-16 18:50 501248 079da250a1c2fc9e6542f17f0308bd1c D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2008-04-14 08:23 506880 15ccfec060818dab936b8c5faeee21f9 D:\WINDOWS\ServicePackFiles\i386\winlogon.exe

2008-10-27 01:26 506880 d7d3e5cca5fadcce635d1d766c4e83ea D:\WINDOWS\system32\winlogon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"RocketDock"="J:\Prog\RocketDock\RocketDock.exe" [2007-09-02 495616]

"uTorrent"="D:\Programfiler\uTorrent\uTorrent.exe" [2008-10-09 270128]

"MsnMsgr"="D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-10-25 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SSBkgdUpdate"="D:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]

"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"H2O"="D:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]

"BootSkin Startup Jobs"="J:\Prog\BootSkin\BootSkin.exe" [2004-04-26 270336]

"AVG7_CC"="J:\Prog\AVGANT~1\avgcc.exe" [2008-10-18 590848]

"SunJavaUpdateSched"="D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"ASUS Camera ScreenSaver"="D:\WINDOWS\ASScrProlog.exe" [2008-06-04 37232]

"StartCCC"="D:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"Resume copy"="copyfstq.exe" [2007-09-21 D:\WINDOWS\copyfstq.exe]

"AtiPTA"="atiptaxx.exe" [2006-02-22 D:\WINDOWS\system32\atiptaxx.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

"AVG7_Run"="J:\Prog\AVGANT~1\avgw.exe" [2007-10-26 219136]

 

D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Reset.lnk - D:\WINDOWS\repair\reset.bat [2001-05-21 238]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"wave9"= Echo24Wrap.dll

"msacm.ac3filter"= ac3filter.acm

"msacm.divxa32"= divxa32.acm

"SENTINEL"= snti386.dll

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Jensen AirLink Utility.lnk]

path=D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Jensen AirLink Utility.lnk

backup=D:\WINDOWS\pss\Jensen AirLink Utility.lnkCommon Startup

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Privoxy.lnk]

path=D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Privoxy.lnk

backup=D:\WINDOWS\pss\Privoxy.lnkCommon Startup

 

[HKLM\~\startupfolder\D:^Documents and Settings^ragz^Start-meny^Programmer^Oppstart^Folding@Home 5.03.lnk]

path=D:\Documents and Settings\ragz\Start-meny\Programmer\Oppstart\Folding@Home 5.03.lnk

backup=D:\WINDOWS\pss\Folding@Home 5.03.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 D:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]

--a------ 2008-07-22 12:53 77824 D:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

-r------- 2007-11-17 01:20 91432 D:\Programfiler\Cyberlink\Shared files\brs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

--a------ 2007-09-06 14:08 136136 J:\Prog\DAEMON Tools Pro\DTProAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

--a------ 2006-09-10 22:56 218032 D:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--------- 2007-10-11 12:06 62760 J:\Prog\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 08:23 1695232 D:\Programfiler\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2008-10-25 08:23 5724184 D:\Programfiler\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 14:40 155648 D:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 09:50 413696 J:\Prog\Quicktime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2008-01-22 14:23 81920 J:\Prog\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

--a------ 2008-04-04 10:38 88584 D:\Programfiler\Logitech\Gaming Software\LWEMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 D:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

--a------ 2008-10-09 13:51 270128 D:\Programfiler\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]

--a------ 2008-08-18 02:20 3975358 J:\Prog\Vidalia Bundle\Vidalia\vidalia.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

-ra------ 2005-06-20 14:42 77824 D:\WINDOWS\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"XAMPP"=2 (0x2)

"RichVideo"=2 (0x2)

"PnkBstrA"=2 (0x2)

"mysql"=2 (0x2)

"Apache2.2"=2 (0x2)

"Abel"=2 (0x2)

"mi-raysat_3dsMax2008_32"=2 (0x2)

"idsvc"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"J:\\Prog\\AVG Antivir\\avginet.exe"=

"J:\\Prog\\AVG Antivir\\avgamsvr.exe"=

"J:\\Prog\\AVG Antivir\\avgcc.exe"=

"J:\\Prog\\Last.fm\\LastFM.exe"=

"D:\\Programfiler\\uTorrent\\uTorrent.exe"=

"J:\\Prog\\mIRC\\mirc.exe"=

"E:\\non steam\\hl.exe"=

"E:\\SWAT 4\\Content\\System\\Swat4.exe"=

"E:\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=

"E:\\Battlefield 2142\\BF2142.exe"=

"E:\\Battlefield 2\\BF2.exe"=

"E:\\Rise of Nations\\rise.exe"=

"L:\\Spill2\\Battlefield Vietnam\\BfVietnam.exe"=

"E:\\Steam\\steam.exe"=

"L:\\Spill2\\Stronghold Legends\\StrongholdLegends.exe"=

"J:\\Spill 3\\Stronghold 2\\Stronghold2.exe"=

"J:\\Prog\\utorrent leecher pack\\utorrent_mult10_leecher.exe"=

"J:\\Prog\\utorrent leecher pack\\utorrent_mult100_seeder.exe"=

"J:\\Prog\\utorrent leecher pack\\utorrent_mult100_leecher.exe"=

"J:\\Prog\\utorrent leecher pack\\utorrent_original.exe"=

"D:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"J:\\Spill 3\\Loki\\Loki.exe"=

"J:\\Spill 3\\Loki\\Autorun\\AutoRun.exe"=

"J:\\Prog\\Maya 2008\\bin\\maya.exe"=

"J:\\Movies\\Autodesk Backburner\\monitor.exe"=

"J:\\Movies\\Autodesk Backburner\\manager.exe"=

"J:\\Movies\\Autodesk Backburner\\server.exe"=

"J:\\Prog\\3D Studio Max 2008\\3dsmax.exe"=

"E:\\Halo-_-\\halo.exe"=

"E:\\Midtown Madness 2\\Midtown2.exe"=

"D:\\WINDOWS\\system32\\dplaysvr.exe"=

"E:\\Age of Mythology\\aom.exe"=

"J:\\Spill 3\\Unreal Tournament 2004\\System\\UT2004.exe"=

"J:\\Spill 3\\World of Warcraft\\Repair.exe"=

"D:\\WINDOWS\\system32\\PnkBstrA.exe"=

"D:\\WINDOWS\\system32\\PnkBstrB.exe"=

"E:\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"=

"J:\\Spill 3\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"E:\\Jedi Knight 3\\GameData\\jamp.exe"=

"J:\\Spill 3\\Americas Army\\System\\ArmyOps.exe"=

"D:\\WINDOWS\\system32\\java.exe"=

"J:\\Prog\\Firefox\\firefox.exe"=

"D:\\Programfiler\\rndware\\Windows Ident Server\\WinIdent.exe"=

"D:\\Programfiler\\rndware psyBNC Server\\psybnc.exe"=

"J:\\Prog\\PowerDVD\\PowerDVD.exe"=

"E:\\Steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe"=

"D:\\Programfiler\\DC++\\DCPlusPlus.exe"=

"E:\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"X:\\spill\\TmNationsForever\\TmForever.exe"=

"J:\\Prog\\Cubase SX 3\\Cubasesx3.exe"=

"X:\\spill\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"X:\\spill\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"X:\\spill\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"D:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:0\\spill\\Crysis\\Bin32\\Crysis.exe"=

"C:0\\spill\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"C:0\\spill\\LOTRO\\lotroclient.exe"=

"C:0\\spill\\Mass Effect\\Binaries\\MassEffect.exe"=

"C:0\\spill\\Mass Effect\\MassEffectLauncher.exe"=

"J:\\Spill 3\\COD 4\\iw3mp.exe"=

"J:\\Prog\\PowerDirector\\PowerDirector\\PDR.exe"=

"E:\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=

"J:\\Prog\\Joost\\xulrunner\\tvprunner.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"D:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;D:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-12 16640]

R1 Asapi;Asapi;D:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]

R1 mapledxp;mapledxp;D:\WINDOWS\system32\drivers\mapledxp.SYS [2004-04-05 24720]

R3 CLEDX;Team H2O CLEDX service;D:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]

S1 atitray;atitray;D:\Documents and Settings\ragz\Skrivebord\omegadriver\ATI Tray Tools\atitray.sys [ ]

S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};J:\Prog\PowerDVD\000.fcl [2008-01-30 12:28 41456]

S2 AODService;AODService;D:\Programfiler\AMD\OverDrive\AODAssist [ ]

S3 AtiHdmiService;ATI Function Driver for HDMI Service;D:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]

S3 echo24;Echo24 Service;D:\WINDOWS\system32\drivers\echo24.sys [2007-10-06 557056]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;D:\WINDOWS\system32\Drivers\KORGUMDS.SYS [ ]

S3 krdpdre;krdpdre;D:\DOCUME~1\ragz\LOKALE~1\Temp\krdpdre.sys [ ]

S3 L6PODLV;PODxt Live Service;D:\WINDOWS\system32\Drivers\L6PODLV.sys [2008-03-21 521088]

S3 RT80x86;Jensen Air:Link 83300 Driver;D:\WINDOWS\system32\DRIVERS\RT2860.sys [ ]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);D:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536]

S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360]

S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088]

S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);D:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624]

S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);D:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704]

S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;D:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432]

S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);D:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800]

S4 Apache2.2;Apache2.2;J:\webserver\xampp\apache\bin\apache.exe [2008-01-18 24635]

S4 XAMPP;XAMPP Service;J:\webserver\xampp\service.exe [2007-12-21 60928]

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-20 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- D:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

.

- - - - ORPHANS REMOVED - - - -

 

Notify-WgaLogon - (no file)

MSConfigStartUp-DAEMON Tools - J:\Prog\DAEMON Tools\daemon.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - D:\Documents and Settings\ragz\Programdata\Mozilla\Firefox\Profiles\87fxtqh2.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com/ncr

FF -: plugin - D:\Programfiler\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - J:\Prog\Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - J:\Prog\Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - J:\Prog\DivX\DivX Player\npDivxPlayerPlugin.dll

FF -: plugin - J:\Prog\Firefox\plugins\np_gp.dll

FF -: plugin - J:\Prog\Firefox\plugins\np32dsw.dll

FF -: plugin - J:\Prog\Firefox\plugins\npdivx32.dll

FF -: plugin - J:\Prog\Firefox\plugins\npDivxPlayerPlugin.dll

FF -: plugin - J:\Prog\Firefox\plugins\npJoostPlugin.dll

FF -: plugin - J:\Prog\Firefox\plugins\npLegitCheckPlugin.dll

FF -: plugin - J:\Prog\Firefox\plugins\npnul32.dll

FF -: plugin - J:\Prog\Firefox\plugins\nppdf32.dll

FF -: plugin - J:\Prog\Firefox\plugins\nppl3260.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin2.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin3.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin4.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin5.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin6.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin7.dll

FF -: plugin - J:\Prog\Firefox\plugins\nprpjplug.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin2.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin3.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin4.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin5.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin6.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin7.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-27 04:19:58

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AODService]

"ImagePath"="D:\Programfiler\AMD\OverDrive\AODAssist"

 

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\J:\Prog\PowerDVD\000.fcl"

.

------------------------ Other Running Processes ------------------------

.

D:\WINDOWS\system32\taskmgr.exe

.

**************************************************************************

.

Completion time: 2008-10-27 4:26:57 - machine was rebooted

ComboFix-quarantined-files.txt 2008-10-27 03:26:34

 

Pre-Run: 3 795 484 672 byte ledig

Post-Run: 3,769,012,224 byte ledig

 

318 --- E O F --- 2008-10-26 22:06:41

 

 

 

MBAM:

 

 

Malwarebytes' Anti-Malware 1.30

Database version: 1306

Windows 5.1.2600 Service Pack 3

 

27.10.2008 04:10:09

mbam-log-2008-10-27 (04-10-09).txt

 

Scan type: Quick Scan

Objects scanned: 49745

Time elapsed: 1 minute(s), 46 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

D:\WINDOWS\system32\antiwpa.dll (Malware.Tool) -> Delete on reboot.

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

D:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.

 

 

 

 

Tusen Takk!

[r2d290]

Last ned combofix, og legg det på SKRIVEBORDET. Kjør deretter combofix på nytt...

[Gjest bruker-45896]

hahaha, satan jeg suger på å følge guide... tenkte ikke det var så farlig

 

her er den nye ComboFix loggen :

 

 

ComboFix 08-10-25.01 - ragz 2008-10-27 8:16:08.3 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2743 [GMT 1:00]

Running from: D:\Documents and Settings\ragz\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))

.

 

2008-10-27 05:53 . 2008-10-27 05:53 <DIR> d-------- D:\WINDOWS\LastGood

2008-10-27 04:50 . 2008-10-27 05:56 <DIR> d-------- D:\Programfiler\NOD32 Antivirus

2008-10-27 04:50 . 2008-10-27 04:50 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\ESET

2008-10-27 04:28 . 2008-10-27 04:28 <DIR> d-------- D:\Programfiler\Trend Micro

2008-10-27 04:07 . 2008-10-27 04:07 <DIR> d-------- D:\Programfiler\Malwarebytes' Anti-Malware

2008-10-27 04:07 . 2008-10-27 04:07 <DIR> d-------- D:\Documents and Settings\ragz\Programdata\Malwarebytes

2008-10-27 04:07 . 2008-10-27 04:07 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-10-27 04:07 . 2008-10-22 16:10 38,496 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-27 04:07 . 2008-10-22 16:10 15,504 --a------ D:\WINDOWS\system32\drivers\mbam.sys

2008-10-27 02:14 . 2008-10-27 02:14 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Office Genuine Advantage

2008-10-27 01:35 . 2008-10-27 02:00 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\AVG7

2008-10-27 00:45 . 2007-09-28 21:05 593,920 --------- D:\WINDOWS\system32\ati2sgag.exe

2008-10-27 00:19 . 2005-09-18 01:32 5,376 --a------ D:\WINDOWS\system32\antiwpa.dll21505

2008-10-25 02:20 . 2008-10-15 17:38 337,408 -----c--- D:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-20 15:59 . 2008-10-20 18:01 16 --a------ D:\WINDOWS\system32\w3data.vss

2008-10-20 15:59 . 2008-10-20 18:01 16 --a------ D:\WINDOWS\msocreg32.dat

2008-10-16 01:26 . 2008-09-15 16:29 1,846,400 -----c--- D:\WINDOWS\system32\dllcache\win32k.sys

2008-10-16 01:26 . 2008-09-08 11:41 333,824 -----c--- D:\WINDOWS\system32\dllcache\srv.sys

2008-10-16 01:25 . 2008-08-14 14:27 2,190,976 -----c--- D:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-16 01:25 . 2008-08-14 14:27 2,147,328 -----c--- D:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-16 01:25 . 2008-08-14 14:27 2,067,840 -----c--- D:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-16 01:25 . 2008-08-14 14:27 2,025,984 -----c--- D:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-06 15:59 . 2008-10-06 15:59 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Ahead

2008-09-28 16:44 . 2008-09-28 16:45 <DIR> d-------- D:\Documents and Settings\ragz\Programdata\SecondLife

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-27 04:49 --------- d-----w D:\Documents and Settings\ragz\Programdata\uTorrent

2008-10-27 01:25 --------- d-----w D:\Documents and Settings\ragz\Programdata\AVG7

2008-10-27 00:26 506,880 ----a-w D:\WINDOWS\system32\winlogon.exe

2008-10-26 23:45 --------- d--h--w D:\Programfiler\InstallShield Installation Information

2008-10-26 22:11 --------- d-----w D:\Documents and Settings\ragz\Programdata\NoNameScript

2008-10-25 07:07 --------- d-----w D:\Programfiler\Windows Live

2008-10-25 07:07 --------- d-----w D:\Documents and Settings\All Users\Programdata\WLInstaller

2008-10-24 08:15 --------- d-----w D:\Documents and Settings\ragz\Programdata\Vidalia

2008-10-24 08:15 --------- d-----w D:\Documents and Settings\ragz\Programdata\tor

2008-10-16 00:17 --------- d-----w D:\Documents and Settings\ragz\Programdata\OpenOffice.org2

2008-10-10 02:31 --------- d---a-w D:\Documents and Settings\All Users\Programdata\TEMP

2008-10-10 02:17 --------- d-----w D:\Documents and Settings\ragz\Programdata\Publish Providers

2008-09-24 23:33 --------- d-----w D:\Documents and Settings\ragz\Programdata\dvdcss

2008-09-24 01:19 39,424 ----a-w D:\WINDOWS\system32\atiadlxx.dll

2008-09-23 15:13 --------- d-----w D:\Programfiler\AMD

2008-09-23 14:58 --------- d-----w D:\Documents and Settings\ragz\Programdata\ATI

2008-09-23 14:56 --------- d-----w D:\Programfiler\ATI Technologies

2008-09-23 10:59 451,072 ----a-w D:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe

2008-09-23 10:59 --------- d-----w D:\Programfiler\Radeon Omega Drivers

2008-09-23 09:37 --------- d-----w D:\Documents and Settings\All Users\Programdata\ATI

2008-09-23 00:00 --------- d-----w D:\Programfiler\SystemRequirementsLab

2008-09-21 12:39 1,755 ----a-w D:\Documents and Settings\ragz\Programdata\SAS7_000.DAT

2008-09-15 15:29 1,846,400 ----a-w D:\WINDOWS\system32\win32k.sys

2008-09-08 20:28 --------- d-----w D:\Documents and Settings\ragz\Programdata\Spore

2008-09-08 10:41 333,824 ----a-w D:\WINDOWS\system32\drivers\srv.sys

2008-09-06 20:45 --------- d-----w D:\Documents and Settings\ragz\Programdata\HLSW

2008-08-29 03:31 --------- d-----w D:\Documents and Settings\ragz\Programdata\Wireshark

2008-08-29 02:22 --------- d-----w D:\Programfiler\WinPcap

2008-08-14 13:27 2,147,328 ----a-w D:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:27 2,025,984 ----a-w D:\WINDOWS\system32\ntkrnlpa.exe

2008-08-03 16:24 472,576 ----a-w D:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe

2008-05-14 15:15 22,328 ----a-w D:\Documents and Settings\ragz\Programdata\PnkBstrK.sys

.

 

------- Sigcheck -------

 

2007-11-16 18:50 501248 079da250a1c2fc9e6542f17f0308bd1c D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2008-04-14 08:23 506880 15ccfec060818dab936b8c5faeee21f9 D:\WINDOWS\ServicePackFiles\i386\winlogon.exe

2008-10-27 01:26 506880 d7d3e5cca5fadcce635d1d766c4e83ea D:\WINDOWS\system32\winlogon.exe

.

((((((((((((((((((((((((((((( snapshot@2008-10-27_ 4.26.02.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-01 07:56:22 39,944 ----a-w D:\WINDOWS\LastGood\system32\DRIVERS\eamon.sys

+ 2008-07-01 07:57:14 53,256 ----a-w D:\WINDOWS\LastGood\system32\DRIVERS\easdrv.sys

+ 2008-07-01 08:04:40 34,312 ----a-w D:\WINDOWS\LastGood\system32\DRIVERS\epfwtdir.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"RocketDock"="J:\Prog\RocketDock\RocketDock.exe" [2007-09-02 495616]

"uTorrent"="D:\Programfiler\uTorrent\uTorrent.exe" [2008-10-09 270128]

"MsnMsgr"="D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-10-25 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SSBkgdUpdate"="D:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]

"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"H2O"="D:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]

"BootSkin Startup Jobs"="J:\Prog\BootSkin\BootSkin.exe" [2004-04-26 270336]

"AVG7_CC"="J:\Prog\AVGANT~1\avgcc.exe" [2008-10-18 590848]

"SunJavaUpdateSched"="D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"ASUS Camera ScreenSaver"="D:\WINDOWS\ASScrProlog.exe" [2008-06-04 37232]

"StartCCC"="D:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"Resume copy"="copyfstq.exe" [2007-09-21 D:\WINDOWS\copyfstq.exe]

"AtiPTA"="atiptaxx.exe" [2006-02-22 D:\WINDOWS\system32\atiptaxx.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

"AVG7_Run"="J:\Prog\AVGANT~1\avgw.exe" [2007-10-26 219136]

 

D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Reset.lnk - D:\WINDOWS\repair\reset.bat [2001-05-21 238]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"wave9"= Echo24Wrap.dll

"msacm.ac3filter"= ac3filter.acm

"msacm.divxa32"= divxa32.acm

"SENTINEL"= snti386.dll

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Jensen AirLink Utility.lnk]

path=D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Jensen AirLink Utility.lnk

backup=D:\WINDOWS\pss\Jensen AirLink Utility.lnkCommon Startup

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Privoxy.lnk]

path=D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Privoxy.lnk

backup=D:\WINDOWS\pss\Privoxy.lnkCommon Startup

 

[HKLM\~\startupfolder\D:^Documents and Settings^ragz^Start-meny^Programmer^Oppstart^Folding@Home 5.03.lnk]

path=D:\Documents and Settings\ragz\Start-meny\Programmer\Oppstart\Folding@Home 5.03.lnk

backup=D:\WINDOWS\pss\Folding@Home 5.03.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 D:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]

--a------ 2008-07-22 12:53 77824 D:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

-r------- 2007-11-17 01:20 91432 D:\Programfiler\Cyberlink\Shared files\brs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

--a------ 2007-09-06 14:08 136136 J:\Prog\DAEMON Tools Pro\DTProAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

--a------ 2006-09-10 22:56 218032 D:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--------- 2007-10-11 12:06 62760 J:\Prog\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 08:23 1695232 D:\Programfiler\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2008-10-25 08:23 5724184 D:\Programfiler\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 14:40 155648 D:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 09:50 413696 J:\Prog\Quicktime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2008-01-22 14:23 81920 J:\Prog\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

--a------ 2008-04-04 10:38 88584 D:\Programfiler\Logitech\Gaming Software\LWEMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 D:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

--a------ 2008-10-09 13:51 270128 D:\Programfiler\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]

--a------ 2008-08-18 02:20 3975358 J:\Prog\Vidalia Bundle\Vidalia\vidalia.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

-ra------ 2005-06-20 14:42 77824 D:\WINDOWS\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"XAMPP"=2 (0x2)

"RichVideo"=2 (0x2)

"PnkBstrA"=2 (0x2)

"mysql"=2 (0x2)

"Apache2.2"=2 (0x2)

"Abel"=2 (0x2)

"mi-raysat_3dsMax2008_32"=2 (0x2)

"idsvc"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"J:\\Prog\\AVG Antivir\\avginet.exe"=

"J:\\Prog\\AVG Antivir\\avgamsvr.exe"=

"J:\\Prog\\AVG Antivir\\avgcc.exe"=

"J:\\Prog\\Last.fm\\LastFM.exe"=

"D:\\Programfiler\\uTorrent\\uTorrent.exe"=

"J:\\Prog\\mIRC\\mirc.exe"=

"E:\\non steam\\hl.exe"=

"E:\\SWAT 4\\Content\\System\\Swat4.exe"=

"E:\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=

"E:\\Battlefield 2142\\BF2142.exe"=

"E:\\Battlefield 2\\BF2.exe"=

"E:\\Rise of Nations\\rise.exe"=

"L:\\Spill2\\Battlefield Vietnam\\BfVietnam.exe"=

"E:\\Steam\\steam.exe"=

"L:\\Spill2\\Stronghold Legends\\StrongholdLegends.exe"=

"J:\\Spill 3\\Stronghold 2\\Stronghold2.exe"=

"J:\\Prog\\utorrent leecher pack\\utorrent_mult10_leecher.exe"=

"J:\\Prog\\utorrent leecher pack\\utorrent_mult100_seeder.exe"=

"J:\\Prog\\utorrent leecher pack\\utorrent_mult100_leecher.exe"=

"J:\\Prog\\utorrent leecher pack\\utorrent_original.exe"=

"D:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"J:\\Spill 3\\Loki\\Loki.exe"=

"J:\\Spill 3\\Loki\\Autorun\\AutoRun.exe"=

"J:\\Prog\\Maya 2008\\bin\\maya.exe"=

"J:\\Movies\\Autodesk Backburner\\monitor.exe"=

"J:\\Movies\\Autodesk Backburner\\manager.exe"=

"J:\\Movies\\Autodesk Backburner\\server.exe"=

"J:\\Prog\\3D Studio Max 2008\\3dsmax.exe"=

"E:\\Halo-_-\\halo.exe"=

"E:\\Midtown Madness 2\\Midtown2.exe"=

"D:\\WINDOWS\\system32\\dplaysvr.exe"=

"E:\\Age of Mythology\\aom.exe"=

"J:\\Spill 3\\Unreal Tournament 2004\\System\\UT2004.exe"=

"J:\\Spill 3\\World of Warcraft\\Repair.exe"=

"D:\\WINDOWS\\system32\\PnkBstrA.exe"=

"D:\\WINDOWS\\system32\\PnkBstrB.exe"=

"E:\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"=

"J:\\Spill 3\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"E:\\Jedi Knight 3\\GameData\\jamp.exe"=

"J:\\Spill 3\\Americas Army\\System\\ArmyOps.exe"=

"D:\\WINDOWS\\system32\\java.exe"=

"J:\\Prog\\Firefox\\firefox.exe"=

"D:\\Programfiler\\rndware\\Windows Ident Server\\WinIdent.exe"=

"D:\\Programfiler\\rndware psyBNC Server\\psybnc.exe"=

"J:\\Prog\\PowerDVD\\PowerDVD.exe"=

"E:\\Steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe"=

"D:\\Programfiler\\DC++\\DCPlusPlus.exe"=

"E:\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"X:\\spill\\TmNationsForever\\TmForever.exe"=

"J:\\Prog\\Cubase SX 3\\Cubasesx3.exe"=

"X:\\spill\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"X:\\spill\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"X:\\spill\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"D:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:0\\spill\\Crysis\\Bin32\\Crysis.exe"=

"C:0\\spill\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"C:0\\spill\\LOTRO\\lotroclient.exe"=

"C:0\\spill\\Mass Effect\\Binaries\\MassEffect.exe"=

"C:0\\spill\\Mass Effect\\MassEffectLauncher.exe"=

"J:\\Spill 3\\COD 4\\iw3mp.exe"=

"J:\\Prog\\PowerDirector\\PowerDirector\\PDR.exe"=

"E:\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=

"J:\\Prog\\Joost\\xulrunner\\tvprunner.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"D:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;D:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-12 16640]

R1 Asapi;Asapi;D:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]

R1 mapledxp;mapledxp;D:\WINDOWS\system32\drivers\mapledxp.SYS [2004-04-05 24720]

R3 CLEDX;Team H2O CLEDX service;D:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]

S1 atitray;atitray;D:\Documents and Settings\ragz\Skrivebord\omegadriver\ATI Tray Tools\atitray.sys [ ]

S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};J:\Prog\PowerDVD\000.fcl [2008-01-30 12:28 41456]

S2 AODService;AODService;D:\Programfiler\AMD\OverDrive\AODAssist [ ]

S3 AtiHdmiService;ATI Function Driver for HDMI Service;D:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]

S3 echo24;Echo24 Service;D:\WINDOWS\system32\drivers\echo24.sys [2007-10-06 557056]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;D:\WINDOWS\system32\Drivers\KORGUMDS.SYS [ ]

S3 krdpdre;krdpdre;D:\DOCUME~1\ragz\LOKALE~1\Temp\krdpdre.sys [ ]

S3 L6PODLV;PODxt Live Service;D:\WINDOWS\system32\Drivers\L6PODLV.sys [2008-03-21 521088]

S3 RT80x86;Jensen Air:Link 83300 Driver;D:\WINDOWS\system32\DRIVERS\RT2860.sys [ ]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);D:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536]

S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360]

S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088]

S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);D:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624]

S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);D:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704]

S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;D:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432]

S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);D:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800]

S4 Apache2.2;Apache2.2;J:\webserver\xampp\apache\bin\apache.exe [2008-01-18 24635]

S4 XAMPP;XAMPP Service;J:\webserver\xampp\service.exe [2007-12-21 60928]

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-20 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- D:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - D:\Documents and Settings\ragz\Programdata\Mozilla\Firefox\Profiles\87fxtqh2.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com/ncr

FF -: plugin - D:\Programfiler\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - J:\Prog\Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - J:\Prog\Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - J:\Prog\DivX\DivX Player\npDivxPlayerPlugin.dll

FF -: plugin - J:\Prog\Firefox\plugins\np_gp.dll

FF -: plugin - J:\Prog\Firefox\plugins\np32dsw.dll

FF -: plugin - J:\Prog\Firefox\plugins\npdivx32.dll

FF -: plugin - J:\Prog\Firefox\plugins\npDivxPlayerPlugin.dll

FF -: plugin - J:\Prog\Firefox\plugins\npJoostPlugin.dll

FF -: plugin - J:\Prog\Firefox\plugins\npLegitCheckPlugin.dll

FF -: plugin - J:\Prog\Firefox\plugins\npnul32.dll

FF -: plugin - J:\Prog\Firefox\plugins\nppdf32.dll

FF -: plugin - J:\Prog\Firefox\plugins\nppl3260.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin2.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin3.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin4.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin5.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin6.dll

FF -: plugin - J:\Prog\Firefox\plugins\npqtplugin7.dll

FF -: plugin - J:\Prog\Firefox\plugins\nprpjplug.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin2.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin3.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin4.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin5.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin6.dll

FF -: plugin - J:\Prog\Quicktime\Plugins\npqtplugin7.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-27 08:18:03

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\AODService]

"ImagePath"="D:\Programfiler\AMD\OverDrive\AODAssist"

 

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\J:\Prog\PowerDVD\000.fcl"

.

Completion time: 2008-10-27 8:21:03

ComboFix-quarantined-files.txt 2008-10-27 07:20:01

ComboFix2.txt 2008-10-27 07:13:07

 

Pre-Run: 3 572 158 464 byte ledig

Post-Run: 3,551,686,656 byte ledig

 

313 --- E O F --- 2008-10-26 22:06:41

 

 

[norbat]

Klikk: Start->Kjør

Skriv: cmd

Fra ledetekst, skriv følgende og klikk Enter etter hver linje:

 

sc stop krdpdre

sc delete krdpdre

exit

Kunne du også prøvd å forklare litt nærmere hva som oppleves som problem?

[Gjest bruker-45896]

Ok, skal gjøre som du sier =)

 

Vel, jeg kommer ikke på internett når jeg starter opp i vanlig modus. Finner ingen trådløse netverk. Når jeg går inn på min datamaskin så kommer det aldri noe fram, den flotte lommelykten til windows bare står der i evig tid. Hvis jeg skriver in f.eks. D: eller C: i "Addressefeltet" kommer det fram med en gang. PC virker rett og slett treg så lenge den er i vanlig modus. Noe som er rart er at hvis jeg deaktiverer trådløse, evt. fjerner antennen til trådløse kortet, så kommer jeg plutselig inn på Min Datamaskin uten problemer. Jeg tør ikke la den stå på i normal modus for å si det sånn.

 

Poster på nytt når jeg har slettet krdpdre. Tusen takk, skjønner ikke dere gidder å sitte her dag ut og dag inn å hjelpe (dumme) folk gratis !

 

Når jeg starter opp i sikkermodus og sikkermodus med nettverk funker alt fint.

[norbat]

Forslag:

Avinstaller og reinstaller driveren til det trådløse kortet.

[Gjest bruker-45896]

Hmm, jeg merker ingen forbedring etter jeg sletta krdpdre.

 

Unnskyld at jeg tviler, men jeg ser ikke helt hva godt det kan gjøre ettersom det funker fett egentlig. Eller mener du at virus/trojan har endret på filer som har med trådløst å gjøre?

 

Edit: Funker ikke å avinstallere trådløse via enhetsbehandling, kommer opp denne beskjed "Kan ikke avinstallere xxxx pga den er nødvendig for å starte maskinen." Noe sånt hvertfall. Av en eller annen grunn blir de fjernet fra listen men når jeg trykker søk etter maskinvare endringer komme de bare from som om de alltid har vært der og ingenting har skjedd.

Endret 27. oktober 2008 av bruker-45896

[raWrz]

kan du si meg hva dataen heter? egentlig ikke noe vits og avinnstalere driverne før du innstalerer nye har aldri gjort det selv tbh

[Gjest bruker-45896]

Hva mener du hva den heter?

 

Uansett så går det ikke an å installere nye drivere over de gamle ettersom jeg får beskjed om at den ikke fant noen som passer bedre enn de som er der.

[Gjest bruker-45896]

bumper denne jeg, ettersom ingen har svart på over 24 timer

[norbat]

Du kunne forsøke å kjøre en systemgjenoppretting til en dato da ting og tang fungerte (tilbehør->systemverktøy->systemgjenoppretting).

 

Alt. så kunne du ha forsøkt å kjøre sfc /scannow fra kjør-feltet (start->kjør).

Mulig du trenger xp-cd'n.

[Gjest bruker-45896]

Så du finner ingenting galt i loggene, selv om jeg merker pcen er annerledes?

 

F.eks. så kom det et internet explorer ikon på skrivebordet og internet explorer ble satt til standard browser... TweakUI som er satt til å logge meg automatisk inn loggermeg ikke automatisk inn lengre.

[Gjest bruker-45896]

OKeiiii... jeg fikk tvingt inn driverne ved å velge helt manuelt .inf filen. Nå kommer hvertfall nettverket mitt opp, men når jeg prøver å koble til, skriver inn wpa nøkkelen, så står det bare "venter på nettverket" i evig tid og ingenting skjer.

 

Edit: Kjørte MBAM en gang, da fant den noen og fikk fjernet så nå kommer jeg på internett men faller stadig ut også rett inn igjen.

 

Hver gang jeg starter CS så lyser webcammet mitt som om det blir brukt. WTF!?

 

Jeg faller ut og inn av msn hele tiden men firefox fungerer uansett.

 

Edit2:

Nå finner jeg ingen nettverk igjen, det er klart det ligger noe mer som ikke programmene finner som skaper de samme problemene igjen. Finner ikke noe nytt med MBAM.

Endret 30. oktober 2008 av bruker-45896

[snippsat]

Post #11 systemoppretting.

Tenk på en dato da alt fungerte sett den tilbake til da.

 

Loggene er rene hadde de vært noe hadde norbat fjernet det.

 

OKeiiii... jeg fikk tvingt inn driverne ved å velge helt manuelt .inf filen. Nå kommer hvertfall nettverket mitt opp, men når jeg prøver å koble til, skriver inn wpa nøkkelen, så står det bare "venter på nettverket" i evig tid og ingenting skjer.

Når en har problemer slå alltid av kryptering for og se om det er wep-wpa nøkkel som lager problem.

[Gjest bruker-45896]

Det funket 100% før og det funker fint i sikkermodus med nettverk. Ingen datoer som passer i systemgjenoppretting.

 

Hvis loggene er rene stusser jeg over at MBAM fant noe etter jeg postet loggene. Jeg kan poste den MBAM loggen der hvor den fant noe.

 

Edit:

 

 

Malwarebytes' Anti-Malware 1.30

Database version: 1306

Windows 5.1.2600 Service Pack 3

 

30.10.2008 09:26:40

mbam-log-2008-10-30 (09-26-40).txt

 

Scan type: Full Scan (C:\|D:\|J:\|)

Objects scanned: 162452

Time elapsed: 33 minute(s), 47 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\System Volume Information\_restore{F5A55AC2-F06C-4D49-964A-5BD694D50A75}\RP2\A0001064.exe (Malware.Tool) -> Quarantined and deleted successfully.

 

 

 

Legg merke til at dette er en full scan på C: og D:, J: skulle ikke vært med, er bare jeg som har trykka feil

 

C: er gamle windowsen min, D: er windowsen som jeg bruker i dag.

Endret 30. oktober 2008 av bruker-45896

[snippsat]

Files Infected:

C:\System Volume Information\_restore{F5A55AC2-F06C-4D49-964A-5BD694D50A75}\RP2\A0001064.exe (Malware.Tool) -> Quarantined and deleted successfully.

Dette er systemgjennopprettings-mappe.

 

Denne resetter vi når vi er ferdig med combofix.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjennopprettnings nullstilt etc.

 

Prøve og resette winsock.

Start->Kjør(skriv eller lim inn fet tekst)

netsh winsock reset catalog

Endret 30. oktober 2008 av SNIPPSAT

[Gjest bruker-45896]

okeii, jeg får prøve å resette "winsock" hva enn det er...

 

Hva skal det egentlig gjøre/hjelpe for?

 

Ikke at det er noen forandring

[snippsat]

Du må forklare nøyaktig hva som skjer.

 

Viss du har CCleaner kjør den på denne måten.

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

 

Se om det er noen feilmeldinger her

Start->kjør->eventvwr.msc

 

Winsockfix.

http://www.softpedia.com/get/Tweak/Network...inSockFix.shtml

 

At du mister nettverk en gang iblant kan være vanskelig og feilsøke på.

Prøve og lag en ny bruker,restart.

Se om du får samme feil på ny bruker.

Du må prøve og huske når dette skjedd(eksp etter du innstalerte noe)

[Gjest bruker-45896]

Ok, jeg tar det helt fra begynnelsen og håper de ikke stenger tråden.

 

PCen funket fint. Så restartet jeg og den ba om aktivering på login screen, så når jeg da skal skrive inn aktiveringsnøkkel eller wtf det heter så kommer det "er allerede aktivert" Jeg hadde da en cracket windows hvor cracken tydeligvis ikke fungerte lengre. En evig loop dette her altså.

 

Jeg skaffet flere cracker og fikk en til å fungere, men ikke uten å installere trojan/virus/malware shit først. Så da postet jeg loggene her når jeg merket at pc var treig og jeg ikke fant noen nettverk.

 

Slettet krdpdre servicen uten at jeg merket noen forandring, kjørte mbam en gang til med full scan på begge windows partisjonene. Vet ikke hva den fant men da funket pluteslig nettet sånn halvveis, dvs jeg falt ut og inn hele tiden. Så etter ca 30min med ingenting spesielt som skjedde så plutselig mista jeg internett igjen helt og finner ingen nettverk, det er situasjonen nå.

 

ComboFix er avinstallert, winsock katalogen er tilbakestilt som du sa.

 

Poster på nytt når jeg har kjørt CCleaner osv, det tarlitt tid ettersom jeg må fram og tilbake med en usb minnepenn

Endret 30. oktober 2008 av bruker-45896

[Gjest bruker-45896]

okeiii, nå har jeg gjort alt sammen.

 

Ingen forbedring, ingen nettverk, firefox laster etter 2-3min mens cpu bruk ligger på 0%, evig lommelykt når jeg åpner min datamaskin.

 

dette er ikke nettverksproblemer?!

 

Se om det er noen feilmeldinger her

Start->kjør->eventvwr.msc

 

Det gjorde jeg og vet ikke hvilken eller alle de forskjelige kategoriene du mente der men det er noen feilmeldinger. Bare to forskjellige "Servicen Abel kunne ikke starte fordi den ikek finnes" noe alá det. Også har du "Windows aktivasjonen din er løpt ut" eller noe alá det.

Endret 30. oktober 2008 av bruker-45896