[LØST]System Antivirus 2008, hjelp til å fjerne

Xarus · 14. august 2008

Hei, trenger hjelp til å fjerne system antivirus 2008 og annen rusk.

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 08/14/2008 at 05:00 PM

Application Version : 4.0.1154

Core Rules Database Version : 3302

Trace Rules Database Version: 1308

Scan type : Complete Scan

Total Scan Time : 00:17:43

Memory items scanned : 481

Memory threats detected : 0

Registry items scanned : 5090

Registry threats detected : 0

File items scanned : 19479

File threats detected : 17

Adware.Tracking Cookie

C:\Documents and Settings\Sindre\Cookies\sindre@mediaplex[2].txt

C:\Documents and Settings\Sindre\Cookies\sindre@serving-sys[2].txt

C:\Documents and Settings\Sindre\Cookies\sindre@apmebf[1].txt

C:\Documents and Settings\Sindre\Cookies\[email protected][2].txt

C:\Documents and Settings\Sindre\Cookies\sindre@adlegend[2].txt

C:\Documents and Settings\Sindre\Cookies\sindre@atdmt[2].txt

C:\Documents and Settings\Sindre\Cookies\[email protected][1].txt

C:\Documents and Settings\Sindre\Cookies\[email protected][2].txt

C:\Documents and Settings\Sindre\Cookies\sindre@advertising[1].txt

C:\Documents and Settings\Sindre\Cookies\sindre@indexstats[2].txt

C:\Documents and Settings\Sindre\Cookies\sindre@doubleclick[2].txt

C:\Documents and Settings\Sindre\Cookies\sindre@tradedoubler[2].txt

C:\Documents and Settings\Sindre\Cookies\sindre@toplist[1].txt

C:\Documents and Settings\Sindre\Cookies\sindre@adtech[1].txt

C:\Documents and Settings\Sindre\Cookies\sindre@imrworldwide[2].txt

C:\Documents and Settings\Sindre\Cookies\sindre@serving-sys[1].txt

Logfile of HijackThis v1.99.1

Scan saved at 16:41:21, on 14.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Programfiler\Intel\Intel Application Accelerator\iaantmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PRISMSVC.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\PRISMSVR.EXE

C:\Programfiler\Intel\Intel Application Accelerator\iaanotif.exe

C:\Programfiler\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe

C:\Programfiler\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe

C:\Programfiler\PowerISO\PWRISOVM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\Winamp\winampa.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe

C:\Programfiler\SAV\sav.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\programfiler\valve\steam\steam.exe

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\DAEMON Tools Lite\daemon.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE

C:\Programfiler\Skyr@cer Pro Utility\WLANPRO.exe

C:\Programfiler\WinZip\WZQKPICK.EXE

C:\Programfiler\Dell Wireless\PRISMCFG.exe

C:\Programfiler\Xfire\Xfire.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Sindre\Mine dokumenter\Skrivebord\Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programfiler\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programfiler\Dealio\kb106\Dealio.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programfiler\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programfiler\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programfiler\Dealio\kb106\Dealio.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programfiler\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [au] C:\Programfiler\Dealio\DealioAU.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [iSUSPM] C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe -scheduler

O4 - HKLM\..\Run: [Antivirus] C:\Programfiler\SAV\sav.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\programfiler\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Skyr@cer Pro PCI 154 Configuration Utility.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programfiler\WinZip\WZQKPICK.EXE

O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programfiler\Dealio\kb106\res\DealioSearch.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programfiler\Dealio\kb106\Dealio.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE

COMBOFIX log:

Running from: C:\Documents and Settings\Sindre\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Sindre\Programdata\macromedia\Flash Player\#SharedObjects\NY33T7AX\interclick.com

C:\Documents and Settings\Sindre\Programdata\macromedia\Flash Player\#SharedObjects\NY33T7AX\interclick.com\ud.sol

C:\Documents and Settings\Sindre\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com

C:\Documents and Settings\Sindre\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

C:\Documents and Settings\Sindre\Programdata\ShoppingReport

C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\Config.xml

C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\db\Aliases.dbs

C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\db\Sites.dbs

C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\dwld\WhiteList.xip

C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\report\aggr_storage.xml

C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\report\send_storage.xml

C:\Documents and Settings\Sindre\Programdata\ShoppingReport\cs\res1\WhiteList.dbs

C:\Programfiler\ShoppingReport

C:\Programfiler\ShoppingReport\Uninst.exe

C:\WINDOWS\system32\__c003E872.dat

C:\WINDOWS\system32\__c00E1948.exe

C:\WINDOWS\system32\__c00FEFD8.dat

C:\WINDOWS\system32\~.exe

.

((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))

.

2008-08-14 04:19 . 2008-08-14 04:19 <DIR> d-------- C:\Programfiler\SAV

2008-08-14 04:19 . 2008-08-13 19:10 168,448 --a------ C:\WINDOWS\SYSTEM32\sav.cpl

2008-08-14 00:00 . 2008-08-14 00:02 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-08-06 02:26 . 2008-08-06 02:26 42,320 --a------ C:\WINDOWS\SYSTEM32\xfcodec.dll

2008-08-05 20:55 . 2008-08-05 20:55 <DIR> d-------- C:\Programfiler\Sun

2008-07-17 02:59 . 2008-08-08 18:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-17 02:59 . 2008-07-17 02:59 1,409 --a------ C:\WINDOWS\QTFont.for

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-13 20:58 --------- d-s---w C:\Programfiler\Xfire

2008-08-13 01:08 --------- d-----w C:\Documents and Settings\Sindre\Programdata\Azureus

2008-08-11 22:17 --------- d-----w C:\Documents and Settings\Sindre\Programdata\Xfire

2008-08-06 18:46 --------- d-----w C:\Documents and Settings\Sindre\Programdata\mIRC

2008-08-06 16:01 --------- d-----w C:\Programfiler\mIRC

2008-08-05 18:55 --------- d-----w C:\Programfiler\Java

2008-07-16 13:13 --------- d-----w C:\Programfiler\LimeWire

2008-07-13 18:48 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-07-13 18:48 --------- d-----w C:\Programfiler\AGEIA Technologies

2008-07-13 14:20 --------- d-----w C:\Programfiler\SystemRequirementsLab

2008-06-28 14:34 --------- d-----w C:\Programfiler\MyXOFT

2008-06-28 14:06 --------- d-----w C:\Documents and Settings\Sindre\Programdata\NCH Software

2008-06-28 14:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\NCH Software

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 18:00 272,256 ----a-w C:\WINDOWS\system32\drivers\bthport.sys

2006-05-06 16:42 7,260,160 ----a-w C:\Programfiler\mozilla firefox\plugins\libvlc.dll

2006-09-25 19:21 88 --sh--r C:\WINDOWS\SYSTEM32\233505DF60.sys

2006-09-25 19:21 3,766 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Programfiler\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-06-12 21:46 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"Steam"="c:\programfiler\valve\steam\steam.exe" [2008-03-28 19:52 1271032]

"LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-24 12:21 67128]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-27 18:44 1481968]

"DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]

"IAAnotif"="C:\Programfiler\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23 135168]

"CTSysVol"="C:\Programfiler\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]

"DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]

"DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]

"ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 18:34 213936]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]

"Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CAMTRAY.EXE" [2004-04-29 10:59 245760]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]

"QuickTime Task"="C:\Programfiler\K-Lite Codec Pack\QuickTime\qttask.exe" [2006-07-11 14:50 282624]

"PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2006-07-29 13:07 188416]

"au"="C:\Programfiler\Dealio\DealioAU.exe" [2007-06-27 12:46 238936]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-01-16 00:54 37376]

"ISUSPM"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]

"Antivirus"="C:\Programfiler\SAV\sav.exe" [2008-08-13 19:40 399360]

"P17Helper"="P17.dll" [2004-06-10 12:51 60928 C:\WINDOWS\SYSTEM32\P17.dll]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]

"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\Sindre\Start-meny\Programmer\Oppstart\

Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

Xfire.lnk - C:\Programfiler\Xfire\Xfire.exe [2008-08-06 02:26:38 3065168]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-24 12:21:09 67128]

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2006-05-18 16:10:42 434176]

Skyr@cer Pro PCI 154 Configuration Utility.lnk - C:\Programfiler\Skyr@cer Pro Utility\WLANPRO.exe [2005-06-16 12:39:14 2502656]

WinZip Quick Pick.lnk - C:\Programfiler\WinZip\WZQKPICK.EXE [2005-09-20 17:28:40 106560]

Wireless USB 2.0 WLAN Card Utility.lnk - C:\Programfiler\Dell Wireless\PRISMCFG.exe [2007-06-27 18:59:24 921704]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]

2005-12-22 20:08 450646 C:\WINDOWS\SYSTEM32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"msacm.l3fhg"= mp3fhg.acm

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\SYSTEM32\\USMT\\MIGWIZ.EXE"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Valve\\Steam\\Steam.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\afselius\\counter-strike source\\hl2.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\arning130\\counter-strike\\hl.exe"=

"C:\\Documents and Settings\\Sindre\\Mine dokumenter\\programmer\\utorrent.exe"=

"C:\\Programfiler\\Grisoft\\AVG Free\\avginet.exe"=

"C:\\Programfiler\\Grisoft\\AVG Free\\avgemc.exe"=

"C:\\Programfiler\\Xfire\\Xfire.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\oliverfrydenberg\\counter-strike\\hl.exe"=

"C:\\Programfiler\\mIRC\\mirc.exe"=

"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\oliverfrydenberg\\half-life\\hl.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\torbratberg\\counter-strike\\hl.exe"=

"C:\\Programfiler\\Azureus\\Azureus.exe"=

"C:\\Programfiler\\DC++\\DCPlusPlus.exe"=

"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\jelelfan\\counter-strike\\hl.exe"=

"C:\\Programfiler\\Valve\\Steam\\SteamApps\\afselius\\half-life 2 deathmatch\\hl2.exe"=

"C:\\Programfiler\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=

"C:\\Programfiler\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader

"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 IAANTMon;IAA Event Monitor;C:\Programfiler\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 12:22]

R2 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE [2005-12-22 20:21]

S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 22:43]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-VoipBuster - C:\Programfiler\VoipBuster.com\VoipBuster\VoipBuster.exe

HKCU-Run-BitTorrent - C:\Programfiler\BitTorrent\bittorrent.exe

HKU-Default-Run-Picasa Media Detector - C:\Programfiler\Picasa2\PicasaMediaDetector.exe

Notify-__c00FEFD8 - C:\WINDOWS\system32\__c00FEFD8.dat

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Sindre\Programdata\Mozilla\Firefox\Profiles\g8vpeb44.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-14 16:32:14

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="C:\\Programfiler\\Intel\\Intel Application Accelerator\\iaanotif.exe"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE

C:\WINDOWS\SYSTEM32\nvsvc32.exe

C:\WINDOWS\SYSTEM32\PnkBstrA.exe

C:\WINDOWS\SYSTEM32\MsPMSPSv.exe

C:\WINDOWS\SYSTEM32\USERINIT.EXE

C:\WINDOWS\SYSTEM32\PRISMSVR.exe

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE

C:\PROGRA~1\WinZip\WZQKPICK.EXE

.

**************************************************************************

.

Completion time: 2008-08-14 16:37:06 - machine was rebooted

ComboFix-quarantined-files.txt 2008-08-14 14:37:03

ComboFix2.txt 2008-04-27 20:49:44

Pre-Run: 62,699,810,816 byte ledig

Post-Run: 62,767,263,744 byte ledig

201 --- E O F --- 2008-08-13 22:02:48

Endret 14. august 2008 av Xarus

snippsat · 14. august 2008

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

File::

C:\WINDOWS\SYSTEM32\sav.cpl

Folder::

C:\Programfiler\SAV

Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= -

[-HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Antivirus"="-

lag en ny hijackthis logg.

r2d290 · 14. august 2008

Hallo

Snippsat kom meg i forkjøpet Følg rådet hans

Du kan fjerne C:\WINDOWS\imsins.BAK

Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse:

C:\WINDOWS\SYSTEM32\233505DF60.sys

C:\Programfiler\SAV\sav.exe

Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre.

Start HijackThis

Velg: Do a systemscan only

Sett en hake i boksene foran disse linjene:

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programfiler\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programfiler\AskTBar\bar\1.bin\ASKTBAR.DLL

Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked.

Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette.

Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg:

Start HijackThis

Velg: Do a systemscan, and save a logfile

Post denne loggen i din neste post. Fortell også hvordan det går med problemet nå.

Endret 14. august 2008 av r2d290

snippsat · 14. august 2008

Lite tips r2d290.

233505DF60.sys er en fil som Dr.Divx lager i forbindelse med registrering av produktet.

Denne blir autogenert derfor finner du den ikke når du søker.

Se på tipspunkt blir lagd likt med denne "KGyGaAvL.sys"

Da finner du info.

Endret 14. august 2008 av SNIPPSAT

r2d290 · 14. august 2008

Lite tips r2d290.
233505DF60.sys er en fil som Dr.Divx lager i forbindelse med registrering av produktet.

Denne blir autogenert derfor finner du den ikke når du søker.

Se på tipspunkt blir lagd likt med denne "KGyGaAvL.sys"

Da finner du info.

Ahh, den burde jeg klart :/

Takk

Xarus · 14. august 2008

ComboFix 08-08-13.05 - Sindre 2008-08-14 18:31:53.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.519 [GMT 2:00]

Running from: C:\Documents and Settings\Sindre\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Sindre\Skrivebord\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\SYSTEM32\sav.cpl

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Programfiler\SAV

C:\Programfiler\SAV\sav.cpl

C:\Programfiler\SAV\sav.exe

C:\Programfiler\SAV\sav0.dat

C:\Programfiler\SAV\sav1.dat

C:\WINDOWS\SYSTEM32\sav.cpl

.

((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))

.

2008-08-14 00:00 . 2008-08-14 00:02 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-08-06 02:26 . 2008-08-06 02:26 42,320 --a------ C:\WINDOWS\SYSTEM32\xfcodec.dll

2008-08-05 20:55 . 2008-08-05 20:55 <DIR> d-------- C:\Programfiler\Sun

2008-07-17 02:59 . 2008-08-08 18:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-17 02:59 . 2008-07-17 02:59 1,409 --a------ C:\WINDOWS\QTFont.for

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-13 20:58 --------- d-s---w C:\Programfiler\Xfire

2008-08-13 01:08 --------- d-----w C:\Documents and Settings\Sindre\Programdata\Azureus

2008-08-11 22:17 --------- d-----w C:\Documents and Settings\Sindre\Programdata\Xfire

2008-08-06 18:46 --------- d-----w C:\Documents and Settings\Sindre\Programdata\mIRC

2008-08-06 16:01 --------- d-----w C:\Programfiler\mIRC

2008-08-05 18:55 --------- d-----w C:\Programfiler\Java

2008-07-16 13:13 --------- d-----w C:\Programfiler\LimeWire

2008-07-13 18:48 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-07-13 18:48 --------- d-----w C:\Programfiler\AGEIA Technologies

2008-07-13 14:20 --------- d-----w C:\Programfiler\SystemRequirementsLab

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll

2008-06-28 14:34 --------- d-----w C:\Programfiler\MyXOFT

2008-06-28 14:06 --------- d-----w C:\Documents and Settings\Sindre\Programdata\NCH Software

2008-06-28 14:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\NCH Software

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll

2008-06-20 17:43 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys

2008-06-14 18:00 272,256 ----a-w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 18:00 272,256 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys