Kan noen se igjennom loggene mine?

[Freke88]

Har kjørt vanlig prossedyre men nettet er fortsatt like tregt.. tok meg 40min bare for å komme inn å lage denne posten.

er bare denne som har problemet de 2 andre maskinene har den hastigheten jeg betaler for

er bærbaren til en kompis av meg som jeg skulle fikse

 

 

AVG:

Klikk for å se/fjerne innholdet nedenfor

Scan "Scan whole computer" was finished.

Infections found:;"50"

Infected objects removed or healed:;"50"

Not removed or healed:;"0"

Spyware found:;"3"

Spyware removed:;"3"

Not removed:;"0"

Warnings count:;"0"

Information count:;"0"

Scan started:;"3. juli 2008, 17:58:14"

Scan finished:;"3. juli 2008, 19:53:35 (1 hour(s) 55 minute(s) 21 second(s))"

Total object scanned:;"497484"

User who launched the scan:;"siba"

 

Infections

File;"Infection";"Result"

C:\Documents and Settings\siba\Programdata\errorsafenorwegiannewreleaseinstall[1].exe;"Trojan horse Downloader.Purityscan.AG";"Moved to Virus Vault"

C:\Documents and Settings\siba\Programdata\winantiviruspro2006freeinstall_no[1].exe;"Trojan horse Downloader.Purityscan.AG";"Moved to Virus Vault"

C:\Documents and Settings\siba\Shared\sommertider1;"Trojan horse Downloader.Wimad.E";"Moved to Virus Vault"

C:\Programfiler\BP Go!Zilla v4.1\Go!Zilla Downloads\videosi.exe;"Trojan horse Startpage.CIH";"Moved to Virus Vault"

C:\Programfiler\BP Go!Zilla v4.1\Go!Zilla Downloads\videosi.exe:\ü#16€\update.exe;"Trojan horse Startpage.CIH";"Moved to Virus Vault"

C:\Programfiler\BP Go!Zilla v4.1\Go!Zilla Downloads\videosi.exe:\ü#16€\wupda.exe;"Trojan horse Dialer.RQJ";"Moved to Virus Vault"

C:\WINDOWS\system32\ajecuwel.dll;"Trojan horse Vundo.R";"Moved to Virus Vault"

C:\WINDOWS\system32\aqkadhid.exe;"Trojan horse Agent.VNA";"Moved to Virus Vault"

C:\WINDOWS\system32\bbgsxrkw.dll;"Trojan horse Generic10.AKJQ";"Moved to Virus Vault"

C:\WINDOWS\system32\byhvento.dll;"Trojan horse Generic10.AICG";"Moved to Virus Vault"

C:\WINDOWS\system32\ihivhtda.dll;"Trojan horse Generic10.ADWH";"Moved to Virus Vault"

C:\WINDOWS\system32\cpvwcbgh.dll;"Trojan horse Vundo.R";"Moved to Virus Vault"

C:\WINDOWS\system32\ddcddDwu.dll;"Trojan horse Generic10.AFLT";"Moved to Virus Vault"

C:\WINDOWS\system32\dpsducfs.exe;"Trojan horse Agent.VNA";"Moved to Virus Vault"

C:\WINDOWS\system32\eucdrctt.dll;"Trojan horse Generic10.ALFQ";"Moved to Virus Vault"

C:\WINDOWS\system32\fsefkknf.dll;"Trojan horse Generic10.AKSF";"Moved to Virus Vault"

C:\WINDOWS\system32\fyjhjxwx.dll;"Trojan horse Generic10.AGFF";"Moved to Virus Vault"

C:\WINDOWS\system32\ggdbtoen.exe;"Trojan horse Agent.VNA";"Moved to Virus Vault"

C:\WINDOWS\system32\gqladlaj.dll;"Trojan horse Generic10.AJYG";"Moved to Virus Vault"

C:\WINDOWS\system32\hmbpxiaj.exe;"Trojan horse Agent.VNA";"Moved to Virus Vault"

C:\WINDOWS\system32\httxrkko.dll;"Trojan horse Generic10.ALFR";"Moved to Virus Vault"

C:\WINDOWS\system32\iekvchbt.exe;"Trojan horse Agent.VNA";"Moved to Virus Vault"

C:\WINDOWS\system32\iuddsgik.dll;"Trojan horse Generic10.AEOJ";"Moved to Virus Vault"

C:\WINDOWS\system32\ivdksuwp.dll;"Trojan horse Generic10.AHEM";"Moved to Virus Vault"

C:\WINDOWS\system32\jkkHArSM.dll;"Trojan horse Generic10.AFLT";"Moved to Virus Vault"

C:\WINDOWS\system32\jolqpxwe.exe;"Trojan horse Agent.VNA";"Moved to Virus Vault"

C:\WINDOWS\system32\jxfoilfc.dll;"Trojan horse Generic10.AMYM";"Moved to Virus Vault"

C:\WINDOWS\system32\khlhorbr.dll;"Trojan horse Generic10.AIWG";"Moved to Virus Vault"

C:\WINDOWS\system32\kmkgaapg.dll;"Trojan horse Vundo.R";"Moved to Virus Vault"

C:\WINDOWS\system32\lluwknjn.exe;"Trojan horse Agent.VNA";"Moved to Virus Vault"

C:\WINDOWS\system32\lnounclg.dll;"Trojan horse Generic10.AJYJ";"Moved to Virus Vault"

C:\WINDOWS\system32\mbolnjfq.dll;"Trojan horse Generic10.AJEL";"Moved to Virus Vault"

C:\WINDOWS\system32\mbwexydm.dll;"Trojan horse Generic10.AHEM";"Moved to Virus Vault"

C:\WINDOWS\system32\meeqkrjy.dll;"Trojan horse Generic10.ADWH";"Moved to Virus Vault"

C:\WINDOWS\system32\mglletxn.dll;"Trojan horse Generic10.AKHG";"Moved to Virus Vault"

C:\WINDOWS\system32\mkopluqk.dll;"Trojan horse Vundo.R";"Moved to Virus Vault"

C:\WINDOWS\system32\mrhbxxmy.dll;"Trojan horse Vundo.Q";"Moved to Virus Vault"

C:\WINDOWS\system32\mzoeut.dll;"Trojan horse Generic.XCY";"Moved to Virus Vault"

C:\WINDOWS\system32\ockxpbbs.exe;"Trojan horse Agent.VNA";"Moved to Virus Vault"

C:\WINDOWS\system32\ooyldhyv.exe;"Trojan horse Agent.VNA";"Moved to Virus Vault"

C:\WINDOWS\system32\pfokiccs.dll;"Trojan horse Vundo.R";"Moved to Virus Vault"

C:\WINDOWS\system32\pnaitktu.dll;"Trojan horse Generic10.AJXH";"Moved to Virus Vault"

C:\WINDOWS\system32\qjiocfap.dll;"Trojan horse Generic10.AKSO";"Moved to Virus Vault"

C:\WINDOWS\system32\rwudcqil.exe;"Trojan horse Agent.VNA";"Moved to Virus Vault"

C:\WINDOWS\system32\tiexvjrk.dll;"Trojan horse Generic10.ADLN";"Moved to Virus Vault"

C:\WINDOWS\system32\tkwumqkd.dll;"Trojan horse Generic10.AFXM";"Moved to Virus Vault"

C:\WINDOWS\system32\torqhugd.exe;"Trojan horse Agent.VNA";"Moved to Virus Vault"

C:\WINDOWS\system32\ttmnccyu.exe;"Trojan horse Agent.VNA";"Moved to Virus Vault"

C:\WINDOWS\system32\yevksety.dll;"Trojan horse Vundo.R";"Moved to Virus Vault"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BM5b56df14;"Found registry key with reference to infected file C:\WINDOWS\system32\jxfoilfc.dll";"Moved to Virus Vault"

 

Spyware

File;"Infection";"Result"

C:\Programfiler\Common Files\Companion Wizard\WapCHK.dll;"Potentially harmful program WinFixer.V";"Moved to Virus Vault"

C:\Programfiler\HPQ\Default Settings\CpqsetVer.exe;"Adware Generic3.HUM";"Moved to Virus Vault"

C:\WINDOWS\system32\drivers\wasfsd.sys;"Potentially harmful program WinFixer.APL";"Moved to Virus Vault"

 

Warnings

File;"Infection";"Result"

C:\Documents and Settings\siba\Cookies\[email protected][2].txt;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\[email protected][2].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\[email protected][2].txt:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\[email protected][2].txt:\ad.yieldmanager.com.8a47878;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\[email protected][2].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\[email protected][2].txt:\ad.yieldmanager.com.e762f029;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\[email protected][2].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@casalemedia[2].txt;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@casalemedia[2].txt:\casalemedia.com.1773afc;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@casalemedia[2].txt:\casalemedia.com.80ad4799;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@casalemedia[2].txt:\casalemedia.com.987e6b46;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@casalemedia[2].txt:\casalemedia.com.5e43734d;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@doubleclick[2].txt;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@doubleclick[2].txt:\doubleclick.net.1d39bd48;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\[email protected][1].txt;"Found Tracking cookie.2o7";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\[email protected][1].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Moved to Virus Vault"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E};"Found Adware.RogueSuspect";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\[email protected][1].txt;"Found Tracking cookie.Overture";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\[email protected][1].txt:\perf.overture.com.610ef18d;"Found Tracking cookie.Overture";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@statcounter[1].txt;"Found Tracking cookie.Statcounter";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@statcounter[1].txt:\statcounter.com.8cbf07d6;"Found Tracking cookie.Statcounter";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@tradedoubler[2].txt;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@tradedoubler[2].txt:\tradedoubler.com.ba12c0e9;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"

C:\Documents and Settings\siba\Cookies\siba@tradedoubler[2].txt:\tradedoubler.com.eab0972e;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\cholecyst;"Found Adware.RogueSuspect";"Moved to Virus Vault"

 

SAS:

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 07/03/2008 at 10:04 PM

 

Application Version : 4.15.1000

 

Core Rules Database Version : 3496

Trace Rules Database Version: 1487

 

Scan type : Complete Scan

Total Scan Time : 00:38:23

 

Memory items scanned : 349

Memory threats detected : 0

Registry items scanned : 5091

Registry threats detected : 47

File items scanned : 17186

File threats detected : 25

 

Adware.GoZilla

HKLM\Software\Classes\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}

HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}

HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}

HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32

HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32#ThreadingModel

HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\ProgID

HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\Programmable

HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\TypeLib

HKCR\CLSID\{CD4C3CF0-4B15-11D1-ABED-709549C10000}\VersionIndependentProgID

C:\PROGRAMFILER\BP GO!ZILLA V4.1\GOIEHLP.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD4C3CF0-4B15-11D1-ABED-709549C10000}

 

Unclassified.Unknown Origin

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

 

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007

C:\WINDOWS\system32\stera.job

 

Trojan.Security Toolbar

C:\Documents and Settings\siba\Favoritter\Antivirus Test Online.url

 

Malware.AntiVirusGolden

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\cqyfjJCfGX

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\cRlArZcMz

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\InProcServer32

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\InProcServer32#ThreadingModel

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\mydewmzlkdd

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\PersistentAddinsRegistered

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\PersistentHandler

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\ProgID

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\qppyt

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\shellex

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\shellex\MayChangeDefaultMenu

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\sxyimmedlzn

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\yBaDnVxqrplxi

HKCR\CLSID\{C65C3770-598C-A2FD-DBAA-C7A45C50338E}\zvKtbmg

C:\Programfiler\AntivirusGolden\AntivirusGolden.exe

C:\Programfiler\AntivirusGolden\DbgHelp.Dll

C:\Programfiler\AntivirusGolden\Logs\scan_log_08082006-093306.html

C:\Programfiler\AntivirusGolden\Logs\scan_log_08082006-094923.html

C:\Programfiler\AntivirusGolden\Logs

C:\Programfiler\AntivirusGolden

 

Malware.VirusBlast

C:\Documents and Settings\siba\Start-meny\Programmer\VirusBlast\VirusBlast v5.0 Un-Installer.lnk

C:\Documents and Settings\siba\Start-meny\Programmer\VirusBlast\VirusBlast v5.0 Website.lnk

C:\Documents and Settings\siba\Start-meny\Programmer\VirusBlast\VirusBlast v5.0.lnk

C:\Documents and Settings\siba\Start-meny\Programmer\VirusBlast

C:\Documents and Settings\siba\Programdata\Microsoft\Internet Explorer\Quick Launch\VirusBlast v5.0.lnk

C:\Documents and Settings\siba\Start-meny\VirusBlast v5.0.lnk

C:\SYSTEM VOLUME INFORMATION\_RESTORE{3D419849-1197-4061-845A-54BF968A6B65}\RP292\A0143182.EXE

 

Trojan.Media-Codec

C:\Documents and Settings\siba\Favoritter\Online Security Test.url

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{634be415-da12-496b-b89e-329b73c4807f} [ cam ]

 

Malware.SpyDawn

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\gUjsqdcwvkCYy

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\hkQrsn

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\hLudvvj

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\InProcServer32

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\InProcServer32#ThreadingModel

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\osNjjT

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\qldyeZhvziE

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\rreRaExkKokqt

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\shellex

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\shellex\MayChangeDefaultMenu

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\yewhzpimcXzZm

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\Ysygwh

HKCR\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}\ZnvXphggtg

 

Adware.Vundo Variant/Rel

HKLM\SOFTWARE\Microsoft\aoprndtws

HKLM\SOFTWARE\Microsoft\FCOVM

HKLM\SOFTWARE\Microsoft\RemoveRP

HKU\S-1-5-21-3757230625-3897639959-3161512496-1006\Software\Microsoft\rdfa

 

Adware.MovieLand/MediaPipe

C:\PROGRAMFILER\FSUPPORT\NOTIFIER.EXE

 

Trojan.ErrorSafe

C:\SYSTEM VOLUME INFORMATION\_RESTORE{3D419849-1197-4061-845A-54BF968A6B65}\RP294\A0143938.EXE

C:\WINDOWS\SYSTEM32\ERRORSAFESETUP.EXE

 

Trojan.Smitfraud Variant

C:\SYSTEM VOLUME INFORMATION\_RESTORE{3D419849-1197-4061-845A-54BF968A6B65}\RP294\A0143939.EXE

 

Trojan.SpyFalcon

C:\SYSTEM VOLUME INFORMATION\_RESTORE{3D419849-1197-4061-845A-54BF968A6B65}\RP294\A0143979.DLL

 

Trojan.Homepage

C:\WINDOWS\SYSTEM32\LD101.TMP

 

Trojan.Unknown Origin

C:\WINDOWS\SYSTEM32\OT.ICO

C:\WINDOWS\SYSTEM32\TS.ICO

 

Combofix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-07-02.5 - siba 2008-07-03 22:13:12.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.590 [GMT 2:00]

Running from: C:\Documents and Settings\siba\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Programdata\WinAntiVirus Pro 2006

C:\Programfiler\popcorn Terms.html

C:\WINDOWS\BM5b56df14.txt

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\bdijhvit.ini

C:\WINDOWS\system32\ckxrfamh.ini

C:\WINDOWS\system32\eomqugex.ini

C:\WINDOWS\system32\eqgojekf.ini

C:\WINDOWS\system32\hjglljdp.ini

C:\WINDOWS\system32\ielrdsba.ini

C:\WINDOWS\system32\igfxhk.dll

C:\WINDOWS\system32\iiywevus.ini

C:\WINDOWS\system32\ilodhlxr.ini

C:\WINDOWS\system32\kpgbjmyq.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\neqsywnx.ini

C:\WINDOWS\system32\oeedpmaj.ini

C:\WINDOWS\system32\qBabLRqr.ini

C:\WINDOWS\system32\qBabLRqr.ini2

C:\WINDOWS\system32\stera.log

C:\WINDOWS\system32\xlyfmgqo.ini

C:\WINDOWS\system32\xpmhlbkg.ini

C:\WINDOWS\system32\yjsadcex.ini

C:\WINDOWS\system32\ymxxbhrm.ini

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_FOPN

 

 

((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))

.

 

2008-07-03 21:23 . 2008-07-03 21:23 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-07-03 21:23 . 2008-07-03 21:23 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-07-03 21:23 . 2008-07-03 21:23 <DIR> d-------- C:\Documents and Settings\siba\Programdata\SUPERAntiSpyware.com

2008-07-03 21:23 . 2008-07-03 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-07-03 21:12 . 2007-02-12 12:41 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll

2008-07-03 21:12 . 2007-02-12 12:40 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll

2008-07-03 21:11 . 2008-07-03 21:23 <DIR> dr-h----- C:\Documents and Settings\siba\Siste

2008-07-03 18:02 . 2008-07-03 22:16 <DIR> d-------- C:\Documents and Settings\siba\Programdata\BitTorrent

2008-07-03 17:43 . 2008-07-03 19:55 <DIR> d--h----- C:\$AVG8.VAULT$

2008-07-03 17:40 . 2008-07-03 17:40 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-03 17:40 . 2008-07-03 17:40 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-07-03 17:39 . 2008-07-03 17:57 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-07-03 17:39 . 2008-07-03 17:39 <DIR> d-------- C:\Programfiler\AVG

2008-07-03 17:39 . 2008-07-03 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8

2008-07-03 17:37 . 2008-07-03 17:37 <DIR> d-------- C:\Programfiler\DNA

2008-07-03 17:37 . 2008-07-03 17:37 <DIR> d-------- C:\Programfiler\BitTorrent

2008-07-03 17:37 . 2008-07-03 22:16 <DIR> d-------- C:\Documents and Settings\siba\Programdata\DNA

2008-07-03 16:49 . 2008-07-03 16:49 <DIR> d-------- C:\Programfiler\Microsoft Silverlight

2008-07-03 16:44 . 2008-07-03 16:44 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-03 16:36 . 2008-07-03 16:36 <DIR> d-------- C:\Programfiler\CCleaner

2008-07-02 21:47 . 2008-07-02 21:47 <DIR> d-------- C:\Programfiler\iTunes

2008-07-02 21:44 . 2008-07-02 21:44 <DIR> d-------- C:\Programfiler\Bonjour

2008-07-02 21:40 . 2008-07-02 21:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-07-02 21:40 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

2008-06-20 10:40 . 2008-06-20 10:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-06-20 10:03 . 2008-06-30 14:22 <DIR> d-------- C:\Programfiler\Avanquest update

2008-06-20 10:03 . 2008-06-20 10:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\BVRP Software

2008-06-20 10:02 . 2008-06-20 10:44 <DIR> d-------- C:\Programfiler\Sony Ericsson

2008-06-20 10:02 . 2008-06-20 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sony Ericsson

2008-06-20 10:01 . 2008-06-20 10:01 <DIR> d-------- C:\Documents and Settings\siba\Programdata\InstallShield

2008-06-13 21:19 . 2008-07-03 16:28 924 ---hs---- C:\WINDOWS\system32\gophkwls.ini

2008-06-12 07:33 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-12 07:33 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-03 20:10 --------- d-----w C:\Programfiler\BP Go!Zilla v4.1

2008-07-03 19:31 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-07-03 19:29 --------- d-----w C:\Programfiler\Google

2008-07-03 19:28 --------- d-----w C:\Documents and Settings\siba\Programdata\Lavasoft

2008-07-03 11:21 --------- d-----w C:\Programfiler\Java

2008-07-02 19:47 --------- d-----w C:\Programfiler\iPod

2008-07-02 19:44 --------- d-----w C:\Programfiler\QuickTime

2008-07-02 19:41 --------- d-----w C:\Programfiler\Apple Software Update

2008-06-20 08:03 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2007-09-29 10:41 39,296 ----a-w C:\Documents and Settings\siba\Programdata\GDIPFONTCACHEV1.DAT

2006-03-26 17:27 402 ----a-w C:\Documents and Settings\siba\Programdata\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-07-03 17:37 289088]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 10:59 794624]

"HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 17:39 1232152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk

backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BulletProof Go!Zilla.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\BulletProof Go!Zilla.lnk

backup=C:\WINDOWS\pss\BulletProof Go!Zilla.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Mobilt Kontor.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Mobilt Kontor.lnk

backup=C:\WINDOWS\pss\Mobilt Kontor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2007-03-09 11:09 63712 C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

--a------ 2005-02-08 18:38 159744 C:\Programfiler\Apoint2K\Apoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connect Update Agent]

--------- 2006-03-30 17:19 462848 C:\Programfiler\Telenor\Mobilt Kontor\AutoUpdateSrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

--a------ 2005-03-29 14:45 233534 C:\Programfiler\HPQ\Default Settings\Cpqset.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 10:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2004-12-03 13:24 290816 C:\Programfiler\HPQ\Quick Launch Buttons\eabservr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

--a------ 2005-02-08 12:32 126976 C:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

--a------ 2005-02-08 12:36 155648 C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-06-02 11:13 267048 C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]

--a------ 2004-10-14 13:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

--------- 2008-02-20 17:20 356352 C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2004-08-06 08:27 860160 C:\Programfiler\Analog Devices\SoundMAX\SMax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a------ 2004-10-14 09:11 1388544 C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2005-04-13 12:12 88209 C:\WINDOWS\AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Huawei technologies\\Huawei E620 Data Card\\HUAWEI 3G Data Card.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\StubInstaller.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"=

"C:\\Documents and Settings\\siba\\Mine dokumenter\\Mine mottatte filer\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\DNA\\btdna.exe"=

"C:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 17:40]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 17:39]

R2 GtFlashSwitch;GtFlashSwitch;C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 15:48]

S0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys []

S3 GTF32BUS;GT F32 BUS;C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2005-09-01 18:54]

S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 17:48]

S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 17:48]

S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 17:48]

S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2005-08-29 16:45]

S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 17:48]

S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2005-07-26 11:46]

S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;C:\WINDOWS\system32\DRIVERS\ewusbapp.sys [2005-07-26 11:46]

S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;C:\WINDOWS\system32\DRIVERS\ewusbser.sys [2005-07-26 11:46]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16]

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-07-02 19:41:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-07-03 20:21:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

- - - - ORPHANS REMOVED - - - -

 

SharedTaskScheduler-cholecyst - (no file)

Notify-urqQkkIA - urqQkkIA.dll

MSConfigStartUp-5865ec88 - C:\WINDOWS\system32\slwkhpog.dll

MSConfigStartUp-AdwareProtector - C:\Programfiler\Error Safe\AdwareProtector.exe

MSConfigStartUp-BearShare - C:\Programfiler\BearShare\BearShare.exe

MSConfigStartUp-BM5b56df14 - C:\WINDOWS\system32\jxfoilfc.dll

MSConfigStartUp-erscw - C:\Programfiler\Fellesfiler\Error Safe\erscw.exe

MSConfigStartUp-Go!Zilla - C:\Programfiler\BP Go!Zilla v4.1\gozilla.exe

MSConfigStartUp-swg - C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

MSConfigStartUp-VirusBlast - C:\Programfiler\VirusBlast\VirusBlast.exe

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-03 22:18:19

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\Programfiler\HPQ\Shared\hpqwmi.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Completion time: 2008-07-03 22:22:01 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-03 20:21:42

 

Pre-Run: 81,018,736,640 byte ledig

Post-Run: 80,959,549,440 byte ledig

 

240 --- E O F --- 2008-07-03 11:40:20

 

HiJackThis:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:22:37, on 03.07.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programfiler\DNA\btdna.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\HPQ\SHARED\HPQWMI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\Documents and Settings\siba\Skrivebord\HiJackThis\HijackThis.exe

C:\Programfiler\BitTorrent\bittorrent.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Download with Go!Zilla - file://C:\Programfiler\BP Go!Zilla v4.1\download-with-gozilla.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?37d800e273664444a0d2b3229af3d0f1

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?37d800e273664444a0d2b3229af3d0f1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: GtFlashSwitch - OptionNV - C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 6852 bytes

 

 

Edit: Det hjalp MYE å kjøre samme prossedyre enda en gang, vurderer å kjøre SAS, Combo og AVG 2 ganger til å se hva som skjer

Endret 4. juli 2008 av Freke88

[snippsat]

Status.

Ja det var mye grums,nå er det meste fjernet.

---

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

 

File::

C:\WINDOWS\system32\gophkwls.ini

 

Driver::

S0 esff

 

---

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

Kjør en par ganger til alle feil er borte.

---

Last ned MBAM til skrivebordet.

Kjør fila og installer programmet. Velg Norsk språkdrakt

La programmet oppdatere seg og velg å kjør en hurtig systemskann.

 

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

 

Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet.

 

Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies

---

Restart

Ny runde med CCleaner.

---

Defragmering.

Auslogics Disk Defrag + Free Registry Defrag + Pagedefrag

---

Si litt om hvordan den kjører etter dette.

Er den prosesser som tar mye av cpu kraft post navnet.

Ctrl+alt+del<prosesser>

Endret 4. juli 2008 av SNIPPSAT

[norbat]

Edit: Ups, ble dobbeltposting dette

 

Kluet er i allefall at etter en ny runde med scan (MBAM), så tar man resten manuelt, om combofix-loggen viser noen flere filer som skal bort.

Endret 4. juli 2008 av norbat

[Freke88]

OkOk, jeg må nokk desverre poste MBAM loggen også den ga meg alt annet en cookies

 

MABAM:

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.19

Database versjon: 920

Windows 5.1.2600 Service Pack 2

 

11:16:56 04.07.2008

mbam-log-7-4-2008 (11-16-56).txt

 

Skanntype: Rask Skann

Objekter skannet: 37644

Tid tilbakelagt: 7 minute(s), 32 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 0

Registerfiler infisert: 1

Mapper infisert: 0

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

 

 

Combofix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-07-03.3 - siba 2008-07-04 11:28:01.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.657 [GMT 2:00]

Running from: C:\Documents and Settings\siba\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\siba\Skrivebord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\gophkwls.ini

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\siba\err.log

C:\WINDOWS\system32\gophkwls.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))

.

 

2008-07-04 11:21 . 2008-07-04 11:21 <DIR> dr-h----- C:\Documents and Settings\siba\Siste

2008-07-04 11:07 . 2008-07-04 11:07 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-07-04 11:07 . 2008-07-04 11:07 <DIR> d-------- C:\Documents and Settings\siba\Programdata\Malwarebytes

2008-07-04 11:07 . 2008-07-04 11:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-07-04 11:07 . 2008-06-28 14:21 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-07-04 11:07 . 2008-06-28 14:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-07-03 21:23 . 2008-07-03 21:23 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-07-03 21:23 . 2008-07-03 21:23 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-07-03 21:23 . 2008-07-03 21:23 <DIR> d-------- C:\Documents and Settings\siba\Programdata\SUPERAntiSpyware.com

2008-07-03 21:23 . 2008-07-03 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-07-03 21:12 . 2007-02-12 12:41 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll

2008-07-03 21:12 . 2007-02-12 12:40 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll

2008-07-03 18:02 . 2008-07-04 10:06 <DIR> d-------- C:\Documents and Settings\siba\Programdata\BitTorrent

2008-07-03 17:43 . 2008-07-04 09:14 <DIR> d--h----- C:\$AVG8.VAULT$

2008-07-03 17:40 . 2008-07-03 17:40 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-03 17:40 . 2008-07-03 17:40 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-07-03 17:39 . 2008-07-03 17:57 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-07-03 17:39 . 2008-07-03 17:39 <DIR> d-------- C:\Programfiler\AVG

2008-07-03 17:39 . 2008-07-03 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8

2008-07-03 17:37 . 2008-07-03 17:37 <DIR> d-------- C:\Programfiler\DNA

2008-07-03 17:37 . 2008-07-03 17:37 <DIR> d-------- C:\Programfiler\BitTorrent

2008-07-03 17:37 . 2008-07-04 11:29 <DIR> d-------- C:\Documents and Settings\siba\Programdata\DNA

2008-07-03 16:49 . 2008-07-03 16:49 <DIR> d-------- C:\Programfiler\Microsoft Silverlight

2008-07-03 16:44 . 2008-07-03 16:44 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-03 16:36 . 2008-07-03 16:36 <DIR> d-------- C:\Programfiler\CCleaner

2008-07-02 21:47 . 2008-07-02 21:47 <DIR> d-------- C:\Programfiler\iTunes

2008-07-02 21:44 . 2008-07-02 21:44 <DIR> d-------- C:\Programfiler\Bonjour

2008-07-02 21:40 . 2008-07-02 21:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-07-02 21:40 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

2008-06-20 10:40 . 2008-06-20 10:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-06-20 10:03 . 2008-06-30 14:22 <DIR> d-------- C:\Programfiler\Avanquest update

2008-06-20 10:03 . 2008-06-20 10:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\BVRP Software

2008-06-20 10:02 . 2008-06-20 10:44 <DIR> d-------- C:\Programfiler\Sony Ericsson

2008-06-20 10:02 . 2008-06-20 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sony Ericsson

2008-06-20 10:01 . 2008-06-20 10:01 <DIR> d-------- C:\Documents and Settings\siba\Programdata\InstallShield

2008-06-12 07:33 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-12 07:33 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-03 19:31 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-07-03 19:29 --------- d-----w C:\Programfiler\Google

2008-07-03 19:28 --------- d-----w C:\Documents and Settings\siba\Programdata\Lavasoft

2008-07-03 11:21 --------- d-----w C:\Programfiler\Java

2008-07-02 19:47 --------- d-----w C:\Programfiler\iPod

2008-07-02 19:44 --------- d-----w C:\Programfiler\QuickTime

2008-07-02 19:41 --------- d-----w C:\Programfiler\Apple Software Update

2008-06-20 08:03 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:16 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe

2007-09-29 10:41 39,296 ----a-w C:\Documents and Settings\siba\Programdata\GDIPFONTCACHEV1.DAT

2006-03-26 17:27 402 ----a-w C:\Documents and Settings\siba\Programdata\wklnhst.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-03_22.21.27.92 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-03 20:17:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-04 09:19:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-07-03 17:37 289088]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 10:59 794624]

"HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 17:39 1232152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk

backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BulletProof Go!Zilla.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\BulletProof Go!Zilla.lnk

backup=C:\WINDOWS\pss\BulletProof Go!Zilla.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Mobilt Kontor.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Mobilt Kontor.lnk

backup=C:\WINDOWS\pss\Mobilt Kontor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2007-03-09 11:09 63712 C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

--a------ 2005-02-08 18:38 159744 C:\Programfiler\Apoint2K\Apoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connect Update Agent]

--------- 2006-03-30 17:19 462848 C:\Programfiler\Telenor\Mobilt Kontor\AutoUpdateSrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

--a------ 2005-03-29 14:45 233534 C:\Programfiler\HPQ\Default Settings\Cpqset.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 10:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2004-12-03 13:24 290816 C:\Programfiler\HPQ\Quick Launch Buttons\eabservr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

--a------ 2005-02-08 12:32 126976 C:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

--a------ 2005-02-08 12:36 155648 C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-06-02 11:13 267048 C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]

--a------ 2004-10-14 13:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

--------- 2008-02-20 17:20 356352 C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2004-08-06 08:27 860160 C:\Programfiler\Analog Devices\SoundMAX\SMax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a------ 2004-10-14 09:11 1388544 C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2005-04-13 12:12 88209 C:\WINDOWS\AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Huawei technologies\\Huawei E620 Data Card\\HUAWEI 3G Data Card.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\StubInstaller.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"=

"C:\\Documents and Settings\\siba\\Mine dokumenter\\Mine mottatte filer\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\DNA\\btdna.exe"=

"C:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 17:40]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 17:39]

R2 GtFlashSwitch;GtFlashSwitch;C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 15:48]

S0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys []

S3 GTF32BUS;GT F32 BUS;C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2005-09-01 18:54]

S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 17:48]

S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 17:48]

S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 17:48]

S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2005-08-29 16:45]

S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 17:48]

S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2005-07-26 11:46]

S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;C:\WINDOWS\system32\DRIVERS\ewusbapp.sys [2005-07-26 11:46]

S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;C:\WINDOWS\system32\DRIVERS\ewusbser.sys [2005-07-26 11:46]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16]

S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-07-02 19:41:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-07-04 09:21:11 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-04 11:29:47

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-07-04 11:30:56

ComboFix-quarantined-files.txt 2008-07-04 09:30:46

ComboFix2.txt 2008-07-04 08:56:50

ComboFix3.txt 2008-07-03 20:22:02

 

Pre-Run: 80,997,724,160 byte ledig

Post-Run: 80,986,759,168 byte ledig

 

208 --- E O F --- 2008-07-03 11:40:20

 

Men alt virker faktisk mye letter nå og jeg kom meg fram hit for å svar på posten på 10 sekunder istedenfor 40minutter

 

og om prosesser:

 

CPU er normal 0 - 3%

men svchost bruker 30 300 minne er det normalt? og det er 6 kopier av den de andre 5 holder ca 5000 minne

[snippsat]

Litt opprydding og slette en fil som var litt vrang.

---

Last ned Avenger

Kopiere fet tekst,start avenger lim tekst inn i "input script here"

Trykk på execute knappen.

 

Files to delete:

WINDOWS\system32\drivers\esff.sys

---

Slett mapper

C:\Programfiler\Fellesfiler\Symantec Shared

C:\Documents and Settings\siba\Programdata\Lavasoft

---

Du kan beholde SAS og MBAM.

Evenult velge en av dem,gode begge to.

---

Sjekk om java er oppdatert.

---

CPU er normal 0 - 3%

Ok

svchost bruker 30 300 minne er det normalt? og det er 6 kopier av den de andre 5 holder ca 5000 minne

Det et korrekt svchost er host filer for mye blant annet alt av nettverk.

Start->kjør->cmd

Tasklist /SVC --->for mere info

---

Bruk pcen litt kjører den greit gjør du dette.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

---

Surf trygt.

Endret 4. juli 2008 av SNIPPSAT

[Freke88]

jeg tror Avenger feilet?

Klikk for å se/fjerne innholdet nedenfor

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: could not open file "WINDOWS\system32\drivers\esff.sys"

Deletion of file "WINDOWS\system32\drivers\esff.sys" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

Takk for all hjelp =)

skulle ønske jeg kan lære alt dette

er så kjipt å mase på deg og norbat hele tiden

 

dette er vell den sjette PC'n jeg poster nå, hjelper en del venner for jeg kan egentlig ganske mye om PC men ikke akkurat denne delen

[snippsat]

He ja uff må ha med c:\

 

Files to delete:

C:\WINDOWS\system32\drivers\esff.sys

 

Da prøver avenger igjen

Endret 4. juli 2008 av SNIPPSAT

[Freke88]

ja jeg burde ha skjønnt det selv, bare copy pasta i en fei, men det hjalp ikke likevell:

Klikk for å se/fjerne innholdet nedenfor

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: file "c:\WINDOWS\system32\drivers\esff.sys" not found!

Deletion of file "c:\WINDOWS\system32\drivers\esff.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

[snippsat]

Ja kansje den er borte.

 

Søk->esff.sys

 

Ha på vis skjulte filer.

[Freke88]

Å nei.. nå kommer problemene tilbake en etter en her, nettet på PC'n bruker EVIGHETER, logget på min bærbar for å svar her nå.

 

og når jeg åpner kontrol panel får jeg en snodig error

 

folder som åpner seg som heter: "BTW" med error meldingen; Cannot load btrez.dll-NW

og der låste maskina seg =(

 

rakk ikke å søke etter den fila du nevnte

 

Edit: var bare på vei til kontrolpanel for å slå av skjulte mapper

Endret 4. juli 2008 av Freke88

[snippsat]

nei.. nå kommer problemene tilbake en etter en her, nettet på PC'n bruker EVIGHETER, logget på min bærbar for å svar her nå.

Hmm lurere på om det kan være andre problemer og.

 

Min datamaskin->verktøy->mappealternativer->vis

Skjul beskyttede oprativsystemfiler(fjern hake)

Skjul filer og mapper

Sett hake på "vis skjulte filer og mapper"

Endret 4. juli 2008 av SNIPPSAT

[snippsat]

folder som åpner seg som heter: "BTW" med error meldingen; Cannot load btrez.dll-NW

og der låste maskina seg =(

 

btrez.dll er en fil brukt av Bluetooth.

 

En reinstallasjon av bluetoothenhet kan løse dette dette.

 

 

En løsning.

Søkte fram filen med Windows Uforsker: C:\WINDOWS\system32\btrez.dll

 

2) Erklærte denne som korrupt og slettet den (den fantes, men kunne likevel ikke åpnes)

 

3) Lastet ned ny btrez.dll fil fra http://www.dll-files.com/dllindex/dll-files.shtml?btrez

 

4) Flyttet (kopierte) denne inn i katalogen C:\WINDOWS\system32 til erstatning for den korrupte

 

5) Startet maskinen på nytt

 

Og derved var problemet løst ...

Endret 4. juli 2008 av SNIPPSAT

[Freke88]

Ja fant den på IT pro jeg og jobber med saken.. men det tar jo TIMER bare å komme seg innpå dll downloads siden

 

Edit: ordnet med mappevisninger og gjorde et søk på: esff.sys

fant ikkenoe

Endret 4. juli 2008 av Freke88

[snippsat]

men det tar jo TIMER bare å komme seg innpå dll downloads siden

Jobber en prosess mye når dette skjer?

 

Er det bare nettet som er tregt?

 

ALtså virker ting og tang ok uten om nettet.

 

Edit: ordnet med mappevisninger og gjorde et søk på: esff.sys

fant ikkenoe

Da er det greit.

Endret 4. juli 2008 av SNIPPSAT

[Freke88]

maskinen låser seg når jeg åpner kontrolpanel, min datamaskin, og Søk

trykker ctrl alt delete, prosessor er 100% men før jeg rekker å finne den skydlige funker alt normalt igjen er bare 100% de første mikrosekundene

[snippsat]

Boot trykk f8 flere ganger,velg sikkerhet modus.

Se om det samme skjer her.

Når du er sikkerhetmodus.

Kontrolpanel->brukerkontoer

Lag en ny bruker logg deg på den,se om det samme skjer her.

 

http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Endret 4. juli 2008 av SNIPPSAT

[Freke88]

Der fikk jeg lastet ned DLL filen tok bare 30min for 1kb stor fil ;o

restarter maskina nå skal prøve safe boot viss det ikke hjelper

 

Edit: Mmmkay netter er på rett kjør og får ikke error når jeg åpner kontrolpanel / min datamasking lengre..

Endret 4. juli 2008 av Freke88