[LØST]Har fått en "Trojan Vundo"!

[RMX02]

Fint om noen kan se igjennom loggen min..

 

SAS Log:

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/01/2008 at 12:43 PM

 

Application Version : 4.0.1152

 

Core Rules Database Version : 3412

Trace Rules Database Version: 1404

 

Scan type : Complete Scan

Total Scan Time : 00:28:43

 

Memory items scanned : 563

Memory threats detected : 0

Registry items scanned : 6791

Registry threats detected : 1

File items scanned : 26312

File threats detected : 1

 

Adware.Vundo Variant

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{BA6C6CB6-676C-4DEA-9BDA-3BC4AB075F7C}

 

Adware.Tracking Cookie

C:\Documents and Settings\FT\Cookies\f_t@adtech[1].txt

 

 

ComboFix Log:

 

 

ComboFix 08-03-01.3 - FT 2008-03-01 13:01:27.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.450 [GMT 1:00]

Running from: C:\Documents and Settings\FT\Lokale innstillinger\Temporary Internet Files\Content.IE5\LYR6QT00\ComboFix[1].exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\srutv.ini

C:\WINDOWS\system32\srutv.ini2

C:\WINDOWS\system32\stutv.ini2

C:\WINDOWS\win.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\nm

 

 

((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))

.

 

2008-03-01 12:11 . 2008-03-01 12:11 <DIR> dr-h----- C:\Documents and Settings\FT\Siste

2008-02-29 22:15 . 2008-02-29 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-02-29 22:14 . 2008-02-29 22:14 <DIR> d-------- C:\Documents and Settings\FT\Programdata\SUPERAntiSpyware.com

2008-02-29 22:13 . 2008-02-29 22:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-02-29 16:18 . 2008-02-29 20:34 <DIR> d-------- C:\VundoFix Backups

2008-02-27 19:18 . 2008-02-28 17:27 706 ---hs---- C:\WINDOWS\system32\afafdwmh.ini

2008-02-26 19:14 . 2008-02-26 19:14 294 ---hs---- C:\WINDOWS\system32\oclkptcv.ini

2008-02-21 23:02 . 2008-02-21 23:02 <DIR> d-------- C:\Documents and Settings\FT\Programdata\fretsonfire

2008-02-18 13:23 . 2008-02-29 19:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-18 13:23 . 2008-02-18 13:23 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-17 19:09 . 2008-02-17 19:09 <DIR> d-------- C:\Documents and Settings\FT\dwhelper

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-01 12:00 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-02-29 14:10 --------- d-----w C:\Programfiler\Opera

2008-02-28 18:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-02-21 17:21 --------- d-----w C:\Documents and Settings\FT\Programdata\Vso

2008-02-21 17:21 --------- d-----w C:\Documents and Settings\FT\Programdata\CopyToDvd

2008-01-24 14:20 --------- d-----w C:\Programfiler\DAEMON Tools Pro

2008-01-23 09:42 --------- d-----w C:\Programfiler\Yahoo!

2008-01-23 09:06 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-01-14 12:22 --------- d-----w C:\Programfiler\Realtek AC97

2008-01-14 12:20 --------- d-----w C:\Programfiler\Unibrain

2008-01-14 12:19 --------- d-----w C:\Programfiler\Intel Desktop Board

2008-01-14 11:51 --------- d-----w C:\Programfiler\Marvell

2008-01-11 20:43 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-01-11 08:56 --------- d-----w C:\Documents and Settings\FT\Programdata\Nero

2008-01-11 08:54 --------- d-----w C:\Programfiler\Fellesfiler\Nero

2008-01-11 08:52 --------- d-----w C:\Programfiler\Nero

2008-01-11 08:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nero

2008-01-11 07:28 --------- d-----w C:\Documents and Settings\FT\Programdata\SlipStream

2008-01-11 07:28 --------- d-----w C:\Documents and Settings\FT\Programdata\ONSPEED_TOOLBAR

2008-01-10 08:49 --------- d-----w C:\Programfiler\inKline Global

2008-01-09 19:58 --------- d-----w C:\Documents and Settings\FT\Programdata\Skype

2008-01-09 17:05 --------- d-----w C:\Programfiler\QuickTime

2008-01-09 17:03 --------- d-----w C:\Programfiler\Apple Software Update

2008-01-09 17:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2008-01-09 16:52 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat

2008-01-09 16:52 --------- d-----w C:\Documents and Settings\FT\Programdata\skypePM

2008-01-09 16:51 --------- d-----w C:\Programfiler\Fellesfiler\Skype

2008-01-01 20:09 --------- d-----w C:\Programfiler\Image-Line

2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2007-10-12 17:32 53,652,801 ----a-w C:\Programfiler\Clue.rar

2007-01-25 20:07 81,920 ----a-w C:\Documents and Settings\FT\Programdata\ezpinst.exe

2007-01-25 20:07 47,360 ----a-w C:\Documents and Settings\FT\Programdata\pcouffin.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01510adb-07f5-48ec-88c4-6db10bdf34eb}]

C:\WINDOWS\system32\etjtbtyo.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F6C23D6-854C-497f-9275-439C89CF1F68}]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Rasmpc]

@={9D1F87E7-4D72-41AB-9D57-D101A08F20E5}

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"zBrowser Launcher"="C:\Programfiler\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

"Logitech Hardware Abstraction Layer"="C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE" [2006-07-19 11:03 94208]

"Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-10-05 21:11 866584]

"StartupMonitor"="C:\Programfiler\SNP Software\StartupMonitor\StartupMonitor.exe" [2006-07-10 05:16 183296]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-20 13:17 115816]

"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-02-20 13:16 771704]

"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

"NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

"e0e1b896"="C:\WINDOWS\system32\jpiamwba.dll" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 18:29 39264]

"Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2006-06-17 21:14:37 671744]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuspom]

wvuspom.dll

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

"LogitechSoftwareUpdate"=C:\Programfiler\Logitech\Video\ManifestEngine.exe boot

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime

"iTunesHelper"="L:\iTunes\iTunesHelper.exe"

"RAM Idle Professional"=C:\Programfiler\RAM Idle LE\RAM_XP.exe

"NVMixerTray"="C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

"PCSuiteTrayApplication"=C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\counter-strike\\hl.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\condition zero\\hl.exe"=

"C:\\Programfiler\\Valve\\Steam\\Steam.exe"=

"C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\condition zero deleted scenes\\hl.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\day of defeat\\hl.exe"=

"C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"C:\\Documents and Settings\\Morten Torseth\\Mine dokumenter\\Age of empires 2\\empires2.exe"=

"C:\\Documents and Settings\\Morten Torseth\\Mine dokumenter\\Age of empires 2\\age2_x1.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"D:\\Team17\\Worms2\\frontend.exe"=

"D:\\Programfiler\\GameSpy Arcade\\Aphex.exe"=

"D:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=

"D:\\Programfiler\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:03]

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 11:32]

R2 ubsbm;Unibrain 1394 SBM Driver;C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2005-07-27 17:25]

R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2005-07-27 17:25]

R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 08:11]

R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 09:50]

R3 ubohci;Unibrain 1394 OHCI Driver;C:\WINDOWS\system32\DRIVERS\ubohci.sys [2005-07-27 17:25]

S3 Boonty Games;Boonty Games;"C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe" [2006-11-24 11:06]

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-02-29 21:04:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-03-01 12:11:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

"2008-02-28 19:26:54 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - FT.job"

 

 

HijackThis Log:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:16, on 2008-03-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Programfiler\Logitech\system\em_exec.exe

C:\Programfiler\Windows Defender\MSASCui.exe

C:\Programfiler\SNP Software\StartupMonitor\StartupMonitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\FT\Skrivebord\Honda.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.onspeed.com/pac/?id=0fa7b5e4874...d8076ddba94e2c0

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: {be43fdb0-1bd6-4c88-ce84-5f70bda01510} - {01510adb-07f5-48ec-88c4-6db10bdf34eb} - C:\WINDOWS\system32\etjtbtyo.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: ClueAddIn.IE.ObjectWithSite - {1F6C23D6-854C-497f-9275-439C89CF1F68} - mscoree.dll (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - blank (file missing)

O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [startupMonitor] "C:\Programfiler\SNP Software\StartupMonitor\StartupMonitor.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [e0e1b896] rundll32.exe "C:\WINDOWS\system32\jpiamwba.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing)

O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.mpx.no

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165485195781

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a...5/Installer.exe

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: wvuspom - wvuspom.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Boonty Games - BOONTY - C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

--

End of file - 13439 bytes

 

 

Endret 3. mars 2008 av Morten-T

[norbat]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\system32\afafdwmh.ini

C:\WINDOWS\system32\oclkptcv.ini

 

Folder::

C:\Programfiler\Fellesfiler\BOONTY Shared

 

Driver::

Boonty Games

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01510adb-07f5-48ec-88c4-6db10bdf34eb}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F6C23D6-854C-497f-9275-439C89CF1F68}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"e0e1b896"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuspom]

 

Post loggen + ny hjt-logg.

[RMX02]

Har gjort det nå. Her er ComboFix Loggen:

 

 

ComboFix 08-03-01.3 - FT 2008-03-01 14:49:06.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.458 [GMT 1:00]

Running from: C:\Documents and Settings\FT\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\FT\Skrivebord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\afafdwmh.ini

C:\WINDOWS\system32\oclkptcv.ini

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Programfiler\Fellesfiler\BOONTY Shared

C:\Programfiler\Fellesfiler\BOONTY Shared\Service\Boonty.exe

C:\WINDOWS\system32\afafdwmh.ini

C:\WINDOWS\system32\oclkptcv.ini

.

---- Previous Run -------

.

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\srutv.ini

C:\WINDOWS\system32\srutv.ini2

C:\WINDOWS\system32\stutv.ini2

C:\WINDOWS\win.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\nm

 

 

-------\LEGACY_BOONTY_GAMES

-------\Boonty Games

 

 

((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))

.

 

2008-03-01 13:00 . 2008-03-01 13:12 <DIR> d-------- C:\ComboFix[1]

2008-03-01 12:11 . 2008-03-01 14:45 <DIR> dr-h----- C:\Documents and Settings\FT\Siste

2008-02-29 22:15 . 2008-02-29 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-02-29 22:14 . 2008-02-29 22:14 <DIR> d-------- C:\Documents and Settings\FT\Programdata\SUPERAntiSpyware.com

2008-02-29 22:13 . 2008-02-29 22:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-02-29 16:18 . 2008-02-29 20:34 <DIR> d-------- C:\VundoFix Backups

2008-02-21 23:02 . 2008-02-21 23:02 <DIR> d-------- C:\Documents and Settings\FT\Programdata\fretsonfire

2008-02-18 13:23 . 2008-02-29 19:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-18 13:23 . 2008-02-18 13:23 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-17 19:09 . 2008-02-17 19:09 <DIR> d-------- C:\Documents and Settings\FT\dwhelper

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-01 13:48 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-02-29 14:10 --------- d-----w C:\Programfiler\Opera

2008-02-28 18:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-02-28 18:31 --------- d-----w C:\Programfiler\LimeWire

2008-02-21 17:21 --------- d-----w C:\Documents and Settings\FT\Programdata\Vso

2008-02-21 17:21 --------- d-----w C:\Documents and Settings\FT\Programdata\CopyToDvd

2008-01-24 14:20 --------- d-----w C:\Programfiler\DAEMON Tools Pro

2008-01-23 09:42 --------- d-----w C:\Programfiler\Yahoo!

2008-01-23 09:06 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-01-14 12:22 --------- d-----w C:\Programfiler\Realtek AC97

2008-01-14 12:20 --------- d-----w C:\Programfiler\Unibrain

2008-01-14 12:19 --------- d-----w C:\Programfiler\Intel Desktop Board

2008-01-14 11:51 --------- d-----w C:\Programfiler\Marvell

2008-01-11 20:43 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-01-11 08:56 --------- d-----w C:\Documents and Settings\FT\Programdata\Nero

2008-01-11 08:54 --------- d-----w C:\Programfiler\Fellesfiler\Nero

2008-01-11 08:52 --------- d-----w C:\Programfiler\Nero

2008-01-11 08:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nero

2008-01-11 07:28 --------- d-----w C:\Documents and Settings\FT\Programdata\SlipStream

2008-01-11 07:28 --------- d-----w C:\Documents and Settings\FT\Programdata\ONSPEED_TOOLBAR

2008-01-10 08:49 --------- d-----w C:\Programfiler\inKline Global

2008-01-09 19:58 --------- d-----w C:\Documents and Settings\FT\Programdata\Skype

2008-01-09 17:05 --------- d-----w C:\Programfiler\QuickTime

2008-01-09 17:03 --------- d-----w C:\Programfiler\Apple Software Update

2008-01-09 17:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2008-01-09 16:52 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat

2008-01-09 16:52 --------- d-----w C:\Documents and Settings\FT\Programdata\skypePM

2008-01-09 16:51 --------- d-----w C:\Programfiler\Fellesfiler\Skype

2008-01-01 20:09 --------- d-----w C:\Programfiler\Image-Line

2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2007-10-12 17:32 53,652,801 ----a-w C:\Programfiler\Clue.rar

2007-01-25 20:07 81,920 ----a-w C:\Documents and Settings\FT\Programdata\ezpinst.exe

2007-01-25 20:07 47,360 ----a-w C:\Documents and Settings\FT\Programdata\pcouffin.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Rasmpc]

@={9D1F87E7-4D72-41AB-9D57-D101A08F20E5}

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"zBrowser Launcher"="C:\Programfiler\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

"Logitech Hardware Abstraction Layer"="C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE" [2006-07-19 11:03 94208]

"Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-10-05 21:11 866584]

"StartupMonitor"="C:\Programfiler\SNP Software\StartupMonitor\StartupMonitor.exe" [2006-07-10 05:16 183296]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-20 13:17 115816]

"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-02-20 13:16 771704]

"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

"NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 18:29 39264]

"Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2006-06-17 21:14:37 671744]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

"LogitechSoftwareUpdate"=C:\Programfiler\Logitech\Video\ManifestEngine.exe boot

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime

"iTunesHelper"="L:\iTunes\iTunesHelper.exe"

"RAM Idle Professional"=C:\Programfiler\RAM Idle LE\RAM_XP.exe

"NVMixerTray"="C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

"PCSuiteTrayApplication"=C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\counter-strike\\hl.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\condition zero\\hl.exe"=

"C:\\Programfiler\\Valve\\Steam\\Steam.exe"=

"C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\condition zero deleted scenes\\hl.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\mortent_1993\\day of defeat\\hl.exe"=

"C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"C:\\Documents and Settings\\Morten Torseth\\Mine dokumenter\\Age of empires 2\\empires2.exe"=

"C:\\Documents and Settings\\Morten Torseth\\Mine dokumenter\\Age of empires 2\\age2_x1.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"D:\\Team17\\Worms2\\frontend.exe"=

"D:\\Programfiler\\GameSpy Arcade\\Aphex.exe"=

"D:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=

"D:\\Programfiler\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:03]

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 11:32]

R2 ubsbm;Unibrain 1394 SBM Driver;C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2005-07-27 17:25]

R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2005-07-27 17:25]

R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 08:11]

R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 09:50]

R3 ubohci;Unibrain 1394 OHCI Driver;C:\WINDOWS\system32\DRIVERS\ubohci.sys [2005-07-27 17:25]

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-02-29 21:04:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-03-01 13:58:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

"2008-02-28 19:26:54 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - FT.job"

 

[RMX02]

Ny HJT Log:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:03, on 2008-03-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\UAService7.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\FT\Skrivebord\Honda.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.onspeed.com/pac/?id=0fa7b5e4874...d8076ddba94e2c0

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - blank (file missing)

O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [startupMonitor] "C:\Programfiler\SNP Software\StartupMonitor\StartupMonitor.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing)

O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.mpx.no

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165485195781

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a...5/Installer.exe

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

--

End of file - 12653 bytes

 

[norbat]

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - blank (file missing)

O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing)

O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing)

O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - blank (file missing)

 

Hvordan kjører PC-en?

[RMX02]

Ser bra ut nå..

 

Takk for hjelpen!

[norbat]

Avinstaller combofix ved å skrive combofix /u fra kjør-vinduet (Start->Kjør).

Dette fjerner programmet, backupfiler, samt nullstiller systemgjenopprettingen.

 

Surf trygt.

[r2d290]

Og deretter, skriv "[LØST]" i starten av emnetittelen din (rediger førsteposten din med full redigering)