Lami Skrevet 7. mai 2008 Del Skrevet 7. mai 2008 (endret) Jeg skulle starte i Sikkerhetsmodus med nettverk, fordi jeg skulle skanne maskinen min for drit, virus osv, men når jeg startet i Sikkerhetsmodus med nettverk så er det ingen internettforbindelse. Det går ikke ann å reparere eller deaktivere nettverket fordi den reagerer ikke, men internett funker i normal modus. Men når jeg åpner Mozilla så virker noen sider (i sikkerhetsmodus med nettverk) Hjelp her folkens Endret 7. mai 2008 av Lami Lenke til kommentar
snippsat Skrevet 7. mai 2008 Del Skrevet 7. mai 2008 Hei du får laste ned disse så får vi se hvordan det ser ut. Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
Lami Skrevet 7. mai 2008 Forfatter Del Skrevet 7. mai 2008 Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:07:51, on 07.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Microsoft IntelliPoint\ipoint.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Saitek\SD6\Software\ProfilerU.exe C:\Programfiler\Saitek\SD6\Software\SaiMfd.exe C:\WINDOWS\system32\iqhwskmb.exe C:\WINDOWS\system32\regsvr32.exe C:\Documents and Settings\Simen\Lokale innstillinger\Programdata\Google\Update\1.1.25.0\GoogleUpdate.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE C:\Programfiler\DesktopEarth\DesktopEarth.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\eMule\emule.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe" O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: (no name) - {5AEF1C19-4A11-BD7B-8A71-09AE4323EA56} - C:\WINDOWS\system32\cbhfdzfp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ProfilerU] C:\Programfiler\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Programfiler\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [iqhwskmb] C:\WINDOWS\system32\iqhwskmb.exe O4 - HKLM\..\Run: [zivynkbq] regsvr32 /u "C:\Documents and Settings\All Users\Programdata\zivynkbq.dll" O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FELLES~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Simen\Lokale innstillinger\Programdata\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKLM\..\Policies\Explorer\Run: [zfk0ONOcwa] C:\WINDOWS\system32\winver.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: DesktopEarth AutoStart.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Wireless Connection Manager.lnk = C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: My IP Suite - {FB5F1910-F110-11d2-BB9E-80C04F795683} - C:\Programfiler\My IP Suite\MyIPSuite.exe O9 - Extra 'Tools' menuitem: My IP Suite - {FB5F1910-F110-11d2-BB9E-80C04F795683} - C:\Programfiler\My IP Suite\MyIPSuite.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198181166637 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O24 - Desktop Component 1: Travian - Nettspill - Romere, Gallere & Germanere - http://www.travian.no/ -- End of file - 11522 bytes Maskinen min kræsjet når jeg kjørte ComboFix Men der over var det fra HijackThis Lenke til kommentar
snippsat Skrevet 7. mai 2008 Del Skrevet 7. mai 2008 (endret) Ja rydder litt først. Du kan prøve combofix etter dette,last ned på nytt disable antivirus før du kjører. Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe" O2 - BHO: (no name) - {5AEF1C19-4A11-BD7B-8A71-09AE4323EA56} - C:\WINDOWS\system32\cbhfdzfp.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [iqhwskmb] C:\WINDOWS\system32\iqhwskmb.exe O4 - HKLM\..\Run: [zivynkbq] regsvr32 /u "C:\Documents and Settings\All Users\Programdata\zivynkbq.dll" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Simen\Lokale innstillinger\Programdata\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en O4 - HKLM\..\Policies\Explorer\Run: [zfk0ONOcwa] C:\WINDOWS\system32\winver.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programfiler\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" --- Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) --- Restart og en ny HijackThis logg. Endret 7. mai 2008 av SNIPPSAT Lenke til kommentar
Lami Skrevet 8. mai 2008 Forfatter Del Skrevet 8. mai 2008 Fra SAS Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 05/08/2008 at 05:07 PM Application Version : 4.0.1154 Core Rules Database Version : 3455 Trace Rules Database Version: 1447 Scan type : Complete Scan Total Scan Time : 00:55:12 Memory items scanned : 532 Memory threats detected : 1 Registry items scanned : 5369 Registry threats detected : 22 File items scanned : 47411 File threats detected : 95 Trojan.Unclassified/CmdUtil C:\DOCUMENTS AND SETTINGS\ALL USERS\PROGRAMDATA\ZIVYNKBQ.DLL C:\DOCUMENTS AND SETTINGS\ALL USERS\PROGRAMDATA\ZIVYNKBQ.DLL C:\PROGRAMFILER\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20080508-085249-181.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{3695133A-1E93-4ED0-9A65-73CF4311E928}\RP222\A0119524.DLL Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} HKU\S-1-5-21-1292428093-1770027372-839522115-1003\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} HKCR\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} Adware.Tracking Cookie C:\Documents and Settings\Simen\Cookies\simen@serving-sys[2].txt C:\Documents and Settings\Simen\Cookies\[email protected][2].txt C:\Documents and Settings\Simen\Cookies\simen@crackserialkeygen[2].txt C:\Documents and Settings\Simen\Cookies\[email protected][2].txt C:\Documents and Settings\Simen\Cookies\simen@statcounter[2].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt C:\Documents and Settings\Simen\Cookies\simen@cgi-bin[2].txt C:\Documents and Settings\Simen\Cookies\[email protected][2].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt C:\Documents and Settings\Simen\Cookies\simen@webstat[1].txt C:\Documents and Settings\Simen\Cookies\simen@interclick[2].txt C:\Documents and Settings\Simen\Cookies\simen@pro-market[2].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt C:\Documents and Settings\Simen\Cookies\[email protected][2].txt C:\Documents and Settings\Simen\Cookies\simen@apmebf[1].txt C:\Documents and Settings\Simen\Cookies\simen@burstnet[1].txt C:\Documents and Settings\Simen\Cookies\simen@clicktorrent[2].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt C:\Documents and Settings\Simen\Cookies\simen@insightexpressai[1].txt C:\Documents and Settings\Simen\Cookies\[email protected][2].txt C:\Documents and Settings\Simen\Cookies\simen@adtech[1].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt C:\Documents and Settings\Simen\Cookies\simen@advertising[1].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt C:\Documents and Settings\Simen\Cookies\simen@tradedoubler[1].txt C:\Documents and Settings\Simen\Cookies\simen@i[1].txt C:\Documents and Settings\Simen\Cookies\simen@specificclick[2].txt C:\Documents and Settings\Simen\Cookies\simen@adinterax[2].txt C:\Documents and Settings\Simen\Cookies\simen@web-stat[2].txt C:\Documents and Settings\Simen\Cookies\simen@linksynergy[1].txt C:\Documents and Settings\Simen\Cookies\simen@atdmt[2].txt C:\Documents and Settings\Simen\Cookies\simen@casalemedia[2].txt C:\Documents and Settings\Simen\Cookies\[email protected][2].txt C:\Documents and Settings\Simen\Cookies\simen@windowsmedia[2].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt C:\Documents and Settings\Simen\Cookies\simen@hitbox[2].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt C:\Documents and Settings\Simen\Cookies\simen@kontera[1].txt C:\Documents and Settings\Simen\Cookies\simen@doubleclick[1].txt C:\Documents and Settings\Simen\Cookies\simen@keygenguru[2].txt C:\Documents and Settings\Simen\Cookies\simen@247realmedia[2].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt C:\Documents and Settings\Simen\Cookies\simen@sexynatalie[2].txt C:\Documents and Settings\Simen\Cookies\[email protected][1].txt C:\Documents and Settings\Simen\Cookies\[email protected][2].txt C:\Documents and Settings\Simen\Cookies\[email protected][2].txt Trojan.Unknown Origin HKLM\SOFTWARE\Microsoft\MSSMGR HKLM\SOFTWARE\Microsoft\MSSMGR#Data HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST HKLM\SOFTWARE\Microsoft\MSSMGR#PID HKLM\SOFTWARE\Microsoft\MSSMGR#Rid HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV Trojan.DNSChanger-Codec HKU\S-1-5-21-1292428093-1770027372-839522115-1003\Software\uninstall Rogue.PC-Cleaner HKU\S-1-5-21-1292428093-1770027372-839522115-1003\Software\fwbd HKU\S-1-5-21-1292428093-1770027372-839522115-1003\Software\HolLol HKU\S-1-5-21-1292428093-1770027372-839522115-1003\Software\mwc HKU\S-1-5-21-1292428093-1770027372-839522115-1003\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SystemCheck2 Trojan.Fake-Drop/Gen C:\WINDOWS\SYSTEM32\AKTTZN.EXE C:\WINDOWS\SYSTEM32\ANTICIPATOR.DLL C:\WINDOWS\SYSTEM32\AWTOOLB.DLL C:\WINDOWS\SYSTEM32\BDN.COM C:\WINDOWS\SYSTEM32\H@TKEYSH@@K.DLL C:\WINDOWS\SYSTEM32\HOPROXY.DLL C:\WINDOWS\SYSTEM32\HXIWLGPM.DAT C:\WINDOWS\SYSTEM32\HXIWLGPM.EXE C:\WINDOWS\SYSTEM32\MEDUP012.DLL C:\WINDOWS\SYSTEM32\MEDUP020.DLL C:\WINDOWS\SYSTEM32\MSGP.EXE C:\WINDOWS\SYSTEM32\MSNBHO.DLL C:\WINDOWS\SYSTEM32\MSSECU.EXE C:\WINDOWS\SYSTEM32\MSVCHOST.EXE C:\WINDOWS\SYSTEM32\MTR2.EXE C:\WINDOWS\SYSTEM32\MWIN32.EXE C:\WINDOWS\SYSTEM32\NETODE.EXE C:\WINDOWS\SYSTEM32\NEWSD32.EXE C:\WINDOWS\SYSTEM32\PS1.EXE C:\WINDOWS\SYSTEM32\REGC64.DLL C:\WINDOWS\SYSTEM32\REGM64.DLL C:\WINDOWS\SYSTEM32\RUNDL1.EXE C:\WINDOWS\SYSTEM32\SSURF022.DLL C:\WINDOWS\SYSTEM32\SSVCHOST.COM C:\WINDOWS\SYSTEM32\SSVCHOST.EXE C:\WINDOWS\SYSTEM32\SYSREQ.EXE C:\WINDOWS\SYSTEM32\TAACK.DAT C:\WINDOWS\SYSTEM32\TAACK.EXE C:\WINDOWS\SYSTEM32\TEMP#01.EXE C:\WINDOWS\SYSTEM32\THUN.DLL C:\WINDOWS\SYSTEM32\THUN32.DLL C:\WINDOWS\SYSTEM32\VBIEWER.OCX C:\WINDOWS\SYSTEM32\VBSYS2.DLL C:\WINDOWS\SYSTEM32\VCATCHPI.DLL C:\WINDOWS\SYSTEM32\WINLOGONPC.EXE C:\WINDOWS\SYSTEM32\WINSYSTEM.EXE C:\WINDOWS\SYSTEM32\WINWGPX.EXE Dpcproxy C:\WINDOWS\SYSTEM32\DPCPROXY.EXE Trojan.Unclassified/Multi-Dropper C:\WINDOWS\SYSTEM32\IQHWSKMB.EXE C:\WINDOWS\Prefetch\IQHWSKMB.EXE-12A09083.pf Unclassified.Unknown Origin/System C:\WINDOWS\SYSTEM32\PSOF1.EXE Adware.Pacer D C:\WINDOWS\SYSTEM32\PSOFT1.EXE Trojan.Dluca-I C:\WINDOWS\SYSTEM32\SNCNTR.EXE Fra HijackThis: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:08, on 2008-05-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\TBPanel.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Microsoft IntelliPoint\ipoint.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Saitek\SD6\Software\ProfilerU.exe C:\Programfiler\Saitek\SD6\Software\SaiMfd.exe C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe C:\Programfiler\DesktopEarth\DesktopEarth.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programfiler\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ProfilerU] C:\Programfiler\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Programfiler\Saitek\SD6\Software\SaiMfd.exe O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FELLES~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: DesktopEarth AutoStart.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Wireless Connection Manager.lnk = C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: My IP Suite - {FB5F1910-F110-11d2-BB9E-80C04F795683} - C:\Programfiler\My IP Suite\MyIPSuite.exe O9 - Extra 'Tools' menuitem: My IP Suite - {FB5F1910-F110-11d2-BB9E-80C04F795683} - C:\Programfiler\My IP Suite\MyIPSuite.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198181166637 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O24 - Desktop Component 1: Travian - Nettspill - Romere, Gallere & Germanere - http://www.travian.no/ -- End of file - 10682 bytes Lenke til kommentar
norbat Skrevet 8. mai 2008 Del Skrevet 8. mai 2008 Virker som SAS tok og ryddet ordentlig opp. HJT-loggen viser ingen flere infiserte filer. Du kunne ha prøvd å kjøre Combofix igjen (last ned ny versjon). Den kan fortelle om det ligger igjen noen leftovers. Lenke til kommentar
Lami Skrevet 9. mai 2008 Forfatter Del Skrevet 9. mai 2008 Nå har jeg tatt ComboFix og fikk loggen Klikk for å se/fjerne innholdet nedenfor ComboFix 08-05-08.1 - Simen 2008-05-09 16:53:06.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1387 [GMT 2:00] Running from: C:\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\psof1.exe C:\WINDOWS\system32\systeminfo3.dll . ---- Previous Run ------- . C:\Programfiler\akl C:\Programfiler\akl\akl.dll C:\Programfiler\akl\akl.exe C:\Programfiler\akl\uninstall.exe C:\Programfiler\akl\unsetup.exe C:\Programfiler\Inet Delivery C:\Programfiler\Inet Delivery\inetdl.exe C:\Programfiler\Inet Delivery\intdel.exe C:\WINDOWS\a.bat C:\WINDOWS\base64.tmp C:\WINDOWS\bdn.com C:\WINDOWS\FVProtect.exe C:\WINDOWS\iTunesMusic.exe C:\WINDOWS\mslagent C:\WINDOWS\mslagent\2_mslagent.dll C:\WINDOWS\mslagent\mslagent.exe C:\WINDOWS\mslagent\uninstall.exe C:\WINDOWS\mssecu.exe C:\WINDOWS\system32\bsva-egihsg52.exe C:\WINDOWS\system32\emesx.dll C:\WINDOWS\system32\smp C:\WINDOWS\system32\smp\msrc.exe C:\WINDOWS\system32\winupdate.exe C:\WINDOWS\userconfig9x.dll C:\WINDOWS\Web\def.htm C:\WINDOWS\winsystem.exe C:\WINDOWS\zip1.tmp C:\WINDOWS\zip2.tmp C:\WINDOWS\zip3.tmp C:\WINDOWS\zipped.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))) . 2008-05-09 16:52 . 2008-05-09 16:52 1,856,057 --a------ C:\ComboFix.exe 2008-05-09 16:31 . 2005-01-18 14:23 628,736 --a------ C:\WINDOWS\system32\ltocx12n.ocx 2008-05-09 16:31 . 2005-01-18 17:35 458,752 --a------ C:\WINDOWS\system32\LCamCpl.dll 2008-05-09 16:31 . 2005-01-18 17:36 282,624 --a------ C:\WINDOWS\system32\camcpl.cpl 2008-05-09 16:31 . 2005-01-18 14:23 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll 2008-05-09 16:31 . 2005-01-18 14:23 192,512 --a------ C:\WINDOWS\system32\ltscr12n.ocx 2008-05-09 16:31 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe 2008-05-09 16:31 . 2003-06-09 19:39 29,795 --a------ C:\WINDOWS\system32\ITIG726.acm 2008-05-08 16:09 . 2008-05-08 16:09 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-05-08 16:09 . 2008-05-08 16:09 <DIR> d-------- C:\Documents and Settings\Simen\Programdata\SUPERAntiSpyware.com 2008-05-08 16:09 . 2008-05-08 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-05-08 16:09 . 2008-05-08 16:09 6,291,992 --a------ C:\SUPERAntiSpywarePro.exe 2008-05-07 21:12 . 2008-05-09 16:53 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-07 21:07 . 2008-05-07 21:07 <DIR> d-------- C:\Programfiler\Trend Micro 2008-05-06 18:40 . 2008-05-06 18:40 <DIR> d-------- C:\Programfiler\Fellesfiler\TechSmith Shared 2008-05-06 18:20 . 2008-05-06 18:22 41,157,120 --a------ C:\camtasia.msi 2008-05-06 17:56 . 2008-05-06 18:04 <DIR> d-------- C:\Fraps 2008-05-06 16:29 . 2008-05-06 18:19 <DIR> d-------- C:\Programfiler\Game Cam V2 2008-05-04 21:18 . 2007-11-23 17:04 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-05-04 21:18 . 2007-11-23 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-05-04 21:18 . 2007-11-23 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-05-04 21:18 . 2007-11-23 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-05-04 21:18 . 2007-11-23 17:04 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-05-04 21:18 . 2007-11-23 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-05-04 21:18 . 2007-11-23 17:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-05-04 21:18 . 2008-05-09 16:56 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-05-04 21:18 . 2007-11-23 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-05-04 21:18 . 2007-11-23 17:04 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-05-04 21:18 . 2008-05-04 21:18 <DIR> d-------- C:\Documents and Settings\Administrator 2008-05-04 21:18 . 2008-05-09 16:53 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG 2008-05-04 19:57 . 2008-05-04 20:44 15,452,536 --a------ C:\IE7-WindowsXP-x86-enu.exe 2008-05-04 19:31 . 2008-05-04 19:31 268 --ah----- C:\sqmdata12.sqm 2008-05-04 19:31 . 2008-05-04 19:31 244 --ah----- C:\sqmnoopt12.sqm 2008-05-01 21:34 . 2008-05-01 21:42 <DIR> d-------- C:\Programfiler\DesktopEarth 2008-05-01 21:26 . 2008-05-01 21:33 6,536,704 --a------ C:\DesktopEarthSetup.msi 2008-05-01 16:17 . 2008-05-02 10:50 <DIR> d-------- C:\Programfiler\Counter-Strike 1.6 2008-05-01 16:17 . 2008-05-01 16:17 <DIR> dr-h----- C:\Documents and Settings\Simen\Programdata\SecuROM 2008-04-30 12:38 . 2008-04-30 12:38 <DIR> d-------- C:\Programfiler\Duplicate Music Files Finder 2008-04-30 12:37 . 2008-04-30 12:37 931,776 --a------ C:\dmff_installer.exe 2008-04-26 13:40 . 2004-08-04 09:55 277,504 --a--c--- C:\WINDOWS\system32\dllcache\OLD18.tmp 2008-04-26 10:30 . 2008-04-26 10:31 <DIR> d-------- C:\Programfiler\MagicISO 2008-04-26 10:15 . 2001-10-09 14:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx 2008-04-25 22:23 . 2008-04-25 22:25 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-04-25 22:23 . 2008-04-25 22:23 <DIR> d-------- C:\Programfiler\Microsoft.NET 2008-04-25 22:17 . 2008-04-25 22:17 90,112 --a------ C:\Arbeidsplan uke17.doc 2008-04-25 17:20 . 2008-04-25 18:35 385,524,406 --a------ C:\bf2142_update_1.40.exe 2008-04-25 14:50 . 2008-04-25 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Elaborate Bytes 2008-04-25 14:48 . 2008-04-25 14:51 85 ---hs---- C:\Documents and Settings\All Users\Programdata\.zreglib 2008-04-25 14:44 . 2008-04-25 14:44 48 --ahs---- C:\WINDOWS\SB619D7AC.tmp 2008-04-25 14:39 . 2008-04-25 14:53 <DIR> d-------- C:\Programfiler\Elaborate Bytes 2008-04-25 14:38 . 2008-04-25 14:38 5,063,664 --a------ C:\SetupCloneDVD2917Slysoft.exe 2008-04-25 08:15 . 2008-04-25 08:15 372,224 --a------ C:\NORWEG~1.MSWMM 2008-04-22 14:36 . 2008-04-25 14:38 <DIR> d-------- C:\Programfiler\CloneDVD 2008-04-22 14:36 . 2008-04-25 14:38 <DIR> d-------- C:\Documents and Settings\Simen\Programdata\Vso 2008-04-22 14:36 . 2008-04-22 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DVDXStudio 2008-04-22 14:36 . 2008-04-25 14:38 81,920 --a------ C:\Documents and Settings\Simen\Programdata\ezpinst.exe 2008-04-22 14:36 . 2008-04-22 14:36 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-04-22 14:36 . 2008-04-25 14:38 47,360 --a------ C:\Documents and Settings\Simen\Programdata\pcouffin.sys 2008-04-22 14:32 . 2008-04-22 14:32 9,725,972 --a------ C:\CloneDVDSetup.exe 2008-04-20 22:53 . 2008-04-20 22:53 <DIR> d-------- C:\Programfiler\Alcohol Soft 2008-04-20 20:31 . 2008-04-20 20:32 10,121,656 --a------ C:\Alcohol120_trial_1.9.7.6221.exe 2008-04-20 20:31 . 2008-04-20 20:31 2,751,368 --a------ C:\ccsetup206.exe 2008-04-16 21:08 . 2008-04-25 08:41 <DIR> d-------- C:\Documents and Settings\Simen\Programdata\U3 2008-04-16 21:02 . 2008-04-17 16:00 <DIR> d-------- C:\Programfiler\Musikk 2008-04-16 21:01 . 2008-05-09 16:26 <DIR> d---s---- C:\Musikk 2008-04-16 15:01 . 2008-04-16 18:14 <DIR> d-------- C:\Documents and Settings\Simen\Programdata\GetRightToGo 2008-04-16 15:00 . 2008-04-16 14:59 364,160 --a------ C:\ETQW-client-1-0-1-4-update-exe.exe 2008-04-15 20:28 . 2008-04-15 20:28 314 --a------ C:\WINDOWS\game.ini 2008-04-15 20:07 . 2008-04-15 20:07 <DIR> d-------- C:\Programfiler\id Software 2008-04-15 20:05 . 2008-04-15 20:05 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-04-14 19:39 . 2008-04-14 19:39 <DIR> d-------- C:\Programfiler\Saitek 2008-04-14 19:39 . 2008-04-14 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Saitek . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-09 14:48 --------- d-----w C:\Programfiler\eMule 2008-05-09 14:31 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2008-05-09 14:30 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-05-09 14:30 --------- d-----w C:\Programfiler\Logitech 2008-05-08 14:09 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-06 17:20 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-05-05 13:38 --------- d-----w C:\Programfiler\Steam 2008-05-02 09:28 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-05-01 13:50 --------- d-----w C:\Programfiler\Ubisoft 2008-04-26 08:26 --------- d-----w C:\Programfiler\Evrsoft First Page 2006 2008-04-25 12:41 --------- d-----w C:\Programfiler\Yahoo! 2008-04-23 16:47 --------- d-----w C:\Documents and Settings\Simen\Programdata\CyberLink 2008-04-23 16:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\CyberLink 2008-04-21 15:51 --------- d-----w C:\Programfiler\EA GAMES 2008-04-15 18:28 22,328 ----a-w C:\Documents and Settings\Simen\Programdata\PnkBstrK.sys 2008-04-07 20:33 --------- d-----w C:\Documents and Settings\All Users\Programdata\LogiShrd 2008-04-07 20:32 --------- d-----w C:\Programfiler\Fellesfiler\Logishrd 2008-04-04 16:16 --------- d-----w C:\Programfiler\CSStrat 2008-04-04 15:02 --------- d-----w C:\Programfiler\DAEMON Tools Lite 2008-04-04 14:52 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-04 14:52 --------- d-----w C:\Documents and Settings\Simen\Programdata\DAEMON Tools 2008-04-04 13:59 --------- d-----w C:\Programfiler\Java 2008-04-03 20:36 --------- d-----w C:\Programfiler\Red Kawa 2008-04-03 20:36 --------- d-----w C:\Programfiler\AviSynth 2.5 2008-04-03 17:19 --------- d-----w C:\Documents and Settings\Simen\Programdata\Apple Computer 2008-04-03 17:18 --------- d-----w C:\Programfiler\iTunes 2008-04-03 17:18 --------- d-----w C:\Programfiler\iPod 2008-04-03 17:17 --------- d-----w C:\Programfiler\Bonjour 2008-04-03 17:17 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-04-03 17:16 --------- d-----w C:\Programfiler\QuickTime 2008-04-03 17:13 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2008-04-03 16:03 --------- d-----w C:\Programfiler\Messenger Plus! Live 2008-03-16 14:14 --------- d-----w C:\Programfiler\Streamripper 2008-03-16 14:12 --------- d-----w C:\Documents and Settings\Simen\Programdata\streamripper 2008-03-16 14:06 --------- d-----w C:\Programfiler\Winamp 2008-03-13 14:37 --------- d-----w C:\Programfiler\PerformanceTest 2008-03-13 07:36 --------- d-----w C:\Programfiler\SystemRequirementsLab 2008-03-11 18:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-03-11 13:38 --------- d-----w C:\Programfiler\Task Killer 2008-03-11 13:16 --------- d-----w C:\Programfiler\HandyBits 2008-03-10 14:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Messenger Plus! 2008-03-10 14:32 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-03-09 18:24 --------- d-----w C:\Programfiler\HP 2008-03-07 16:19 2,733,520 ----a-w C:\ccsetup205.exe 2008-03-05 13:58 65,094 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-03-05 13:58 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-03-04 20:34 1,090,568 ----a-w C:\pstrip.exe 2008-03-03 15:10 1,311,740 ----a-w C:\MyIPSuite.exe 2008-02-25 09:44 603,176 ----a-w C:\autoruns.exe 2008-02-25 09:44 513,064 ----a-w C:\autorunsc.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="" [] "Update Service"="C:\PROGRA~1\FELLES~1\TEKNUM~1\update.exe" [2008-01-23 18:03 19456] "LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-03-07 16:56 67128] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856] "AlcoholAutomount"="C:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="C:\WINDOWS\TBPanel.exe" [2007-06-26 08:56 2173480] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 08:45 90112 C:\WINDOWS\soundman.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 101136 C:\WINDOWS\KHALMNPR.Exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 101136 C:\WINDOWS\KHALMNPR.Exe] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 01:52 849280] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-06 20:26 29744] "Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "ProfilerU"="C:\Programfiler\Saitek\SD6\Software\ProfilerU.exe" [2007-05-01 12:09 233472] "SaiMfd"="C:\Programfiler\Saitek\SD6\Software\SaiMfd.exe" [2007-05-01 12:09 131072] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] C:\Documents and Settings\Simen\Start-meny\Programmer\Oppstart\ DesktopEarth AutoStart.lnk - C:\Documents and Settings\Simen\Programdata\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-05-01 21:34:34 29926] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-07 16:56:48 67128] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-03-07 16:56:01 784912] Wireless Connection Manager.lnk - C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe [2007-11-23 18:35:51 12693504] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\programfiler\fellesfiler\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Simen^Start-meny^Programmer^Oppstart^YouTube Uploader.lnk] path=C:\Documents and Settings\Simen\Start-meny\Programmer\Oppstart\YouTube Uploader.lnk backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] --a------ 2007-12-04 06:57 2494464 C:\Programfiler\Electronic Arts\EADM\Core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Programfiler\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-04-29 16:35 1271032 c:\progra~1\steam\steam.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Steam\\SteamApps\\common\\lost planet extreme condition\\LostPlanetDX9.exe"= "C:\\Programfiler\\Steam\\SteamApps\\ferrarien\\counter-strike source\\hl2.exe"= "C:\\Programfiler\\eMule\\emule.exe"= "C:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "C:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\GameSpy\\Comrade\\Comrade.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\Steam\\Steam.exe"= "C:\\Programfiler\\BitComet\\BitComet.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\EA GAMES\\MOHAA.exe"= "C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"= "C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"= "C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Programfiler\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "C:\\Programfiler\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"= "C:\\Programfiler\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"= "C:\\Programfiler\\Counter-Strike 1.6\\hl.exe"= "C:\\WINDOWS\\system32\\winver.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11725:TCP"= 11725:TCP:BitComet 11725 TCP "11725:UDP"= 11725:UDP:BitComet 11725 UDP R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R3 SaiH80C1;SaiH80C1;C:\WINDOWS\system32\DRIVERS\SaiH80C1.sys [2007-10-05 04:19] R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 08:00] S3 cpuz126;cpuz126;C:\Programfiler\PC Wizard 2007\pcwiz32.sys [2006-12-14 15:00] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-06 20:26] S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16] . Contents of the 'Scheduled Tasks' folder "2008-03-12 09:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-05-09 15:04:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-09 17:02:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Windows Defender\MsMpEng.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe C:\Programfiler\DesktopEarth\DesktopEarth.exe . ************************************************************************** . Completion time: 2008-05-09 17:11:11 - machine was rebooted [simen] ComboFix-quarantined-files.txt 2008-05-09 15:11:08 Pre-Run: 36,036,567,040 byte ledig Post-Run: 41,989,255,168 byte ledig 321 --- E O F --- 2008-05-09 14:24:00 Håper dere får noe ut av det jeg har postet Lenke til kommentar
norbat Skrevet 9. mai 2008 Del Skrevet 9. mai 2008 Ser rimelig greit ut. Du kan fjerne følgende fil: C:\WINDOWS\system32\dllcache\OLD18.tmp Mappa dllcache er en skjult systemmappe. Du gjør den synlig ved å åpne mappealternativer->vis fra kontrollpanelet. Fjern merket framfor 'Skjul beskyttede operativsystemfiler", samt sett merke framfor "Vis skjulte filer og mapper". Vurder om Messenger Plus! Live er noe du må ha. Hvis ikke, avinstaller evt. fjern mappa C:\Programfiler\Messenger Plus! Live Lenke til kommentar
Lami Skrevet 9. mai 2008 Forfatter Del Skrevet 9. mai 2008 Ja, trenger det. Men er det sikkert å slette den old18.tmp filen? Lenke til kommentar
norbat Skrevet 9. mai 2008 Del Skrevet 9. mai 2008 Mye tyder på at den fila kan tilhøre en infeksjon. Hvis du er usikker på den, så kan forandre navn på den til f.eks. OLD18.tmp.bak og se om ting og tang kjører som normalt. Hvis, så kan du fjerne fila etter hvert. Lenke til kommentar
Lami Skrevet 12. mai 2008 Forfatter Del Skrevet 12. mai 2008 Nei, jeg får forsatt ikke til å gå til en onlineskanner i IE. Jeg har slettet den old18.tmp som jeg sier, jeg hjalp ikke Lenke til kommentar
snippsat Skrevet 12. mai 2008 Del Skrevet 12. mai 2008 (endret) Hva er problemet ditt nå? Du trenger ikke og scanne i sikkerhetmodus etter dette vi har gått imellom nå er du ren for virus-spyware. Virker pcen greit i normalmodus? Endret 12. mai 2008 av SNIPPSAT Lenke til kommentar
Lami Skrevet 12. mai 2008 Forfatter Del Skrevet 12. mai 2008 (endret) Det er bare at nettverket ikke virker i sikkermodus med nettverk, også er bare når jeg skrur av eller starter på nytt maskinen så kommer det opp blue skreen med at det har oppstått et problem els.., sykt irriterende! Endret 12. mai 2008 av Lami Lenke til kommentar
snippsat Skrevet 12. mai 2008 Del Skrevet 12. mai 2008 (endret) Bluescreen har en stopcode på skjermen. Denne må du skrive ned og poste. Dette gjør at den ikke restarter ved feil. Kontrollpanel->system->avansert->oppstart og gjenoppretting->systemfeil Fjern hake V "starte på nytt automatisk" Liten minnedump (64kb) %SystemRoot%\Minidump------>flier som kan feilsøkes med windbg. Endret 12. mai 2008 av SNIPPSAT Lenke til kommentar
Lami Skrevet 13. mai 2008 Forfatter Del Skrevet 13. mai 2008 Dette er stopcoden: *** STOP: 0x0000008E (0XC0000005, 0X80525976, 0XA41CBC3C, 0X00000000) Kan du finne ut av hva dette betyr? Lenke til kommentar
snippsat Skrevet 13. mai 2008 Del Skrevet 13. mai 2008 (endret) Start med dette. http://www.memtest.org/#downiso Last ned. Download - Pre-Compiled Bootable ISO (.zip) Høyere klikk på iso fil åpne i ditt brenneprogram. Dette lager en boot-cd. Restart i bios ha cd førse boot. Boot-cd memtest stater auto. Kun 0 feil er ok(rød skrift er feil) Er dette ok gå videre. c:\windows\Minidump(her ligger det en fil xxxx.dmp) Denne må feilsøkes i windbg. Kan ta mere om det senere. Endret 13. mai 2008 av SNIPPSAT Lenke til kommentar
Lami Skrevet 15. mai 2008 Forfatter Del Skrevet 15. mai 2008 (endret) Memtest har stått på i 6 timer og jeg orker ikke mere Men jeg fant noe.. ......... Errors 1 Tst 7 Pass 2 Failing Address 0002a4b6ad4 Good bd6f8c56 Bad bd6f00c56 Err-Bits 00008000 Count 1 Chan (dette sto på erroret) Skrev det meste.. det gikk ikke akkurat an å fjerne det Endret 15. mai 2008 av Lami Lenke til kommentar
Lami Skrevet 18. mai 2008 Forfatter Del Skrevet 18. mai 2008 Ingen som kan hjelpe lengre? Lenke til kommentar
snippsat Skrevet 18. mai 2008 Del Skrevet 18. mai 2008 (endret) Ok memtest kan ikke ha feil. Det er 9 tester får du feil i en av er det bare og stoppe. Og gjøre dette. Øk spenning til minnet litt,forrsatt feil test 1 og 1 brikke. Hovedkort og minnetype? Endret 18. mai 2008 av SNIPPSAT Lenke til kommentar
Lami Skrevet 18. mai 2008 Forfatter Del Skrevet 18. mai 2008 (endret) Hvordan øker jeg spenningen til minnet? Minnetype: 4x512mb Corsair DDR-SDRAM PC3200 (200MHz). Hovedkort: MSI K8 Neo4 (MS-7125) Endret 18. mai 2008 av Lami Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå