vangsguten Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 (endret) FYI: Acer TravelMate 6463WLMi, Win XP Pro SP2 Jeg har hatt en runde med virus og spyware og fått hjelp av IT-folka på jobb til å bli kvitt skiten. Det kan godt hende jeg er kvitt noe mer også, for som emnetittelen sier, så kommer jeg ikke ut på nettet med noen nettlesere, men e-mail og messenger fungerer fint. Ved oppstart av maskinen får jeg en feilmelding med teksten RUNDLLFeil ved innlasting av C:\WÌNDOWS\System32\svjwaqta.dll Dette virker imidlertid å være særdeles suspekt, for ved oppslag i processlibrary.com er dette en helt ukjent .dll-fil. Jeg har prøvd (i IE) Verktøy > Diagnostiser tilkoblingsproblemer, men ingenting å hente der. Jeg har prøvd lspfix - også uten resultat. Jeg er på nippet til å kjøre Acers eRecovery, men... det er alltid så mye pes med formatering og nyinstalleringer av programmer osv. (selv om det jo også er en del gode argumenter FOR nettopp dette, hmm...) Jeg håper nemlig også å kunne lære noe av dette! Håper noen av dere guruer har noe hokus-pokus på lager! Endret 7. august 2008 av vangsguten Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 (endret) Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Edit: Feilmeldingen får du fordi fila er fjernet, men registeroppføringen henger igjen. Endret 5. juni 2008 av norbat Lenke til kommentar
PerB Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Du bør poste spørsmålet i Antivirus/datasikkerhet for å få riktige svar. Be moderator flytte tråden. Lenke til kommentar
vangsguten Skrevet 6. juni 2008 Forfatter Del Skrevet 6. juni 2008 Du bør poste spørsmålet i Antivirus/datasikkerhet for å få riktige svar. Be moderator flytte tråden. Selvfølgelig - teit av meg å poste dette i et hardware-forum... Lenke til kommentar
snippsat Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 (endret) Selvfølgelig - teit av meg å poste dette i et hardware-forum Ja det gjør ikke noe. Bare følg posten til norbat så får vi se om det er virus-spyware som er grunnen. Denne er nok kjent C:\WÌNDOWS\System32\svjwaqta.dll Ikke filen men type infeksjon som lager mange fine nye navn på dll filer. Og ordnet opp i den registeroppføring. Endret 6. juni 2008 av SNIPPSAT Lenke til kommentar
vangsguten Skrevet 6. juni 2008 Forfatter Del Skrevet 6. juni 2008 (endret) Post loggfilen fra combofix (c:\combofix.txt) Her er logfila fra ComboFix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-06-05.3 - pv1010 2008-06-06 2:01:00.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1506 [GMT 2:00] Running from: C:\Documents and Settings\pv1010\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\pv1010\Mine dokumenter\SKS~1 C:\Documents and Settings\pv1010\Mine dokumenter\SKS~1\??sks\ C:\Programfiler\Helper C:\Programfiler\nvcoi C:\Programfiler\nvcoi\mst.stt C:\Programfiler\Temporary C:\WINDOWS\BM6f3d5941.xml C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pskt.ini C:\WINDOWS\sembly~1 C:\WINDOWS\setup.exe C:\WINDOWS\system32\cjakoqnx.ini C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\dscdrhnn.ini C:\WINDOWS\system32\ebplrdmq.ini C:\WINDOWS\system32\gkjfxlav.ini C:\WINDOWS\system32\hqlrwdkq.ini C:\WINDOWS\system32\kcviudgm.ini C:\WINDOWS\system32\kfjmvioh.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\muyrmjdr.ini C:\WINDOWS\system32\ojlhybep.ini C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pocexmhd.ini C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\qfksmahf.ini C:\WINDOWS\system32\rcsggafi.ini C:\WINDOWS\system32\TCcLknnn.ini C:\WINDOWS\system32\TCcLknnn.ini2 C:\WINDOWS\system32\tftsqgre.ini C:\WINDOWS\system32\tsqeitaa.ini C:\WINDOWS\system32\uktxesaf.ini C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\whnlbyqd.ini C:\WINDOWS\system32\wmhxiutj.ini C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\xEfNnnmp.ini C:\WINDOWS\system32\xEfNnnmp.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 ))))))))))))))))))))))))))))))) . 2008-06-04 13:50 . 2008-06-04 13:50 <DIR> d-------- C:\Documents and Settings\pv1010\Programdata\IEPro 2008-06-04 13:48 . 2008-06-04 13:50 <DIR> d-------- C:\Programfiler\IEPro 2008-06-03 13:11 . 2008-06-03 13:12 <DIR> d-------- C:\temp\lspfix 2008-05-29 08:39 . 2008-05-29 08:39 <DIR> d-------- C:\Programfiler\Alwil Software 2008-05-07 14:09 . 2008-05-07 14:11 <DIR> d-------- C:\Programfiler\Opera . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-15 08:37 --------- d-----w C:\Programfiler\Bibel 2008-05-05 10:23 --------- d-----w C:\Documents and Settings\pv1010\Programdata\Canon 2008-05-05 08:38 --------- d-----w C:\Documents and Settings\pv1010\Programdata\HouseCall 6.6 2008-05-04 19:54 --------- d-----w C:\Documents and Settings\pv1010\Programdata\Azureus 2008-04-27 15:09 --------- d-----w C:\Programfiler\Enigma Software Group 2008-04-22 18:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-04-22 09:01 --------- d-----w C:\Programfiler\FotoKnudsen FotoBok 2008-04-21 15:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-04-21 11:33 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-04-21 11:32 9,722,720 ----a-w C:\spybotsd152.exe 2008-04-17 07:11 --------- d-----w C:\Programfiler\Trend Micro 2008-04-17 07:03 --------- d-----w C:\Documents and Settings\pv1010\Programdata\Desktop Sidebar 2008-04-16 14:12 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-16 14:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-04-16 13:34 102,400 ----a-w C:\WINDOWS\DUMP8ee2.tmp 2008-04-16 13:24 --------- d-----w C:\Programfiler\Lavasoft 2008-04-15 22:51 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-07-05 01:14 61 --sh--w C:\WINDOWS\cnerolf.bin 2007-03-19 11:33 1,160 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-06-13 13:24 141,312 --sh--r C:\WINDOWS\system32\mslrc.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00 15360] "eNMTray.exe"="" [] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592] "H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 17:56 1289000] "Microsoft Corporation Latitude Service"="mslrc.exe" [2007-06-13 15:24 141312 C:\WINDOWS\system32\mslrc.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Corporation Latitude Service"="mslrc.exe" [2007-06-13 15:24 141312 C:\WINDOWS\system32\mslrc.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:03 110592 C:\WINDOWS\system32\bthprops.cpl] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 02:56 16261632 C:\WINDOWS\RTHDCPL.exe] "AzMixerSel"="C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 04:45 53248] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 01:16 761946] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 22:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 22:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 22:17 118784] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 11:39 225280] "LogitechCameraAssistant"="C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 16:47 331776] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 19:22 262144] "Microsoft Corporation Latitude Service"="mslrc.exe" [2007-06-13 15:24 141312 C:\WINDOWS\system32\mslrc.exe] "BM6f3d5941"="C:\WINDOWS\system32\svjwaqta.dll" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Corporation Latitude Service"="mslrc.exe" [2007-06-13 15:24 141312 C:\WINDOWS\system32\mslrc.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 21:00 15360] "DWQueuedReporting"="c:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264] C:\Documents and Settings\pv1010\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN] IfxWlxEN.dll 2006-03-10 01:20 434176 C:\WINDOWS\system32\IfxWlxEN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cks20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dlt21.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fmt86.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fow33.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Iqy10.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Iqy76.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oxg21.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pxg08.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ven87.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xgo76.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GraviSense] --a------ 2006-09-04 19:18 4132864 C:\Acer\GraviSense\GraviSense.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 21:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2006-09-11 20:20 647168 C:\PROGRA~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] --a------ 2006-06-26 16:55 73728 C:\Programfiler\Acer\OrbiCam\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Programfiler\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] --a------ 2004-08-04 21:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI] --a------ 2006-05-15 12:15 45056 C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder] --a------ 2003-07-07 10:29 729088 D:\Programfiler\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 12:00 49152 D:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-04 21:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-04 21:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 21:24 32768 C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --a------ 2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 03:43 83608 C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LightScribeService"=2 (0x2) "gusvc"=3 (0x3) "Fax"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\Programfiler\Microsoft ActiveSync\rapimgr.exe"= C:\Programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"= C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"= C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\IEPro\\MiniDM.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-16 03:36] R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 02:01] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-11-29 04:50] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 14:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 19:08] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-20 21:19] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-18 22:20] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 11:40] S3 Cks20;Cks20;C:\WINDOWS\System32\drivers\Cks20.sys [] S3 Fmt86;Fmt86;C:\WINDOWS\System32\drivers\Fmt86.sys [] S3 Fow33;Fow33;C:\WINDOWS\System32\drivers\Fow33.sys [] S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2007-02-21 23:42] S3 Iqy10;Iqy10;C:\WINDOWS\System32\drivers\Iqy10.sys [] S3 Iqy76;Iqy76;C:\WINDOWS\System32\drivers\Iqy76.sys [] S3 Oxg21;Oxg21;C:\WINDOWS\System32\drivers\Oxg21.sys [] S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-08-31 21:18] S3 Ven87;Ven87;C:\WINDOWS\System32\drivers\Ven87.sys [] S3 Xgo76;Xgo76;C:\WINDOWS\System32\drivers\Xgo76.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c26e8d1-1b83-11dc-aecb-0016cee5a4f8}] \Shell\AutoRun\command - J:\dvdcheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{32E0B761-8486-C450-B6F6-A14483C405C2}] C:\WINDOWS\system32\drivers\windrivers6.exe s . Contents of the 'Scheduled Tasks' folder "2008-06-05 19:26:05 C:\WINDOWS\Tasks\User_Feed_Synchronization-{533BC229-827C-483A-9BB8-898A46DB8A85}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-06 02:07:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "LogitechCameraAssistant"="C:\\Programfiler\\Acer\\OrbiCam\\CameraAssistant.exe" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\Fellesfiler\Logitech\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\scardsvr.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\IFXSPMGT.exe C:\WINDOWS\system32\IFXTCS.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\lotus\notes\ntmulti.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\Infineon\Security Platform Software\PSDsrvc.EXE C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\Programfiler\Infineon\Security Platform Software\PSDrt.exe C:\Programfiler\Infineon\Security Platform Software\SpTNA.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\DOCUME~1\pv1010\LOKALE~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe . ************************************************************************** . Completion time: 2008-06-06 2:12:25 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-06 00:12:20 Pre-Run: 36,639,236,608 byte ledig Post-Run: 36,903,392,768 byte ledig 275 --- E O F --- 2008-05-07 12:25:27 Spennende å se om noen finner ut av noe her. Jeg har forresten sendt en pm til en moderator om å få flytta tråden. Endret 13. juli 2008 av vangsguten Lenke til kommentar
snippsat Skrevet 6. juni 2008 Del Skrevet 6. juni 2008 (endret) Ja du hadde en del grums. Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\WINDOWS\DUMP8ee2.tmp C:\WINDOWS\system32\mslrc.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BM6f3d5941"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cks20.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dlt21.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fmt86.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fow33.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Iqy10.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Iqy76.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Oxg21.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pxg08.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ven87.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xgo76.sys] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{32E0B761-8486-C450-B6F6-A14483C405C2}] Driver:: S3 Cks20 S3 Fmt86 S3 Fow33 S3 Iqy10 S3 Iqy76 S3 Oxg21 S3 Ven87 S3 Xgo76 Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" --- Last ned oppdatere og kjør full scan SAS free Post loggen fra SAS (preferences->statistics/logs) --- Restart --- Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" Post HijackThis.txt Endret 6. juni 2008 av SNIPPSAT Lenke til kommentar
vangsguten Skrevet 7. juni 2008 Forfatter Del Skrevet 7. juni 2008 (endret) Skal si dere har peiling, ass! Jeg bøyer meg i støvet. Post logg c:\combofix.txt Klikk for å se/fjerne innholdet nedenfor ComboFix 08-06-05.3 - pv1010 2008-06-07 9:14:42.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1534 [GMT 2:00] Running from: C:\Documents and Settings\pv1010\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\pv1010\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\DUMP8ee2.tmp C:\WINDOWS\system32\mslrc.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\DUMP8ee2.tmp C:\WINDOWS\system32\mslrc.exe . ((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))) . 2008-06-04 13:50 . 2008-06-04 13:50 <DIR> d-------- C:\Documents and Settings\pv1010\Programdata\IEPro 2008-06-04 13:48 . 2008-06-04 13:50 <DIR> d-------- C:\Programfiler\IEPro 2008-06-03 13:11 . 2008-06-03 13:12 <DIR> d-------- C:\temp\lspfix 2008-05-29 08:39 . 2008-05-29 08:39 <DIR> d-------- C:\Programfiler\Alwil Software 2008-05-07 14:09 . 2008-05-07 14:11 <DIR> d-------- C:\Programfiler\Opera . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-15 08:37 --------- d-----w C:\Programfiler\Bibel 2008-05-05 10:23 --------- d-----w C:\Documents and Settings\pv1010\Programdata\Canon 2008-05-05 08:38 --------- d-----w C:\Documents and Settings\pv1010\Programdata\HouseCall 6.6 2008-05-04 19:54 --------- d-----w C:\Documents and Settings\pv1010\Programdata\Azureus 2008-04-27 15:09 --------- d-----w C:\Programfiler\Enigma Software Group 2008-04-27 06:25 3,087 ----a-w C:\WINDOWS\system32\egyvplsi.dll 2008-04-27 06:25 3,087 ----a-w C:\WINDOWS\system32\dpoommnv.dll 2008-04-25 21:47 3,087 ----a-w C:\WINDOWS\system32\pqysfjld.dll 2008-04-25 21:47 3,087 ----a-w C:\WINDOWS\system32\liwucvlr.dll 2008-04-22 18:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-04-22 09:01 --------- d-----w C:\Programfiler\FotoKnudsen FotoBok 2008-04-21 15:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-04-21 11:33 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-04-21 11:32 9,722,720 ----a-w C:\spybotsd152.exe 2008-04-17 07:11 --------- d-----w C:\Programfiler\Trend Micro 2008-04-17 07:03 --------- d-----w C:\Documents and Settings\pv1010\Programdata\Desktop Sidebar 2008-04-16 14:12 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-16 14:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-04-16 13:24 --------- d-----w C:\Programfiler\Lavasoft 2008-04-15 22:51 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2007-07-05 01:14 61 --sh--w C:\WINDOWS\cnerolf.bin 2007-03-19 11:33 1,160 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-06_ 2.11.53.50 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-06 00:06:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-07 07:02:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-06 09:03:53 2,700 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{A814CCCA-A22E-4605-B290-AE62F7F2878D}.bin - 2004-08-04 19:00:00 561,179 ----a-w C:\WINDOWS\system32\dllcache\dao360.dll + 2008-03-25 04:50:25 554,008 ----a-w C:\WINDOWS\system32\dllcache\dao360.dll - 2004-08-04 19:00:00 294,400 ----a-w C:\WINDOWS\system32\dllcache\msctf.dll + 2008-02-26 12:01:53 294,912 ----a-w C:\WINDOWS\system32\dllcache\msctf.dll - 2004-08-04 19:00:00 512,029 ----a-w C:\WINDOWS\system32\dllcache\msexch40.dll + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\dllcache\msexch40.dll - 2004-08-04 19:00:00 319,517 ----a-w C:\WINDOWS\system32\dllcache\msexcl40.dll + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\dllcache\msexcl40.dll - 2004-08-04 19:00:00 1,507,356 ----a-w C:\WINDOWS\system32\dllcache\msjet40.dll + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\dllcache\msjet40.dll - 2004-08-04 19:00:00 358,976 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll - 2004-08-04 19:00:00 53,279 ----a-w C:\WINDOWS\system32\dllcache\msjter40.dll + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\dllcache\msjter40.dll - 2004-08-04 19:00:00 241,693 ----a-w C:\WINDOWS\system32\dllcache\msjtes40.dll + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\dllcache\msjtes40.dll - 2004-08-04 19:00:00 213,023 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll - 2004-08-04 19:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\mspbde40.dll + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\dllcache\mspbde40.dll - 2004-08-04 19:00:00 421,919 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll - 2004-08-04 19:00:00 315,423 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll - 2004-08-04 19:00:00 552,989 ----a-w C:\WINDOWS\system32\dllcache\msrepl40.dll + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\dllcache\msrepl40.dll - 2004-08-04 19:00:00 258,077 ----a-w C:\WINDOWS\system32\dllcache\mstext40.dll + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\dllcache\mstext40.dll - 2004-08-04 19:00:00 831,519 ----a-w C:\WINDOWS\system32\dllcache\mswdat10.dll + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\dllcache\mswdat10.dll - 2004-08-04 19:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\msxbde40.dll + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\dllcache\msxbde40.dll + 2008-05-09 12:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe - 2004-08-04 19:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll + 2008-02-26 12:01:53 294,912 ----a-w C:\WINDOWS\system32\msctf.dll - 2004-08-04 19:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll - 2004-08-04 19:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll - 2004-08-04 19:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll - 2004-08-04 19:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll - 2004-08-04 19:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll - 2004-08-04 19:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll - 2004-08-04 19:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll - 2004-08-04 19:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll - 2004-08-04 19:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll - 2004-08-04 19:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll - 2004-08-04 19:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll - 2004-08-04 19:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll - 2004-08-04 19:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll - 2004-08-04 19:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00 15360] "eNMTray.exe"="" [] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592] "H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 17:56 1289000] "Microsoft Corporation Latitude Service"="mslrc.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Corporation Latitude Service"="mslrc.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:03 110592 C:\WINDOWS\system32\bthprops.cpl] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 02:56 16261632 C:\WINDOWS\RTHDCPL.exe] "AzMixerSel"="C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 04:45 53248] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 01:16 761946] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 22:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 22:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 22:17 118784] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 11:39 225280] "LogitechCameraAssistant"="C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 16:47 331776] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 19:22 262144] "Microsoft Corporation Latitude Service"="mslrc.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Corporation Latitude Service"="mslrc.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 21:00 15360] "DWQueuedReporting"="c:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264] C:\Documents and Settings\pv1010\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN] IfxWlxEN.dll 2006-03-10 01:20 434176 C:\WINDOWS\system32\IfxWlxEN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GraviSense] --a------ 2006-09-04 19:18 4132864 C:\Acer\GraviSense\GraviSense.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 21:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2006-09-11 20:20 647168 C:\PROGRA~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] --a------ 2006-06-26 16:55 73728 C:\Programfiler\Acer\OrbiCam\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Programfiler\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] --a------ 2004-08-04 21:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI] --a------ 2006-05-15 12:15 45056 C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder] --a------ 2003-07-07 10:29 729088 D:\Programfiler\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 12:00 49152 D:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-04 21:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-04 21:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 21:24 32768 C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --a------ 2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 03:43 83608 C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LightScribeService"=2 (0x2) "gusvc"=3 (0x3) "Fax"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\Programfiler\Microsoft ActiveSync\rapimgr.exe"= C:\Programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"= C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"= C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\IEPro\\MiniDM.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-16 03:36] R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 02:01] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-11-29 04:50] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 14:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 19:08] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-20 21:19] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-18 22:20] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 11:40] S3 Cks20;Cks20;C:\WINDOWS\System32\drivers\Cks20.sys [] S3 Fmt86;Fmt86;C:\WINDOWS\System32\drivers\Fmt86.sys [] S3 Fow33;Fow33;C:\WINDOWS\System32\drivers\Fow33.sys [] S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2007-02-21 23:42] S3 Iqy10;Iqy10;C:\WINDOWS\System32\drivers\Iqy10.sys [] S3 Iqy76;Iqy76;C:\WINDOWS\System32\drivers\Iqy76.sys [] S3 Oxg21;Oxg21;C:\WINDOWS\System32\drivers\Oxg21.sys [] S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-08-31 21:18] S3 Ven87;Ven87;C:\WINDOWS\System32\drivers\Ven87.sys [] S3 Xgo76;Xgo76;C:\WINDOWS\System32\drivers\Xgo76.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c26e8d1-1b83-11dc-aecb-0016cee5a4f8}] \Shell\AutoRun\command - J:\dvdcheck.exe *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-06-07 07:05:31 C:\WINDOWS\Tasks\User_Feed_Synchronization-{533BC229-827C-483A-9BB8-898A46DB8A85}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-07 09:20:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "LogitechCameraAssistant"="C:\\Programfiler\\Acer\\OrbiCam\\CameraAssistant.exe" . Completion time: 2008-06-07 9:24:52 ComboFix-quarantined-files.txt 2008-06-07 07:24:38 ComboFix2.txt 2008-06-06 00:12:26 Pre-Run: 36,712,462,336 byte ledig Post-Run: 36,694,876,672 byte ledig 269 --- E O F --- 2008-06-06 23:29:40 Post loggen fra SAS (preferences->statistics/logs) Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/07/2008 at 12:02 PM Application Version : 4.15.1000 Core Rules Database Version : 3469 Trace Rules Database Version: 1468 Scan type : Quick Scan Total Scan Time : 02:06:49 Memory items scanned : 544 Memory threats detected : 0 Registry items scanned : 500 Registry threats detected : 0 File items scanned : 8755 File threats detected : 18 Adware.Tracking Cookie C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\administrator@media6degrees[2].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\[email protected][2].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\administrator@adnetserver[1].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\administrator@doubleclick[1].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\administrator@adtech[1].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\administrator@trafficmp[1].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\[email protected][1].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\administrator@adultfriendfinder[1].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\[email protected][1].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\administrator@advertising[2].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\administrator@clicksor[2].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\[email protected][1].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\[email protected][1].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\[email protected][3].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\[email protected][1].txt C:\Documents and Settings\administrator.ADMINISTRASJON\Cookies\[email protected][1].txt Post HijackThis.txt Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:11, on 2008-06-07 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe c:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\WINDOWS\system32\IFXSPMGT.exe c:\WINDOWS\system32\IFXTCS.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\lotus\notes\ntmulti.exe C:\WINDOWS\system32\o2flash.exe c:\Programfiler\Infineon\Security Platform Software\PSDsrvc.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe c:\Programfiler\Infineon\Security Platform Software\PSDrt.exe c:\Programfiler\Infineon\Security Platform Software\SpTna.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Microsoft ActiveSync\wcescomm.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\DOCUME~1\pv1010\LOKALE~1\Temp\RtkBtMnt.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=172.20.49.2:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programfiler\IEPro\iepro.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [Microsoft Corporation Latitude Service] mslrc.exe O4 - HKLM\..\RunServices: [Microsoft Corporation Latitude Service] mslrc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Microsoft Corporation Latitude Service] mslrc.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\RunServices: [Microsoft Corporation Latitude Service] mslrc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Send til &Bluetooth-enhet... - c:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programfiler\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programfiler\IEPro\iepro.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://nonoksr3/iNotes6.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = administrasjon.nordreisakommune.local O17 - HKLM\Software\..\Telephony: DomainName = administrasjon.nordreisakommune.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = administrasjon.nordreisakommune.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = administrasjon.nordreisakommune.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = administrasjon.nordreisakommune.local O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Programfiler\lotus\notes\ntmulti.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Unknown owner - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Programfiler\Infineon\Security Platform Software\PSDsrvc.EXE -- End of file - 11365 bytes Endret 13. juli 2008 av vangsguten Lenke til kommentar
snippsat Skrevet 7. juni 2008 Del Skrevet 7. juni 2008 (endret) Steng nettleser. --- Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O4 - HKLM\..\Run: [Microsoft Corporation Latitude Service] mslrc.exe O4 - HKLM\..\RunServices: [Microsoft Corporation Latitude Service] mslrc.exe O4 - HKCU\..\Run: [Microsoft Corporation Latitude Service] mslrc.exe O4 - HKCU\..\RunServices: [Microsoft Corporation Latitude Service] mslrc.exe --- Last ned Avenger Kopiere fet tekst,start avenger lim tekst inn i "input script here" Trykk på execute knappen. Files to delete: C:\WINDOWS\System32\drivers\Cks20.sys C:\WINDOWS\System32\drivers\Fmt86.sys C:\WINDOWS\System32\drivers\Fow33.sys C:\WINDOWS\System32\drivers\Iqy76.sys C:\WINDOWS\System32\drivers\Iqy76.sys C:\WINDOWS\System32\drivers\Oxg21.sys C:\WINDOWS\System32\drivers\Ven87.sys C:\WINDOWS\System32\drivers\Xgo76.sys --- Restart og lag ny hijackthis logg. Endret 7. juni 2008 av SNIPPSAT Lenke til kommentar
vangsguten Skrevet 8. juni 2008 Forfatter Del Skrevet 8. juni 2008 (endret) Restart og lag ny hijackthis logg. Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:41, on 2008-06-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe c:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\WINDOWS\system32\IFXSPMGT.exe c:\WINDOWS\system32\IFXTCS.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\lotus\notes\ntmulti.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\o2flash.exe c:\Programfiler\Infineon\Security Platform Software\PSDsrvc.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe c:\Programfiler\Infineon\Security Platform Software\PSDrt.exe c:\Programfiler\Infineon\Security Platform Software\SpTna.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Microsoft ActiveSync\wcescomm.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\DOCUME~1\pv1010\LOKALE~1\Temp\RtkBtMnt.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=172.20.49.2:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programfiler\IEPro\iepro.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\RunServices: [Microsoft Corporation Latitude Service] mslrc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Send til &Bluetooth-enhet... - c:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programfiler\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programfiler\IEPro\iepro.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://nonoksr3/iNotes6.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = administrasjon.nordreisakommune.local O17 - HKLM\Software\..\Telephony: DomainName = administrasjon.nordreisakommune.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = administrasjon.nordreisakommune.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = administrasjon.nordreisakommune.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = administrasjon.nordreisakommune.local O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Programfiler\lotus\notes\ntmulti.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Unknown owner - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Programfiler\Infineon\Security Platform Software\PSDsrvc.EXE -- End of file - 11794 bytes Endret 13. juli 2008 av vangsguten Lenke til kommentar
snippsat Skrevet 8. juni 2008 Del Skrevet 8. juni 2008 (endret) Start HijackThis "scan" finn denne linjen merk den,så trykk fix checked. O4 - HKLM\..\RunServices: [Microsoft Corporation Latitude Service] mslrc.exe Ny runde med avenger. Files to delete: C:\WINDOWS\system32\egyvplsi.dll C:\WINDOWS\system32\dpoommnv.dll C:\WINDOWS\system32\pqysfjld.dll C:\WINDOWS\system32\liwucvlr.dll Da er det bra Bruk pcen kjøre den greit,gjør du dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. SAS forsetter du og bruke. Surf trygt. Endret 8. juni 2008 av SNIPPSAT Lenke til kommentar
vangsguten Skrevet 8. juni 2008 Forfatter Del Skrevet 8. juni 2008 (endret) Takk for hjelpa så langt... men problemet er fortsatt ikke løst. Ved oppstart av IE står han bare og maler og maler, men ingenting skjer. Endret 16. juni 2008 av vangsguten Lenke til kommentar
snippsat Skrevet 8. juni 2008 Del Skrevet 8. juni 2008 (endret) Får du startet IE prøv dette. Prøv boot trykk f8 flere ganger velg sikkerhetmodus. Prøve IE her. Startet den gjør dette. Verktøy->alternativer for internett->avansert->tilbakestill. Restart. Når du er i sikkerhetmodus lag en ny bruker logg deg på den. Prøv IE her. Endret 8. juni 2008 av SNIPPSAT Lenke til kommentar
vangsguten Skrevet 16. juni 2008 Forfatter Del Skrevet 16. juni 2008 Nå er tråden i rett forum, om ikke annet... Har prøvd alt ovenstående, fortsatt like langt. Det rare er at ved inntasting av hvilkensomhelst URL kommer sidetittel fram, men det er da også alt. Lenke til kommentar
norbat Skrevet 16. juni 2008 Del Skrevet 16. juni 2008 Kjør Winsockfix, og se om ikke det kan få fart på nettet. Er dette en jobbpc som bruker proxy? Lenke til kommentar
vangsguten Skrevet 16. juni 2008 Forfatter Del Skrevet 16. juni 2008 Kjør Winsockfix, og se om ikke det kan få fart på nettet. Er dette en jobbpc som bruker proxy? Winsockfix gjorde heller ikke susen. Det er en jobb-pc, men vi bruker ikke proxy her på huset. Har spurt IT-folka om hjelp, men de hadde ingen hokuspokus heller... Lenke til kommentar
norbat Skrevet 16. juni 2008 Del Skrevet 16. juni 2008 Sjekk om noen systemfiler er korruptte: fra kjør-feltet, skriv: sfc /scannow Lenke til kommentar
vangsguten Skrevet 16. juni 2008 Forfatter Del Skrevet 16. juni 2008 Sjekk om noen systemfiler er korruptte: fra kjør-feltet, skriv: sfc /scannow Denne var ny for meg! Men - resultatløst. Det rare er at etter endt scanning forsvant bare programvinduet uten noen meldinger av noen slag... Lenke til kommentar
norbat Skrevet 16. juni 2008 Del Skrevet 16. juni 2008 Ja, sfc sier ikke så mye om den har fixet noe eller ei Du har sjekket at ikke noen brannmur stenger? Kunne du ha postet en ny combofix-logg (last ned ny) Lenke til kommentar
vangsguten Skrevet 13. juli 2008 Forfatter Del Skrevet 13. juli 2008 Kunne du ha postet en ny combofix-logg Her er ny ComboFix-log: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-07-13.6 - pv1010 2008-07-14 1:11:48.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1465 [GMT 2:00] Running from: G:\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM6f3d5941.txt C:\WINDOWS\system32\oeminfo.ini . ((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 ))))))))))))))))))))))))))))))) . 2008-07-08 00:11 . 2004-08-17 02:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe 2008-06-16 19:35 . 2004-08-04 01:03 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2008-06-16 19:35 . 2001-08-18 06:37 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe 2008-06-16 19:35 . 2001-10-06 14:03 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe 2008-06-16 19:35 . 2001-10-06 14:02 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2008-06-16 19:35 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys 2008-06-16 19:35 . 2001-10-06 14:02 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll 2008-06-16 19:35 . 2001-08-17 20:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys 2008-06-16 19:35 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys 2008-06-16 19:35 . 2001-10-06 14:03 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe 2008-06-16 19:33 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys 2008-06-16 19:32 . 2001-10-06 14:02 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll 2008-06-16 19:31 . 2001-10-06 14:02 440,576 --a------ C:\WINDOWS\system32\dllcache\tridkb.dll 2008-06-16 19:30 . 2001-10-06 13:24 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys 2008-06-16 19:29 . 2001-10-06 14:02 147,200 --a------ C:\WINDOWS\system32\dllcache\smidispb.dll 2008-06-16 19:28 . 2004-08-04 21:00 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys 2008-06-16 19:27 . 2001-10-06 14:01 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll 2008-06-16 19:26 . 2004-08-04 01:03 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll 2008-06-16 19:25 . 2001-10-06 13:38 899,242 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-06-16 19:24 . 2004-08-04 01:03 363,520 --a------ C:\WINDOWS\system32\dllcache\psisdecd.dll 2008-06-16 19:23 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys 2008-06-16 19:22 . 2004-08-04 01:03 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll 2008-06-16 19:21 . 2004-08-04 01:03 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll 2008-06-16 19:20 . 2001-10-06 13:35 320,384 --a------ C:\WINDOWS\system32\dllcache\mgaum.sys 2008-06-16 19:19 . 2001-08-17 21:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys 2008-06-16 19:18 . 2001-10-06 14:02 372,824 --a------ C:\WINDOWS\system32\dllcache\iconf32.dll 2008-06-16 19:18 . 2001-10-06 14:02 242,176 --a------ C:\WINDOWS\system32\dllcache\kdsusd.dll 2008-06-16 19:18 . 2001-10-06 14:02 90,200 --a------ C:\WINDOWS\system32\dllcache\io8ports.dll 2008-06-16 19:18 . 2001-10-06 14:02 46,080 --a------ C:\WINDOWS\system32\dllcache\kdsui.dll 2008-06-16 19:18 . 2001-08-17 20:12 45,632 --a------ C:\WINDOWS\system32\dllcache\ip5515.sys 2008-06-16 19:18 . 2004-08-04 21:00 40,832 --a------ C:\WINDOWS\system32\dllcache\irbus.sys 2008-06-16 19:18 . 2001-08-17 21:50 38,784 --a------ C:\WINDOWS\system32\dllcache\io8.sys 2008-06-16 19:18 . 2001-08-17 21:49 26,624 --a------ C:\WINDOWS\system32\dllcache\irstusb.sys 2008-06-16 19:18 . 2001-08-17 21:49 23,552 --a------ C:\WINDOWS\system32\dllcache\irmk7.sys 2008-06-16 19:18 . 2001-08-17 21:51 18,688 --a------ C:\WINDOWS\system32\dllcache\irsir.sys 2008-06-16 19:18 . 2001-10-06 13:23 13,056 --a------ C:\WINDOWS\system32\dllcache\inport.sys 2008-06-16 19:16 . 2001-08-17 21:28 542,879 --a------ C:\WINDOWS\system32\dllcache\hsf_msft.sys 2008-06-16 19:15 . 2001-10-06 14:02 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll 2008-06-16 19:14 . 2001-10-06 13:32 629,952 --a------ C:\WINDOWS\system32\dllcache\eqn.sys 2008-06-16 19:13 . 2001-08-17 20:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys 2008-06-16 19:12 . 2001-10-06 14:02 618,525 --a------ C:\WINDOWS\system32\dllcache\digiview.exe 2008-06-16 19:11 . 2001-10-06 13:34 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys 2008-06-16 19:10 . 2001-08-17 21:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys 2008-06-16 19:09 . 2004-08-04 01:03 870,784 --a------ C:\WINDOWS\system32\dllcache\ati3d1ag.dll 2008-06-16 19:08 . 2001-10-06 14:02 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll 2008-06-16 10:14 . 2008-06-16 10:14 <DIR> d-------- C:\Documents and Settings\administrator.ADMINISTRASJON\Programdata\IEPro 2008-06-13 12:37 . 2008-07-02 11:02 1,355 --a------ C:\WINDOWS\imsins.BAK . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-10 09:27 --------- d-----w C:\Programfiler\Microsoft Works 2008-07-10 09:27 --------- d-----w C:\Programfiler\Microsoft ActiveSync 2008-07-07 22:18 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-07-07 22:02 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-04 09:57 --------- d-----w C:\Programfiler\Bibel 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 18:00 272,256 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 18:00 272,256 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-07 23:51 --------- d-----w C:\Documents and Settings\pv1010\Programdata\Nero 2008-06-07 23:49 --------- d-----w C:\Programfiler\Fellesfiler\Nero 2008-06-07 23:45 --------- d-----w C:\Programfiler\Nero 2008-06-07 23:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nero 2008-06-07 15:53 --------- d-----w C:\Documents and Settings\pv1010\Programdata\Azureus 2008-06-07 07:49 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-06-07 07:49 --------- d-----w C:\Documents and Settings\pv1010\Programdata\SUPERAntiSpyware.com 2008-06-07 07:49 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-07 07:47 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-07 07:30 --------- d-----w C:\Programfiler\CCleaner 2008-06-04 11:50 --------- d-----w C:\Programfiler\IEPro 2008-06-04 11:50 --------- d-----w C:\Documents and Settings\pv1010\Programdata\IEPro 2008-05-29 06:39 --------- d-----w C:\Programfiler\Alwil Software 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-23 20:22 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:43 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:43 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-21 11:32 9,722,720 ----a-w C:\spybotsd152.exe 2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-07-05 01:14 61 --sh--w C:\WINDOWS\cnerolf.bin 2007-03-19 11:33 1,160 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00 15360] "H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 17:56 1289000] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AzMixerSel"="C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 04:45 53248] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 01:16 761946] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 22:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 22:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 22:17 118784] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 11:39 225280] "LogitechCameraAssistant"="C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 16:47 331776] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 19:22 262144] "Acrobat Assistant 7.0"="C:\Programfiler\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:03 110592 C:\WINDOWS\system32\bthprops.cpl] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 02:56 16261632 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 21:00 15360] "DWQueuedReporting"="c:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-07-08 00:19:02 25214] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN] 2006-03-10 01:20 434176 C:\WINDOWS\system32\IfxWlxEN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-08-03 12:51 202024 C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 12:48 157592 C:\Programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GraviSense] --a------ 2006-09-04 19:18 4132864 C:\Acer\GraviSense\GraviSense.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 21:00 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2006-09-11 20:20 647168 C:\PROGRA~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] --a------ 2006-06-26 16:55 73728 C:\Programfiler\Acer\OrbiCam\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] --a------ 2004-08-04 21:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-08-08 09:25 1828136 C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI] --a------ 2006-05-15 12:15 45056 C:\Programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder] --a------ 2003-07-07 10:29 729088 D:\Programfiler\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 12:00 49152 D:\Programfiler\ScanSoft\OmniPageSE2.0\opwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-04 21:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-04 21:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 21:24 32768 C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 03:43 83608 C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --a------ 2006-05-16 04:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LightScribeService"=2 (0x2) "gusvc"=3 (0x3) "Fax"=2 (0x2) "Nero BackItUp Scheduler 3"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\__Privat__\\Spill\\Sid Meier's Civilization 4\\Civilization4.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\Programfiler\Microsoft ActiveSync\rapimgr.exe"= C:\Programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"= C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"= C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "D:\\__Privat__\\Spill\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"= "D:\\__Privat__\\Spill\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "D:\\__Privat__\\Spill\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "D:\\__Privat__\\Spill\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "C:\\Programfiler\\IEPro\\MiniDM.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-16 03:36] R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 02:01] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-11-29 04:50] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 14:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 19:08] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-20 21:19] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-18 22:20] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 11:40] S3 Cks20;Cks20;C:\WINDOWS\System32\drivers\Cks20.sys [] S3 Fmt86;Fmt86;C:\WINDOWS\System32\drivers\Fmt86.sys [] S3 Fow33;Fow33;C:\WINDOWS\System32\drivers\Fow33.sys [] S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2007-02-21 23:42] S3 Iqy10;Iqy10;C:\WINDOWS\System32\drivers\Iqy10.sys [] S3 Iqy76;Iqy76;C:\WINDOWS\System32\drivers\Iqy76.sys [] S3 Oxg21;Oxg21;C:\WINDOWS\System32\drivers\Oxg21.sys [] S3 Ven87;Ven87;C:\WINDOWS\System32\drivers\Ven87.sys [] S3 Xgo76;Xgo76;C:\WINDOWS\System32\drivers\Xgo76.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c26e8d1-1b83-11dc-aecb-0016cee5a4f8}] \Shell\AutoRun\command - J:\dvdcheck.exe . Contents of the 'Scheduled Tasks' folder "2008-07-13 23:00:24 C:\WINDOWS\Tasks\User_Feed_Synchronization-{533BC229-827C-483A-9BB8-898A46DB8A85}.job" - C:\WINDOWS\system32\msfeedssync.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-eNMTray.exe - (no file) MSConfigStartUp-msnmsgr - C:\Programfiler\MSN Messenger\msnmsgr.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-14 01:16:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "LogitechCameraAssistant"="C:\\Programfiler\\Acer\\OrbiCam\\CameraAssistant.exe" . Completion time: 2008-07-14 1:20:07 ComboFix-quarantined-files.txt 2008-07-13 23:19:00 ComboFix2.txt 2008-06-07 07:24:55 Pre-Run: 34,462,301,184 byte ledig Post-Run: 34,454,646,784 byte ledig 251 --- E O F --- 2008-07-10 09:29:16 Det synes jo som om det er noe som er galt med HTTP-"kanalen", ettersom andre nettbaserte programmer kommuniserer fint. Som tidligere nevnt er jeg på nippet til å formattere alt og starte med blanke ark igjen, men jeg er litt for nysgjerrig av natur til å gi meg så lett! Kanskje er det bare ei lita fil som må tweakes litt for å få ting på rett spor igjen? Hmmm... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå