Virus eller spyware hijack log, combolog Håper på hjelp

[stigarild10]

Hei

 

Nå er det flere som bruker denne maskinen så jeg kan vasnkelig si alt om alle programmer som blir lagt inn, sider som blir surfet på og alle mulige feil kan ha blitt gjort. Men med norton 360 innlagt har det vært få problemer. Kun en blåskjerm en gang i måneden eller noe grunnet real tek driver visstnok som jeg har slitt med å fixe skikkelig.

 

Jeg husker jeg trykket på en link omtrent i søvne fra en kompis som hadde msn virus på maskinen sin og da jeg la meg igjen bråket en ekstern hd noe voldsomt før den virket ubrukelig dagen etter. Den er vel ferdig?. Dette var dog en stund siden og pcn har funket bra ellers. har også hatt en kompis sin pc her inne på nettverket som hadde virus.

 

Men for noen dager siden begynte pcn å fryse en del. Blåsjkerm og omstart. Skjedde da jeg åpnet itunes, windows foto galleri nektet totalt å åpne bilder, torrentprogrammer eller internet åpnet med frøs. Ikke med en gang men det gikk sent for så å fryse. Hjalp ikke å bruke ctr-alt-delete heller som det gjorde før da ting en veldig sjelden gang gikk seint. Blåskjerm eller det gikk i svart så jeg måtte restarte selv.

 

Siste 2 dagene har det blitt mye verre. Restarter ofte og i dag tidlig var det knapt sånn at jeg kunne gjøre noe som helst.rare feilmeldinger når jeg trykka ctr-alt -delete også. Kunne ikke åpne sikkerhets et eller annet. Jeg har fjernet noen programmer, kjørt ccleaner og etter mye om og men går pcn litt bedre og jeg fikk reinstallert norton 360. Men auto protect er slått av og vil ei på så noe er jo galt.

 

 

 

hijack log

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:27:13, on 18.08.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Windows\System32\WDBtnMgr.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\VistaCodecPack\QT\QTTask.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\HDD Health\hddhealth.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Users\Vidar\Desktop\Nyeting2008\mplayerc.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Vidar\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe -wl

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 10300 bytes

 

Combofix log

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-08-17.03 - Vidar 2008-08-18 23:21:41.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1114 [GMT 2:00]

Running from: C:\Users\Vidar\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))

.

 

2008-08-18 12:55 . 2008-07-30 17:42 23,888 --a------ C:\Windows\System32\drivers\COH_Mon.sys

2008-08-18 12:55 . 2008-07-30 17:28 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat

2008-08-18 12:55 . 2008-07-30 17:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf

2008-08-18 11:41 . 2008-08-18 11:41 <DIR> d-------- C:\Users\Vidar\AppData\Roaming\SUPERAntiSpyware.com

2008-08-18 11:41 . 2008-08-18 11:41 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-08-18 11:41 . 2008-08-18 11:41 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-08-18 11:41 . 2008-08-18 11:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-08-18 11:06 . 2008-08-18 11:06 <DIR> d-------- C:\Program Files\CCleaner

2008-08-18 10:04 . 2008-08-18 10:04 <DIR> d-------- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP

2008-08-18 08:52 . 2007-11-14 15:18 553 --a------ C:\Windows\USetup.iss

2008-08-18 01:53 . 2008-08-18 01:53 <DIR> d--hs---- C:\found.001

2008-08-17 11:53 . 2008-08-17 11:53 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-08-16 21:26 . 2008-08-16 21:26 <DIR> d-------- C:\Program Files\Common Files\Corel

2008-08-16 21:21 . 2008-08-18 11:26 2,516 --ahs---- C:\Windows\System32\KGyGaAvL.sys

2008-08-16 21:21 . 2008-08-16 21:29 88 -r-hs---- C:\Windows\System32\43193C485D.sys

2008-08-15 06:27 . 2008-08-15 06:27 <DIR> d--hs---- C:\found.000

2008-08-15 03:14 . 2008-08-16 12:39 <DIR> d-------- C:\Windows\System32\spool

2008-08-13 03:05 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll

2008-08-13 00:48 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-08-13 00:48 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll

2008-08-13 00:48 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll

2008-08-13 00:48 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL

2008-08-13 00:48 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll

2008-07-24 18:21 . 2008-07-24 18:21 <DIR> d-------- C:\Program Files\Xilisoft

2008-07-24 17:58 . 2008-07-24 18:03 <DIR> d-------- C:\Program Files\FormatFactory

2008-07-18 02:27 . 2008-07-18 21:05 <DIR> d-------- C:\Users\Vidar\AppData\Roaming\GrabPro

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-18 20:28 --------- d-----w C:\Program Files\Norton 360

2008-08-18 20:27 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-08-18 20:24 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-08-18 20:22 --------- d-----w C:\Users\Vidar\AppData\Roaming\Orbit

2008-08-18 20:22 --------- d-----w C:\Users\Vidar\AppData\Roaming\OpenOffice.org2

2008-08-18 20:21 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3

2008-08-18 20:21 --------- d-----w C:\Program Files\HDD Health

2008-08-18 14:33 --------- d-----w C:\Users\Vidar\AppData\Roaming\Azureus

2008-08-18 11:24 --------- d-----w C:\ProgramData\Lavasoft

2008-08-18 11:17 --------- d-----w C:\ProgramData\Symantec

2008-08-18 09:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-08-18 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-08-18 09:26 --------- d-----w C:\Users\Vidar\AppData\Roaming\Corel

2008-08-18 09:13 --------- d-----w C:\Program Files\Windows Live

2008-08-18 09:13 --------- d-----w C:\Program Files\StreamDown

2008-08-18 09:13 --------- d-----w C:\Program Files\Hotmail Popper

2008-08-18 09:12 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-18 08:39 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF

2008-08-18 08:39 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS

2008-08-18 08:39 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT

2008-08-18 08:39 --------- d-----w C:\Program Files\Symantec

2008-08-18 06:52 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-08-18 06:52 --------- d-----w C:\Program Files\Realtek

2008-08-17 17:29 --------- d-----w C:\Program Files\FairUse Wizard 2

2008-08-17 09:53 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-08-17 09:50 --------- d-----w C:\ProgramData\WLInstaller

2008-08-16 19:30 --------- d-----w C:\Program Files\Corel

2008-08-13 14:03 --------- d-----w C:\Users\Vidar\AppData\Roaming\dvdcss

2008-08-13 01:13 --------- d-----w C:\Program Files\Windows Mail

2008-08-10 17:07 3,350 --sha-w C:\Users\All Users\KGyGaAvL.sys

2008-08-10 17:07 3,350 --sha-w C:\ProgramData\KGyGaAvL.sys

2008-07-31 22:30 --------- d-----w C:\Program Files\Winamp

2008-07-31 22:29 --------- d-----w C:\Users\Vidar\AppData\Roaming\Winamp

2008-07-31 21:51 --------- d-----w C:\Program Files\Java

2008-07-26 01:32 --------- d-----w C:\Users\Vidar\AppData\Roaming\LimeWire

2008-07-24 15:51 --------- d---a-w C:\ProgramData\TEMP

2008-07-24 15:43 --------- d-----w C:\Program Files\AoA DVD Ripper

2008-07-24 01:27 --------- d-----w C:\Program Files\Orbitdownloader

2008-07-11 15:39 --------- d-----w C:\ProgramData\Apple Computer

2008-07-11 15:39 --------- d-----w C:\Program Files\iTunes

2008-07-11 15:39 --------- d-----w C:\Program Files\iPod

2008-07-11 15:32 --------- d-----w C:\Program Files\Safari

2008-07-07 14:56 --------- d-----w C:\Users\Vidar\AppData\Roaming\Vso

2008-07-07 14:56 --------- d-----w C:\Users\Vidar\AppData\Roaming\CopyToDvd

2008-07-04 11:18 --------- d-----w C:\Program Files\Azureus

2008-06-28 01:38 --------- d-----w C:\Program Files\Apple Software Update

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-06-15 12:09 12,632 ----a-w C:\Windows\System32\lsdelete.exe

2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll

2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll

2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll

2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll

2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll

2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll

2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll

2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll

2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll

2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll

2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll

2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll

2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll

2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin

2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin

2008-05-27 02:18 174 --sha-w C:\Program Files\desktop.ini

2008-05-27 01:48 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-05-27 01:48 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-05-12 14:56 88 --sh--r C:\Users\All Users\43193C485D.sys

2008-05-12 14:56 88 --sh--r C:\ProgramData\43193C485D.sys

2008-03-15 22:35 47,360 ----a-w C:\Users\Vidar\AppData\Roaming\pcouffin.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-18_15.56.55.16 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-08-18 12:32:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-08-18 20:21:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-08-18 12:32:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-08-18 20:21:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-08-18 12:34:13 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-08-18 20:23:09 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2008-08-18 12:34:08 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-08-18 20:23:03 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2008-08-18 13:06:40 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-08-18 20:28:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-08-18 13:06:40 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-08-18 20:28:27 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-08-18 13:06:40 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-08-18 20:28:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-08-18 12:34:27 12,618 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2461321592-3981338979-3322327707-1000_UserData.bin

+ 2008-08-18 20:23:27 12,804 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2461321592-3981338979-3322327707-1000_UserData.bin

- 2008-08-18 12:34:27 70,128 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-08-18 20:23:27 70,414 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-08-18 12:34:25 56,796 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-08-18 20:23:24 56,836 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]

"HDDHealth"="C:\Program Files\HDD Health\HDDHealth.exe" [2005-06-24 10:17 715264]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37 69216]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]

"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]

"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 18:38 583048]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-26 16:17 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-26 16:17 8429568]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-26 16:17 81920]

"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [2008-05-27 10:50 413696]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]

"WD Button Manager"="WDBtnMgr.exe" [2007-10-29 21:43 364544 C:\Windows\System32\WDBtnMgr.exe]

 

C:\Users\Vidar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 06:43:54 393216]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-03-11 00:40:49 155648]

Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-09-28 20:54:20 1690824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{974B1DFB-6FE4-4D01-9A46-7FDB11118A3A}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{3347C2A1-E2C8-4CDB-B9EC-9C2D39E53546}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{DD9B8BFF-DA2C-4FE6-ACCE-41E44D848AB0}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{385F0907-EE36-4060-A915-0A033922009E}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{ECC9FB9C-CC4A-4079-B971-A8A7D9A5CD9B}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{0EB88657-8201-4D5B-B3D7-31DC5ABF4CF8}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"UDP Query User{93A35299-48D3-47F2-AE06-6DFDB8B00847}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"{97830FF7-AEEF-409A-AC2D-68FEDEBAAB04}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{FA22A832-9C31-42C5-9F19-32BEA4CA3D86}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{6B647110-AD01-432E-B96E-20994A672035}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{35694770-626F-4324-9738-FFCEFE0432BF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{C5E0962E-BD1C-4319-AB05-86B2C6755D61}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{39FAEFBF-5F70-4262-8407-20B7FF3BBE0B}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"UDP Query User{6B7478B3-8424-4F9F-A06C-672148791EF8}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\PPMate\\ppmate.exe"= C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate

"C:\\Program Files\\PPMate\\ppmnet.exe"= C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate

"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit

"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080813.002\IDSvix86.sys [2008-07-16 21:50]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]

R2 PSI_SVC_2;Protexis Licensing V2;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]

R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 20:09]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 00:32]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys [2006-09-07 23:16]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]

\shell\AutoRun\command - L:\DTSP_Launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1281a323-f0e6-11dc-85ac-001a4d44dc85}]

\shell\AutoRun\command - L:\DTSP_Launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9042164-18eb-11dc-9cd0-806e6f6e6963}]

\shell\AutoRun\command - E:\Run.exe

 

*Newly Created Service* - COMHOST

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Vidar\AppData\Roaming\Mozilla\Firefox\Profiles\ikgvklkc.default\

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npnul32.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nppdf32.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin2.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin3.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin4.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin5.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin6.dll

FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin7.dll

FF -: plugin - C:\Program Files\VistaCodecPack\QT\Plugins\npqtplugin.dll

FF -: plugin - C:\Program Files\VistaCodecPack\QT\Plugins\npqtplugin2.dll

FF -: plugin - C:\Program Files\VistaCodecPack\QT\Plugins\npqtplugin3.dll

FF -: plugin - C:\Program Files\VistaCodecPack\QT\Plugins\npqtplugin4.dll

FF -: plugin - C:\Program Files\VistaCodecPack\QT\Plugins\npqtplugin5.dll

FF -: plugin - C:\Program Files\VistaCodecPack\QT\Plugins\npqtplugin6.dll

FF -: plugin - C:\Program Files\VistaCodecPack\QT\Plugins\npqtplugin7.dll

FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll

FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-18 23:24:59

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-08-18 23:26:33

ComboFix-quarantined-files.txt 2008-08-18 21:26:25

 

Pre-Run: 57,332,797,440 byte ledig

Post-Run: 57,299,755,008 byte ledig

 

262

 

SAS log

 

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 08/18/2008 at 11:19 PM

 

Application Version : 4.15.1000

 

Core Rules Database Version : 3538

Trace Rules Database Version: 1527

 

Scan type : Quick Scan

Total Scan Time : 00:51:07

 

Memory items scanned : 626

Memory threats detected : 0

Registry items scanned : 408

Registry threats detected : 0

File items scanned : 34640

File threats detected : 0

 

Ville satt stor pris på hjelp fra noe skarpere datahjerner enn jeg har klart å sope sammen

Endret 18. august 2008 av stigarild10

[Gjest Slettet+6132]

Det er fint om du lister opp alt av hardware.

Er det en OEM-maskin (HP/Fujiutsu/Compaq..etc) eller ett "selvbygg".

 

Hovedkort. (Modellbetegnelse)

CPU

Minne (hvor mye og type - modellbetegnelse).

Skjermkort

PSU (Strømforsyning - modellbetegnelse)

HD'er (Modell, type, størrelse)

osv.

 

Dette høres nemlig mer relatert til hardware/driver/softwareproblemer enn virusrelatert.

 

Utifra det jeg kunne se av loggene rapporterte de ikke noe unmormalt.

Bortsett fra det vanlige med alskens (mer eller mindre nødvendig) software ved oppstart.

[stigarild10]

Det er fint om du lister opp alt av hardware.

Er det en OEM-maskin (HP/Fujiutsu/Compaq..etc) eller ett "selvbygg".

 

Hovedkort. (Modellbetegnelse)

CPU

Minne (hvor mye og type - modellbetegnelse).

Skjermkort

PSU (Strømforsyning - modellbetegnelse)

HD'er (Modell, type, størrelse)

osv.

 

Dette høres nemlig mer relatert til hardware/driver/softwareproblemer enn virusrelatert.

 

Utifra det jeg kunne se av loggene rapporterte de ikke noe unmormalt.

Bortsett fra det vanlige med alskens (mer eller mindre nødvendig) software ved oppstart.

 

Takker for svar. Den er bygget av en jeg kjenner som har peiling så jeg må vel høre med han om hva pcn består av. Men er virus utelukket vil du si? Jeg finner det merkelig at pcn starter og alt virker ok for så at antivirusprogrammet slår seg av og ikke lar seg slå på auto protect igjen etter få minutter.

[Gjest Slettet+6132]

Jeg vil ikke utelukke at det er ett virusproblem, men symptomene med BSOD (blåskjerm) *kan* være relatert til hardware/drivere.

Derfor er det greit å sjekke ut det også.