Får ikke internett i sikkerhetsmodus med nettverk

[Lami]

Jeg skulle starte i Sikkerhetsmodus med nettverk, fordi jeg skulle skanne maskinen min for drit, virus osv, men når jeg startet i Sikkerhetsmodus med nettverk så er det ingen internettforbindelse. Det går ikke ann å reparere eller deaktivere nettverket fordi den reagerer ikke, men internett funker i normal modus. Men når jeg åpner Mozilla så virker noen sider (i sikkerhetsmodus med nettverk)

 

Hjelp her folkens

Endret 7. mai 2008 av Lami

[snippsat]

Hei du får laste ned disse så får vi se hvordan det ser ut.

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst.

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

[Lami]

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:07:51, on 07.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\Microsoft IntelliPoint\ipoint.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programfiler\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Saitek\SD6\Software\ProfilerU.exe

C:\Programfiler\Saitek\SD6\Software\SaiMfd.exe

C:\WINDOWS\system32\iqhwskmb.exe

C:\WINDOWS\system32\regsvr32.exe

C:\Documents and Settings\Simen\Lokale innstillinger\Programdata\Google\Update\1.1.25.0\GoogleUpdate.exe

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programfiler\DAEMON Tools Lite\daemon.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\Programfiler\DesktopEarth\DesktopEarth.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\eMule\emule.exe

C:\Programfiler\Windows Media Player\wmplayer.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: (no name) - {5AEF1C19-4A11-BD7B-8A71-09AE4323EA56} - C:\WINDOWS\system32\cbhfdzfp.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ProfilerU] C:\Programfiler\Saitek\SD6\Software\ProfilerU.exe

O4 - HKLM\..\Run: [saiMfd] C:\Programfiler\Saitek\SD6\Software\SaiMfd.exe

O4 - HKLM\..\Run: [iqhwskmb] C:\WINDOWS\system32\iqhwskmb.exe

O4 - HKLM\..\Run: [zivynkbq] regsvr32 /u "C:\Documents and Settings\All Users\Programdata\zivynkbq.dll"

O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FELLES~1\TEKNUM~1\update.exe /startup

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Simen\Lokale innstillinger\Programdata\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en

O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKLM\..\Policies\Explorer\Run: [zfk0ONOcwa] C:\WINDOWS\system32\winver.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: DesktopEarth AutoStart.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Wireless Connection Manager.lnk = C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra button: My IP Suite - {FB5F1910-F110-11d2-BB9E-80C04F795683} - C:\Programfiler\My IP Suite\MyIPSuite.exe

O9 - Extra 'Tools' menuitem: My IP Suite - {FB5F1910-F110-11d2-BB9E-80C04F795683} - C:\Programfiler\My IP Suite\MyIPSuite.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198181166637

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O24 - Desktop Component 1: Travian - Nettspill - Romere, Gallere & Germanere - http://www.travian.no/

 

--

End of file - 11522 bytes

 

Maskinen min kræsjet når jeg kjørte ComboFix

 

Men der over var det fra HijackThis

[snippsat]

Ja rydder litt først.

Du kan prøve combofix etter dette,last ned på nytt disable antivirus før du kjører.

 

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"

O2 - BHO: (no name) - {5AEF1C19-4A11-BD7B-8A71-09AE4323EA56} - C:\WINDOWS\system32\cbhfdzfp.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [iqhwskmb] C:\WINDOWS\system32\iqhwskmb.exe

O4 - HKLM\..\Run: [zivynkbq] regsvr32 /u "C:\Documents and Settings\All Users\Programdata\zivynkbq.dll"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Simen\Lokale innstillinger\Programdata\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en

O4 - HKLM\..\Policies\Explorer\Run: [zfk0ONOcwa] C:\WINDOWS\system32\winver.exe

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

 

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

---

Last ned oppdatere og kjør full scan SAS free

Post loggen fra SAS (preferences->statistics/logs)

---

Restart og en ny HijackThis logg.

Endret 7. mai 2008 av SNIPPSAT

[Lami]

Fra SAS

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/08/2008 at 05:07 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3455

Trace Rules Database Version: 1447

 

Scan type : Complete Scan

Total Scan Time : 00:55:12

 

Memory items scanned : 532

Memory threats detected : 1

Registry items scanned : 5369

Registry threats detected : 22

File items scanned : 47411

File threats detected : 95

 

Trojan.Unclassified/CmdUtil

C:\DOCUMENTS AND SETTINGS\ALL USERS\PROGRAMDATA\ZIVYNKBQ.DLL

C:\DOCUMENTS AND SETTINGS\ALL USERS\PROGRAMDATA\ZIVYNKBQ.DLL

C:\PROGRAMFILER\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20080508-085249-181.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{3695133A-1E93-4ED0-9A65-73CF4311E928}\RP222\A0119524.DLL

 

Unclassified.Unknown Origin

HKLM\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

HKU\S-1-5-21-1292428093-1770027372-839522115-1003\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

HKCR\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

 

Adware.Tracking Cookie

C:\Documents and Settings\Simen\Cookies\simen@serving-sys[2].txt

C:\Documents and Settings\Simen\Cookies\[email protected][2].txt

C:\Documents and Settings\Simen\Cookies\simen@crackserialkeygen[2].txt

C:\Documents and Settings\Simen\Cookies\[email protected][2].txt

C:\Documents and Settings\Simen\Cookies\simen@statcounter[2].txt

C:\Documents and Settings\Simen\Cookies\[email protected][1].txt

C:\Documents and Settings\Simen\Cookies\simen@cgi-bin[2].txt

C:\Documents and Settings\Simen\Cookies\[email protected][2].txt

C:\Documents and Settings\Simen\Cookies\[email protected][1].txt

C:\Documents and Settings\Simen\Cookies\simen@webstat[1].txt

C:\Documents and Settings\Simen\Cookies\simen@interclick[2].txt

C:\Documents and Settings\Simen\Cookies\simen@pro-market[2].txt

C:\Documents and Settings\Simen\Cookies\[email protected][1].txt

C:\Documents and Settings\Simen\Cookies\[email protected][2].txt

C:\Documents and Settings\Simen\Cookies\simen@apmebf[1].txt

C:\Documents and Settings\Simen\Cookies\simen@burstnet[1].txt

C:\Documents and Settings\Simen\Cookies\simen@clicktorrent[2].txt

C:\Documents and Settings\Simen\Cookies\[email protected][1].txt

C:\Documents and Settings\Simen\Cookies\[email protected][1].txt

C:\Documents and Settings\Simen\Cookies\[email protected][1].txt

C:\Documents and Settings\Simen\Cookies\[email protected][1].txt

C:\Documents and Settings\Simen\Cookies\simen@insightexpressai[1].txt

C:\Documents and Settings\Simen\Cookies\[email protected][2].txt

C:\Documents and Settings\Simen\Cookies\simen@adtech[1].txt

C:\Documents and Settings\Simen\Cookies\[email protected][1].txt

C:\Documents and Settings\Simen\Cookies\simen@advertising[1].txt

C:\Documents and Settings\Simen\Cookies\[email protected][1].txt

C:\Documents and Settings\Simen\Cookies\simen@tradedoubler[1].txt

C:\Documents and Settings\Simen\Cookies\simen@i[1].txt

C:\Documents and Settings\Simen\Cookies\simen@specificclick[2].txt

C:\Documents and Settings\Simen\Cookies\simen@adinterax[2].txt

C:\Documents and Settings\Simen\Cookies\simen@web-stat[2].txt

C:\Documents and Settings\Simen\Cookies\simen@linksynergy[1].txt

C:\Documents and Settings\Simen\Cookies\simen@atdmt[2].txt

C:\Documents and Settings\Simen\Cookies\simen@casalemedia[2].txt

C:\Documents and Settings\Simen\Cookies\[email protected][2].txt

C:\Documents and Settings\Simen\Cookies\simen@windowsmedia[2].txt

C:\Documents and Settings\Simen\Cookies\[email protected][1].txt

C:\Documents and Settings\Simen\Cookies\simen@hitbox[2].txt

C:\Documents and Settings\Simen\Cookies\[email protected][1].txt

C:\Documents and Settings\Simen\Cookies\simen@kontera[1].txt

C:\Documents and Settings\Simen\Cookies\simen@doubleclick[1].txt

C:\Documents and Settings\Simen\Cookies\simen@keygenguru[2].txt

C:\Documents and Settings\Simen\Cookies\simen@247realmedia[2].txt

C:\Documents and Settings\Simen\Cookies\[email protected][1].txt

C:\Documents and Settings\Simen\Cookies\simen@sexynatalie[2].txt

C:\Documents and Settings\Simen\Cookies\[email protected][1].txt

C:\Documents and Settings\Simen\Cookies\[email protected][2].txt

C:\Documents and Settings\Simen\Cookies\[email protected][2].txt

 

Trojan.Unknown Origin

HKLM\SOFTWARE\Microsoft\MSSMGR

HKLM\SOFTWARE\Microsoft\MSSMGR#Data

HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd

HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST

HKLM\SOFTWARE\Microsoft\MSSMGR#PID

HKLM\SOFTWARE\Microsoft\MSSMGR#Rid

HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR

HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV

HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV

HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST

HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST

HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV

HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV

HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV

 

Trojan.DNSChanger-Codec

HKU\S-1-5-21-1292428093-1770027372-839522115-1003\Software\uninstall

 

Rogue.PC-Cleaner

HKU\S-1-5-21-1292428093-1770027372-839522115-1003\Software\fwbd

HKU\S-1-5-21-1292428093-1770027372-839522115-1003\Software\HolLol

HKU\S-1-5-21-1292428093-1770027372-839522115-1003\Software\mwc

HKU\S-1-5-21-1292428093-1770027372-839522115-1003\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SystemCheck2

 

Trojan.Fake-Drop/Gen

C:\WINDOWS\SYSTEM32\AKTTZN.EXE

C:\WINDOWS\SYSTEM32\ANTICIPATOR.DLL

C:\WINDOWS\SYSTEM32\AWTOOLB.DLL

C:\WINDOWS\SYSTEM32\BDN.COM

C:\WINDOWS\SYSTEM32\H@TKEYSH@@K.DLL

C:\WINDOWS\SYSTEM32\HOPROXY.DLL

C:\WINDOWS\SYSTEM32\HXIWLGPM.DAT

C:\WINDOWS\SYSTEM32\HXIWLGPM.EXE

C:\WINDOWS\SYSTEM32\MEDUP012.DLL

C:\WINDOWS\SYSTEM32\MEDUP020.DLL

C:\WINDOWS\SYSTEM32\MSGP.EXE

C:\WINDOWS\SYSTEM32\MSNBHO.DLL

C:\WINDOWS\SYSTEM32\MSSECU.EXE

C:\WINDOWS\SYSTEM32\MSVCHOST.EXE

C:\WINDOWS\SYSTEM32\MTR2.EXE

C:\WINDOWS\SYSTEM32\MWIN32.EXE

C:\WINDOWS\SYSTEM32\NETODE.EXE

C:\WINDOWS\SYSTEM32\NEWSD32.EXE

C:\WINDOWS\SYSTEM32\PS1.EXE

C:\WINDOWS\SYSTEM32\REGC64.DLL

C:\WINDOWS\SYSTEM32\REGM64.DLL

C:\WINDOWS\SYSTEM32\RUNDL1.EXE

C:\WINDOWS\SYSTEM32\SSURF022.DLL

C:\WINDOWS\SYSTEM32\SSVCHOST.COM

C:\WINDOWS\SYSTEM32\SSVCHOST.EXE

C:\WINDOWS\SYSTEM32\SYSREQ.EXE

C:\WINDOWS\SYSTEM32\TAACK.DAT

C:\WINDOWS\SYSTEM32\TAACK.EXE

C:\WINDOWS\SYSTEM32\TEMP#01.EXE

C:\WINDOWS\SYSTEM32\THUN.DLL

C:\WINDOWS\SYSTEM32\THUN32.DLL

C:\WINDOWS\SYSTEM32\VBIEWER.OCX

C:\WINDOWS\SYSTEM32\VBSYS2.DLL

C:\WINDOWS\SYSTEM32\VCATCHPI.DLL

C:\WINDOWS\SYSTEM32\WINLOGONPC.EXE

C:\WINDOWS\SYSTEM32\WINSYSTEM.EXE

C:\WINDOWS\SYSTEM32\WINWGPX.EXE

 

Dpcproxy

C:\WINDOWS\SYSTEM32\DPCPROXY.EXE

 

Trojan.Unclassified/Multi-Dropper

C:\WINDOWS\SYSTEM32\IQHWSKMB.EXE

C:\WINDOWS\Prefetch\IQHWSKMB.EXE-12A09083.pf

 

Unclassified.Unknown Origin/System

C:\WINDOWS\SYSTEM32\PSOF1.EXE

 

Adware.Pacer D

C:\WINDOWS\SYSTEM32\PSOFT1.EXE

 

Trojan.Dluca-I

C:\WINDOWS\SYSTEM32\SNCNTR.EXE

 

Fra HijackThis:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:08, on 2008-05-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Microsoft IntelliPoint\ipoint.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Saitek\SD6\Software\ProfilerU.exe

C:\Programfiler\Saitek\SD6\Software\SaiMfd.exe

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programfiler\DAEMON Tools Lite\daemon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe

C:\Programfiler\DesktopEarth\DesktopEarth.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ProfilerU] C:\Programfiler\Saitek\SD6\Software\ProfilerU.exe

O4 - HKLM\..\Run: [saiMfd] C:\Programfiler\Saitek\SD6\Software\SaiMfd.exe

O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FELLES~1\TEKNUM~1\update.exe /startup

O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: DesktopEarth AutoStart.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Wireless Connection Manager.lnk = C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra button: My IP Suite - {FB5F1910-F110-11d2-BB9E-80C04F795683} - C:\Programfiler\My IP Suite\MyIPSuite.exe

O9 - Extra 'Tools' menuitem: My IP Suite - {FB5F1910-F110-11d2-BB9E-80C04F795683} - C:\Programfiler\My IP Suite\MyIPSuite.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198181166637

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O24 - Desktop Component 1: Travian - Nettspill - Romere, Gallere & Germanere - http://www.travian.no/

 

--

End of file - 10682 bytes

[norbat]

Virker som SAS tok og ryddet ordentlig opp. HJT-loggen viser ingen flere infiserte filer.

Du kunne ha prøvd å kjøre Combofix igjen (last ned ny versjon). Den kan fortelle om det ligger igjen noen leftovers.

[Lami]

Nå har jeg tatt ComboFix og fikk loggen

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-05-08.1 - Simen 2008-05-09 16:53:06.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1387 [GMT 2:00]

Running from: C:\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\psof1.exe

C:\WINDOWS\system32\systeminfo3.dll

.

---- Previous Run -------

.

C:\Programfiler\akl

C:\Programfiler\akl\akl.dll

C:\Programfiler\akl\akl.exe

C:\Programfiler\akl\uninstall.exe

C:\Programfiler\akl\unsetup.exe

C:\Programfiler\Inet Delivery

C:\Programfiler\Inet Delivery\inetdl.exe

C:\Programfiler\Inet Delivery\intdel.exe

C:\WINDOWS\a.bat

C:\WINDOWS\base64.tmp

C:\WINDOWS\bdn.com

C:\WINDOWS\FVProtect.exe

C:\WINDOWS\iTunesMusic.exe

C:\WINDOWS\mslagent

C:\WINDOWS\mslagent\2_mslagent.dll

C:\WINDOWS\mslagent\mslagent.exe

C:\WINDOWS\mslagent\uninstall.exe

C:\WINDOWS\mssecu.exe

C:\WINDOWS\system32\bsva-egihsg52.exe

C:\WINDOWS\system32\emesx.dll

C:\WINDOWS\system32\smp

C:\WINDOWS\system32\smp\msrc.exe

C:\WINDOWS\system32\winupdate.exe

C:\WINDOWS\userconfig9x.dll

C:\WINDOWS\Web\def.htm

C:\WINDOWS\winsystem.exe

C:\WINDOWS\zip1.tmp

C:\WINDOWS\zip2.tmp

C:\WINDOWS\zip3.tmp

C:\WINDOWS\zipped.tmp

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_IPRIP

-------\Service_Iprip

 

 

((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))

.

 

2008-05-09 16:52 . 2008-05-09 16:52 1,856,057 --a------ C:\ComboFix.exe

2008-05-09 16:31 . 2005-01-18 14:23 628,736 --a------ C:\WINDOWS\system32\ltocx12n.ocx

2008-05-09 16:31 . 2005-01-18 17:35 458,752 --a------ C:\WINDOWS\system32\LCamCpl.dll

2008-05-09 16:31 . 2005-01-18 17:36 282,624 --a------ C:\WINDOWS\system32\camcpl.cpl

2008-05-09 16:31 . 2005-01-18 14:23 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll

2008-05-09 16:31 . 2005-01-18 14:23 192,512 --a------ C:\WINDOWS\system32\ltscr12n.ocx

2008-05-09 16:31 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe

2008-05-09 16:31 . 2003-06-09 19:39 29,795 --a------ C:\WINDOWS\system32\ITIG726.acm

2008-05-08 16:09 . 2008-05-08 16:09 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-05-08 16:09 . 2008-05-08 16:09 <DIR> d-------- C:\Documents and Settings\Simen\Programdata\SUPERAntiSpyware.com

2008-05-08 16:09 . 2008-05-08 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-05-08 16:09 . 2008-05-08 16:09 6,291,992 --a------ C:\SUPERAntiSpywarePro.exe

2008-05-07 21:12 . 2008-05-09 16:53 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-07 21:07 . 2008-05-07 21:07 <DIR> d-------- C:\Programfiler\Trend Micro

2008-05-06 18:40 . 2008-05-06 18:40 <DIR> d-------- C:\Programfiler\Fellesfiler\TechSmith Shared

2008-05-06 18:20 . 2008-05-06 18:22 41,157,120 --a------ C:\camtasia.msi

2008-05-06 17:56 . 2008-05-06 18:04 <DIR> d-------- C:\Fraps

2008-05-06 16:29 . 2008-05-06 18:19 <DIR> d-------- C:\Programfiler\Game Cam V2

2008-05-04 21:18 . 2007-11-23 17:04 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2008-05-04 21:18 . 2007-11-23 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2008-05-04 21:18 . 2007-11-23 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2008-05-04 21:18 . 2007-11-23 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste

2008-05-04 21:18 . 2007-11-23 17:04 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2008-05-04 21:18 . 2007-11-23 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter

2008-05-04 21:18 . 2007-11-23 17:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2008-05-04 21:18 . 2008-05-09 16:56 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2008-05-04 21:18 . 2007-11-23 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter

2008-05-04 21:18 . 2007-11-23 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2008-05-04 21:18 . 2008-05-04 21:18 <DIR> d-------- C:\Documents and Settings\Administrator

2008-05-04 21:18 . 2008-05-09 16:53 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG

2008-05-04 19:57 . 2008-05-04 20:44 15,452,536 --a------ C:\IE7-WindowsXP-x86-enu.exe

2008-05-04 19:31 . 2008-05-04 19:31 268 --ah----- C:\sqmdata12.sqm

2008-05-04 19:31 . 2008-05-04 19:31 244 --ah----- C:\sqmnoopt12.sqm

2008-05-01 21:34 . 2008-05-01 21:42 <DIR> d-------- C:\Programfiler\DesktopEarth

2008-05-01 21:26 . 2008-05-01 21:33 6,536,704 --a------ C:\DesktopEarthSetup.msi

2008-05-01 16:17 . 2008-05-02 10:50 <DIR> d-------- C:\Programfiler\Counter-Strike 1.6

2008-05-01 16:17 . 2008-05-01 16:17 <DIR> dr-h----- C:\Documents and Settings\Simen\Programdata\SecuROM

2008-04-30 12:38 . 2008-04-30 12:38 <DIR> d-------- C:\Programfiler\Duplicate Music Files Finder

2008-04-30 12:37 . 2008-04-30 12:37 931,776 --a------ C:\dmff_installer.exe

2008-04-26 13:40 . 2004-08-04 09:55 277,504 --a--c--- C:\WINDOWS\system32\dllcache\OLD18.tmp

2008-04-26 10:30 . 2008-04-26 10:31 <DIR> d-------- C:\Programfiler\MagicISO

2008-04-26 10:15 . 2001-10-09 14:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx

2008-04-25 22:23 . 2008-04-25 22:25 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-04-25 22:23 . 2008-04-25 22:23 <DIR> d-------- C:\Programfiler\Microsoft.NET

2008-04-25 22:17 . 2008-04-25 22:17 90,112 --a------ C:\Arbeidsplan uke17.doc

2008-04-25 17:20 . 2008-04-25 18:35 385,524,406 --a------ C:\bf2142_update_1.40.exe

2008-04-25 14:50 . 2008-04-25 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Elaborate Bytes

2008-04-25 14:48 . 2008-04-25 14:51 85 ---hs---- C:\Documents and Settings\All Users\Programdata\.zreglib

2008-04-25 14:44 . 2008-04-25 14:44 48 --ahs---- C:\WINDOWS\SB619D7AC.tmp

2008-04-25 14:39 . 2008-04-25 14:53 <DIR> d-------- C:\Programfiler\Elaborate Bytes

2008-04-25 14:38 . 2008-04-25 14:38 5,063,664 --a------ C:\SetupCloneDVD2917Slysoft.exe

2008-04-25 08:15 . 2008-04-25 08:15 372,224 --a------ C:\NORWEG~1.MSWMM

2008-04-22 14:36 . 2008-04-25 14:38 <DIR> d-------- C:\Programfiler\CloneDVD

2008-04-22 14:36 . 2008-04-25 14:38 <DIR> d-------- C:\Documents and Settings\Simen\Programdata\Vso

2008-04-22 14:36 . 2008-04-22 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DVDXStudio

2008-04-22 14:36 . 2008-04-25 14:38 81,920 --a------ C:\Documents and Settings\Simen\Programdata\ezpinst.exe

2008-04-22 14:36 . 2008-04-22 14:36 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2008-04-22 14:36 . 2008-04-25 14:38 47,360 --a------ C:\Documents and Settings\Simen\Programdata\pcouffin.sys

2008-04-22 14:32 . 2008-04-22 14:32 9,725,972 --a------ C:\CloneDVDSetup.exe

2008-04-20 22:53 . 2008-04-20 22:53 <DIR> d-------- C:\Programfiler\Alcohol Soft

2008-04-20 20:31 . 2008-04-20 20:32 10,121,656 --a------ C:\Alcohol120_trial_1.9.7.6221.exe

2008-04-20 20:31 . 2008-04-20 20:31 2,751,368 --a------ C:\ccsetup206.exe

2008-04-16 21:08 . 2008-04-25 08:41 <DIR> d-------- C:\Documents and Settings\Simen\Programdata\U3

2008-04-16 21:02 . 2008-04-17 16:00 <DIR> d-------- C:\Programfiler\Musikk

2008-04-16 21:01 . 2008-05-09 16:26 <DIR> d---s---- C:\Musikk

2008-04-16 15:01 . 2008-04-16 18:14 <DIR> d-------- C:\Documents and Settings\Simen\Programdata\GetRightToGo

2008-04-16 15:00 . 2008-04-16 14:59 364,160 --a------ C:\ETQW-client-1-0-1-4-update-exe.exe

2008-04-15 20:28 . 2008-04-15 20:28 314 --a------ C:\WINDOWS\game.ini

2008-04-15 20:07 . 2008-04-15 20:07 <DIR> d-------- C:\Programfiler\id Software

2008-04-15 20:05 . 2008-04-15 20:05 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-04-14 19:39 . 2008-04-14 19:39 <DIR> d-------- C:\Programfiler\Saitek

2008-04-14 19:39 . 2008-04-14 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Saitek

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-09 14:48 --------- d-----w C:\Programfiler\eMule

2008-05-09 14:31 --------- d-----w C:\Programfiler\Fellesfiler\Logitech

2008-05-09 14:30 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-09 14:30 --------- d-----w C:\Programfiler\Logitech

2008-05-08 14:09 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-06 17:20 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-05-05 13:38 --------- d-----w C:\Programfiler\Steam

2008-05-02 09:28 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-05-01 13:50 --------- d-----w C:\Programfiler\Ubisoft

2008-04-26 08:26 --------- d-----w C:\Programfiler\Evrsoft First Page 2006

2008-04-25 12:41 --------- d-----w C:\Programfiler\Yahoo!

2008-04-23 16:47 --------- d-----w C:\Documents and Settings\Simen\Programdata\CyberLink

2008-04-23 16:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\CyberLink

2008-04-21 15:51 --------- d-----w C:\Programfiler\EA GAMES

2008-04-15 18:28 22,328 ----a-w C:\Documents and Settings\Simen\Programdata\PnkBstrK.sys

2008-04-07 20:33 --------- d-----w C:\Documents and Settings\All Users\Programdata\LogiShrd

2008-04-07 20:32 --------- d-----w C:\Programfiler\Fellesfiler\Logishrd

2008-04-04 16:16 --------- d-----w C:\Programfiler\CSStrat

2008-04-04 15:02 --------- d-----w C:\Programfiler\DAEMON Tools Lite

2008-04-04 14:52 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-04-04 14:52 --------- d-----w C:\Documents and Settings\Simen\Programdata\DAEMON Tools

2008-04-04 13:59 --------- d-----w C:\Programfiler\Java

2008-04-03 20:36 --------- d-----w C:\Programfiler\Red Kawa

2008-04-03 20:36 --------- d-----w C:\Programfiler\AviSynth 2.5

2008-04-03 17:19 --------- d-----w C:\Documents and Settings\Simen\Programdata\Apple Computer

2008-04-03 17:18 --------- d-----w C:\Programfiler\iTunes

2008-04-03 17:18 --------- d-----w C:\Programfiler\iPod

2008-04-03 17:17 --------- d-----w C:\Programfiler\Bonjour

2008-04-03 17:17 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-04-03 17:16 --------- d-----w C:\Programfiler\QuickTime

2008-04-03 17:13 --------- d-----w C:\Programfiler\Fellesfiler\Apple

2008-04-03 16:03 --------- d-----w C:\Programfiler\Messenger Plus! Live

2008-03-16 14:14 --------- d-----w C:\Programfiler\Streamripper

2008-03-16 14:12 --------- d-----w C:\Documents and Settings\Simen\Programdata\streamripper

2008-03-16 14:06 --------- d-----w C:\Programfiler\Winamp

2008-03-13 14:37 --------- d-----w C:\Programfiler\PerformanceTest

2008-03-13 07:36 --------- d-----w C:\Programfiler\SystemRequirementsLab

2008-03-11 18:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-03-11 13:38 --------- d-----w C:\Programfiler\Task Killer

2008-03-11 13:16 --------- d-----w C:\Programfiler\HandyBits

2008-03-10 14:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Messenger Plus!

2008-03-10 14:32 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-03-09 18:24 --------- d-----w C:\Programfiler\HP

2008-03-07 16:19 2,733,520 ----a-w C:\ccsetup205.exe

2008-03-05 13:58 65,094 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-03-05 13:58 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-03-04 20:34 1,090,568 ----a-w C:\pstrip.exe

2008-03-03 15:10 1,311,740 ----a-w C:\MyIPSuite.exe

2008-02-25 09:44 603,176 ----a-w C:\autoruns.exe

2008-02-25 09:44 513,064 ----a-w C:\autorunsc.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="" []

"Update Service"="C:\PROGRA~1\FELLES~1\TEKNUM~1\update.exe" [2008-01-23 18:03 19456]

"LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-03-07 16:56 67128]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

"DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

"AlcoholAutomount"="C:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-06-26 08:56 2173480]

"SoundMan"="SOUNDMAN.EXE" [2005-10-24 08:45 90112 C:\WINDOWS\soundman.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 101136 C:\WINDOWS\KHALMNPR.Exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 101136 C:\WINDOWS\KHALMNPR.Exe]

"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 01:52 849280]

"Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-06 20:26 29744]

"Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]

"ProfilerU"="C:\Programfiler\Saitek\SD6\Software\ProfilerU.exe" [2007-05-01 12:09 233472]

"SaiMfd"="C:\Programfiler\Saitek\SD6\Software\SaiMfd.exe" [2007-05-01 12:09 131072]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

 

C:\Documents and Settings\Simen\Start-meny\Programmer\Oppstart\

DesktopEarth AutoStart.lnk - C:\Documents and Settings\Simen\Programdata\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-05-01 21:34:34 29926]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-07 16:56:48 67128]

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-03-07 16:56:01 784912]

Wireless Connection Manager.lnk - C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe [2007-11-23 18:35:51 12693504]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\programfiler\fellesfiler\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Simen^Start-meny^Programmer^Oppstart^YouTube Uploader.lnk]

path=C:\Documents and Settings\Simen\Start-meny\Programmer\Oppstart\YouTube Uploader.lnk

backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

--a------ 2007-12-04 06:57 2494464 C:\Programfiler\Electronic Arts\EADM\Core.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-30 10:36 267048 C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-28 23:37 413696 C:\Programfiler\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-04-29 16:35 1271032 c:\progra~1\steam\steam.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Steam\\SteamApps\\common\\lost planet extreme condition\\LostPlanetDX9.exe"=

"C:\\Programfiler\\Steam\\SteamApps\\ferrarien\\counter-strike source\\hl2.exe"=

"C:\\Programfiler\\eMule\\emule.exe"=

"C:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"C:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\GameSpy\\Comrade\\Comrade.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"C:\\Programfiler\\Steam\\Steam.exe"=

"C:\\Programfiler\\BitComet\\BitComet.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\EA GAMES\\MOHAA.exe"=

"C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=

"C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=

"C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\Programfiler\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"C:\\Programfiler\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=

"C:\\Programfiler\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=

"C:\\Programfiler\\Counter-Strike 1.6\\hl.exe"=

"C:\\WINDOWS\\system32\\winver.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"11725:TCP"= 11725:TCP:BitComet 11725 TCP

"11725:UDP"= 11725:UDP:BitComet 11725 UDP

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R3 SaiH80C1;SaiH80C1;C:\WINDOWS\system32\DRIVERS\SaiH80C1.sys [2007-10-05 04:19]

R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 08:00]

S3 cpuz126;cpuz126;C:\Programfiler\PC Wizard 2007\pcwiz32.sys [2006-12-14 15:00]

S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-06 20:26]

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-12 09:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-05-09 15:04:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-09 17:02:28

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe

C:\Programfiler\DesktopEarth\DesktopEarth.exe

.

**************************************************************************

.

Completion time: 2008-05-09 17:11:11 - machine was rebooted [simen]

ComboFix-quarantined-files.txt 2008-05-09 15:11:08

 

Pre-Run: 36,036,567,040 byte ledig

Post-Run: 41,989,255,168 byte ledig

 

321 --- E O F --- 2008-05-09 14:24:00

 

Håper dere får noe ut av det jeg har postet

[norbat]

Ser rimelig greit ut.

 

Du kan fjerne følgende fil: C:\WINDOWS\system32\dllcache\OLD18.tmp

Mappa dllcache er en skjult systemmappe. Du gjør den synlig ved å åpne mappealternativer->vis fra kontrollpanelet. Fjern merket framfor 'Skjul beskyttede operativsystemfiler", samt sett merke framfor "Vis skjulte filer og mapper".

 

Vurder om Messenger Plus! Live er noe du må ha. Hvis ikke, avinstaller evt. fjern

mappa C:\Programfiler\Messenger Plus! Live

[Lami]

Ja, trenger det. Men er det sikkert å slette den old18.tmp filen?

[norbat]

Mye tyder på at den fila kan tilhøre en infeksjon. Hvis du er usikker på den, så kan forandre navn på den til f.eks. OLD18.tmp.bak og se om ting og tang kjører som normalt. Hvis, så kan du fjerne fila etter hvert.

[Lami]

Nei, jeg får forsatt ikke til å gå til en onlineskanner i IE. Jeg har slettet den old18.tmp som jeg sier, jeg hjalp ikke

[snippsat]

Hva er problemet ditt nå?

Du trenger ikke og scanne i sikkerhetmodus etter dette vi har gått imellom nå er du ren for virus-spyware.

 

Virker pcen greit i normalmodus?

Endret 12. mai 2008 av SNIPPSAT

[Lami]

Det er bare at nettverket ikke virker i sikkermodus med nettverk, også er bare når jeg skrur av eller starter på nytt maskinen så kommer det opp blue skreen med at det har oppstått et problem els.., sykt irriterende!

Endret 12. mai 2008 av Lami

[snippsat]

Bluescreen har en stopcode på skjermen.

Denne må du skrive ned og poste.

 

Dette gjør at den ikke restarter ved feil.

 

Kontrollpanel->system->avansert->oppstart og gjenoppretting->systemfeil

Fjern hake V "starte på nytt automatisk"

Liten minnedump (64kb)

%SystemRoot%\Minidump------>flier som kan feilsøkes med windbg.

Endret 12. mai 2008 av SNIPPSAT

[Lami]

Dette er stopcoden: *** STOP: 0x0000008E (0XC0000005, 0X80525976, 0XA41CBC3C, 0X00000000)

 

Kan du finne ut av hva dette betyr?

[snippsat]

Start med dette.

 

http://www.memtest.org/#downiso

Last ned.

Download - Pre-Compiled Bootable ISO (.zip)

 

Høyere klikk på iso fil åpne i ditt brenneprogram.

Dette lager en boot-cd.

 

Restart i bios ha cd førse boot.

Boot-cd memtest stater auto.

Kun 0 feil er ok(rød skrift er feil)

 

Er dette ok gå videre.

c:\windows\Minidump(her ligger det en fil xxxx.dmp)

Denne må feilsøkes i windbg.

Kan ta mere om det senere.

Endret 13. mai 2008 av SNIPPSAT

[Lami]

Memtest har stått på i 6 timer og jeg orker ikke mere

Men jeg fant noe..

......... Errors

1

 

Tst

7

 

Pass

2

 

Failing Address

0002a4b6ad4

 

Good

bd6f8c56

 

Bad

bd6f00c56

 

Err-Bits

00008000

 

Count

1

 

Chan

 

 

(dette sto på erroret)

 

Skrev det meste..

 

det gikk ikke akkurat an å fjerne det

Endret 15. mai 2008 av Lami

[Lami]

Ingen som kan hjelpe lengre?

[snippsat]

Ok memtest kan ikke ha feil.

Det er 9 tester får du feil i en av er det bare og stoppe.

 

Og gjøre dette.

 

Øk spenning til minnet litt,forrsatt feil test 1 og 1 brikke.

 

Hovedkort og minnetype?

Endret 18. mai 2008 av SNIPPSAT

[Lami]

Hvordan øker jeg spenningen til minnet?

 

Minnetype: 4x512mb Corsair DDR-SDRAM PC3200 (200MHz).

Hovedkort: MSI K8 Neo4 (MS-7125)

Endret 18. mai 2008 av Lami