LuXe
-
Innlegg
41 -
Ble med
-
Besøkte siden sist
Innholdstype
Profiler
Forum
Hendelser
Blogger
Om forumet
Innlegg skrevet av LuXe
-
-
Tviler på det er salt, spiser mye saltholdig mat ellers uten å oppleve de samme symptomene.
Kan det være ett spesiellt protein eller noe? -
Lever heldigvis fortsatt i beste velgående, så går nok god for at det er null klovsyke der
Ellers har jeg reagert lignende på et proteinpulver, det er kanskje viktig å nevne. -
Dette er noe jeg egentlg aldri har opplevd før. Har alltid likt fenalår men etter å ikke ha spist det på flere år så plukket jeg opp et fenalår for noen dager siden og kuttet av noen biter.
Symptomene er kløende hals, hovne lepper. Reaksjonen er ikke så veldig sterk, og kan vare i en time eller mer/mindre.
Hva er det som foresaker dette? Hva kan allergenet være?
Har tideligere også reagert lignende på stekt mørpølse. Dette er svært synd da jeg er ganske glad i fenalår.
Jeg har prøvd å gjenskape dette senere en gang, og reagerte også da på fenalåret. Jeg reagerte også på fenalåret når jeg tok allergitabletter god tid i forveien.
Takk for svar! -
PC'en gjenkjenner heller ikke bærbare harddisker jeg prøver å koble til den, men den kan lese CD'er!
Et lite problem jeg har nå er at PC'en ikke kom med noen windows-cd, den sa hele tiden atjeg måtte ta backup av en på en DVD+R eller DVD-R-plate. Jeg får bare be til driver-gudene om at brenneren funker så jeg får kopiert over Windows hvis jeg må formatere. Mister igrunn litt håpet her
-
Da får jeg feilmeldingen;
Systemgjenopprettingen ble ikke fullført. Systemfiler og instillinger på datamaskinen ble ikke endret.
Detaljer;
Systemgjenoppretting kunne ikke slette følgende fil/mappe;
Bane: C:ADSM_PData_0150
Det oppstod en uspesifisert feil under systemgjenopprettingen. (0x80070006)
Går ut ifra at dette er et virus, skal prøve å fjerne det med det eneste virusprogrammet jeg har på PC'en, som er Trend Micro Titanium. Dævven.
EDIT: Ingen trusler funnet.
Noen som har noen forslag? Jeg kan ta en bærbar harddisk med noe jeg laster ned fra denne PC'en, men hva kan isåfall fjerne det der?
EDIT 2: Et kjapt søk på nettet senere så ser det ut som om filen ikke er noe virus alikevel.
Sitter uansett med et stort problem her, og er fortsatt takknemlig for all hjelp
EDIT 3: Får samme feilen i sikkermodus.
Kan forsåvidt legge til at tideligere gjenopprettingstidspunkter som før har funnes (fra uker siden) er borte. Aner ikke hvordan!
-
Hei!
Jeg har en Asus G73J bærbar PC som akkurat nå ingenting fungerer på. Musen har sluttet å fungere, lyden fungerer ikke, det trådløse nettverkskortet fungerer ikke så jeg får ikke koblet til nettet med den, ja - et helt sett med problemer. Touchpaden og tastaturet på den funker, og det ser ut til at grunnen til at alle de andre tingene ovenfor ikke fungerer er problemer med driverene, feilsøking sa iallefall det men ga ingen råd.
Jeg brukte en CD jeg fikk med PC'en fra Asus, men det stod at driverne allerede var installert. Jeg gikk inn på CD'en og brukte setup-filen for lyd bare for å teste og installasjonen gikk greit helt til reboot, da en melding om at det var mislykket kom frem etter å ha startet PC'en på nytt.
Jeg skulle sette C:driven tilbake til en tideligere versjon, men det stod at ingen tideligere versjoner var tilgjengelige. Det merkelige er at flere versjoner har vært tilgjengelige før.
Nå, det som skjedde før problemet var at jeg køddet litt med sikkerthetsinstillingene på C-disken for å prøve å gi meg tillatelse til å endre ting i system 32. Jeg touchet ingen filer, bare "hosts", fordi jeg prøvde å fikse en iphone jeg har so er låst i recovery-mode, men det er en annen sak. Jeg fikk uansett ikke endret filen så jeg tror ikke det er problemet. Uansett startet jeg PC'en om igjen, og da skjedde alt det her. Jeg har brukt en del programmer i sammenheng med jailbreaking av iphonen rett før, blackra1n og ett til, men fikk ikke fikset telefonen min heller.
Har jeg ødelagt ting så fælt at jeg må formatere her?
Sitter med en ødelagt iphone og en ødelagt laptop så taster dette ned på et makkverk av en gammel PC på loftet
Setter pris på all hjelp
-
Den er grei, takker for hjelpen
-
Haha, ja jeg får forhåpentligvis ikke mer virus nå
Og ja, skal slette de, men beholde SAS.
-
De er ikke fra forrige runde nei. Jeg antar at de stammer fra noen lumske filer som følgte med noe jeg lastet ned her en dag.
-
PCen kjører perfekt nå. Ikke noe problemer. Ingen popups eller FF slowdowns. Poster enda en Hijackthis logfil for å være helt sikker at jeg gjorde alt rett.
Logfile of HijackThis v1.99.1
Scan saved at 21:13:14, on 21.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamereactor.no
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm
O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/229?4dde03ce85104e3bb83b32813cb83cb
O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/230?4dde03ce85104e3bb83b32813cb83cb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DB8E775-305B-4402-BFB7-67090DB28F66}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mimer.no
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mimer.no
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
-
Ok, sorry for at dette tok tid, men DrWeb brukte nesten 3 timer på å scanne hele PCn. Uansett, her er loggene;
ComboFix 07-06-21.3 - C:\Documents and Settings\Peter Kongsvik\Skrivebord\ComboFix.exe
"Peter Kongsvik" - 2007-06-21 20:01:12 - Service Pack 2 NTFS [sAFE MODE]
((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))
2007-06-21 16:52 <DIR> d-------- C:\DOCUME~1\PETERK~1\DoctorWeb
2007-06-21 13:22 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-21 13:20 <DIR> d-------- C:\DOCUME~1\PETERK~1\.housecall6.6
2007-06-21 12:25 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-21 11:31 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2007-06-19 12:22 49,152 --a------ C:\WINDOWS\win.exe
2007-06-15 21:36 98,304 --a------ C:\WINDOWS\system32\viscomtran.dll
2007-06-15 21:36 94,208 --a------ C:\WINDOWS\system32\viscomaudiodata.dll
2007-06-15 21:36 90,112 --a------ C:\WINDOWS\system32\viscomframe.dll
2007-06-15 21:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-06-15 21:36 598,016 --a------ C:\WINDOWS\system32\viscomqtde.dll
2007-06-15 21:36 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-06-15 21:36 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2007-06-15 21:36 110,592 --a------ C:\WINDOWS\system32\viscomaudioencoder.dll
2007-06-15 21:35 <DIR> d-------- C:\Programfiler\Kate's Video Toolkit
2007-06-15 21:23 1 --a------ C:\WINDOWS\pvc11.dll
2007-06-15 21:23 <DIR> d-------- C:\Programfiler\AML Products
2007-06-15 21:11 5 --a------ C:\WINDOWS\system32\SySvideocutter.dat
2007-06-15 21:10 991,232 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2007-06-15 21:10 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2007-06-15 21:10 793,536 --a------ C:\WINDOWS\system32\wmpcdcs8.exe
2007-06-15 21:10 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2007-06-15 21:10 356,352 --a------ C:\WINDOWS\system32\NCTVideoDxPlayer.dll
2007-06-15 21:10 294,912 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-06-15 21:10 282,624 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2007-06-15 21:10 262,144 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-06-15 21:10 2,658,304 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2007-06-15 21:10 2,260,992 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-06-15 21:10 196,608 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-06-15 21:10 139,264 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-06-15 21:10 1,810,432 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-06-15 21:10 1,245,184 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2007-06-15 21:10 <DIR> d-------- C:\WINDOWS\system32\RMBin
2007-06-15 21:10 <DIR> d-------- C:\Programfiler\Crystalsoftware
2007-06-15 13:27 <DIR> d-------- C:\Programfiler\Orb Networks
2007-06-15 13:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\OrbNetworks
2007-06-11 17:16 13,844 --a------ C:\WINDOWS\system32\ssltnrbn.exe
2007-06-08 18:03 0 -ra------ C:\logwmemory.bin
2007-06-08 17:35 <DIR> d-------- C:\Programfiler\Teamspeak2_RC2
2007-06-05 21:41 <DIR> d-------- C:\DOCUME~1\LOCALS~1\PROGRA~1\CyberLink
2007-06-04 21:36 2,580 --a------ C:\WINDOWS\system32\yhptprwh.exe
2007-06-04 16:42 <DIR> d-------- C:\DOCUME~1\PETERK~1\PROGRA~1\CyberLink
2007-06-04 15:04 <DIR> d-------- C:\!KillBox
2007-06-03 21:41 2,580 --a------ C:\WINDOWS\system32\pkpedpeh.exe
2007-06-03 20:00 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware
2007-06-03 20:00 <DIR> d-------- C:\DOCUME~1\PETERK~1\PROGRA~1\SUPERAntiSpyware.com
2007-06-03 20:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com
2007-06-03 19:55 12,300,483 --------- C:\AVG7QT.DAT
2007-06-03 18:58 2,580 --a------ C:\WINDOWS\system32\bjnurhxo.exe
2007-06-03 18:37 <DIR> d-------- C:\Programfiler\SmartSound Software
2007-06-03 18:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SmartSound Software Inc
2007-06-03 18:35 <DIR> d-------- C:\Programfiler\QuickTime
2007-06-02 23:16 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-06-02 19:50 <DIR> d-------- C:\Programfiler\MagicISO
2007-05-31 08:45 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 08:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 08:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 08:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 08:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-28 14:37 <DIR> d-------- C:\Programfiler\HyCam2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-21 09:31:21 4,196 ----a-w C:\WINDOWS\mozver.dat
2007-06-19 13:07:57 -------- d-----w C:\DOCUME~1\PETERK~1\PROGRA~1\uTorrent
2007-06-08 15:35:51 -------- d-----w C:\DOCUME~1\PETERK~1\PROGRA~1\teamspeak2
2007-06-04 15:24:11 -------- d-----w C:\Programfiler\DivX
2007-06-03 17:59:27 -------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard
2007-06-03 16:41:15 -------- d--h--w C:\Programfiler\InstallShield Installation Information
2007-06-03 16:41:15 -------- d-----w C:\Programfiler\CyberLink
2007-06-01 17:01:06 -------- d-----w C:\Programfiler\World of Warcraft
2007-05-18 16:02:39 -------- d-----w C:\Programfiler\LimeWire
2007-05-16 15:19:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 17:19:38 -------- d-----w C:\Programfiler\9Dragons
2007-05-13 10:24:29 -------- d-----w C:\Programfiler\Folding@Home
2007-05-04 21:13:42 -------- d-----w C:\Programfiler\FDRLab
2007-05-04 21:12:08 -------- d-----w C:\Programfiler\FreeUndelete
2007-05-04 21:08:02 -------- d-----w C:\Programfiler\SoftLogica
2007-05-04 21:02:30 -------- d-----w C:\Programfiler\DiskInternals
2007-05-04 20:51:50 -------- d-----w C:\Programfiler\WinUndelete
2007-05-02 13:00:38 -------- d-----w C:\DOCUME~1\PETERK~1\PROGRA~1\Viewpoint
2007-04-25 14:23:31 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:25 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-04-23 00:15:24 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-04-23 00:15:24 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:15:14 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-25 12:48:14 60,326 ----a-w C:\WINDOWS\system32\perfc014.dat
2007-03-25 12:48:14 384,784 ----a-w C:\WINDOWS\system32\perfh014.dat
2005-05-13 15:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 09:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 19:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 17:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 10:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 08:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 11:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll [2005-07-07 16:21]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\programfiler\steam\steam.exe" -silent
"Aim6"="C:\Programfiler\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"Orb"="C:\Programfiler\Orb Networks\Orb\bin\OrbTray.exe" /background
"SUPERAntiSpyware"=C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime
"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"
"Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" -hide
"WinampAgent"=C:\Programfiler\Winamp\winampa.exe
"hpfsched"=C:\WINDOWS\hpfsched.exe
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
"GPLv3"=rundll32.exe "C:\WINDOWS\system32\bxtlqwjw.dll",realset
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\install.EXE id= ver=1.0.0.0
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\AutoRunMorrowind.exe
install\command- E:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\AutoRun\Demo.exe
Contents of the 'Scheduled Tasks' folder
2007-06-15 15:16:08 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-05-26 23:32:00 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 20:05:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-21 20:06:09
C:\ComboFix-quarantined-files.txt ... 2007-06-21 20:05
C:\ComboFix2.txt ... 2007-06-21 12:34
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 20:11:39, on 21.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamereactor.no
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm
O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/229?4dde03ce85104e3bb83b32813cb83cb
O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/230?4dde03ce85104e3bb83b32813cb83cb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DB8E775-305B-4402-BFB7-67090DB28F66}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mimer.no
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mimer.no
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
-
Så må noe mer gjøres? Er alt greit?
-
Ok. Her er de, men jeg fant ikke de der linjene jeg skulle fikse i HJT i det hele tatt. (Jeg deaktiverte de to prosessene i services.msc sikkert) Jeg fikk og en ekstra fil fra combofix om quarantined files. Poster og den.
ComboFix 07-06-21.3 - C:\Documents and Settings\Peter Kongsvik\Skrivebord\ComboFix.exe
"Peter Kongsvik" - 2007-06-21 12:25:47 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\biuxslqu.dll
C:\WINDOWS\system32\bqnhkaqn.dll
C:\WINDOWS\system32\bxtlqwjw.dll
C:\WINDOWS\system32\fentvdyi.dll
C:\WINDOWS\system32\haonvrgi.dll
C:\WINDOWS\system32\hgdpuftr.dll
C:\WINDOWS\system32\jjttyyps.dll
C:\WINDOWS\system32\kqnrjlrw.dll
C:\WINDOWS\system32\lmhoxtup.dll
C:\WINDOWS\system32\uvndekft.dll
C:\WINDOWS\system32\yoglobvr.dll
C:\WINDOWS\system32\pmnlmll.dll
C:\WINDOWS\system32\wjwqltxb.ini
C:\WINDOWS\system32\iydvtnef.ini
C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.bak2
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.ini2
C:\WINDOWS\system32\dcbeg.tmp
C:\WINDOWS\system32\spyyttjj.ini
C:\WINDOWS\system32\wrljrnqk.ini
C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.bak2
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.ini2
C:\WINDOWS\system32\dcbeg.tmp
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.bak2
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.ini2
C:\WINDOWS\system32\dcbeg.tmp
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\jkkkige.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\PETERK~1\MINEDO~1.\dobe~1
C:\WINDOWS\installer\7d9e8.msi
C:\WINDOWS\system32\win.exe
C:\WINDOWS\system32\xpdx.sys
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\xpdx
((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))
2007-06-21 12:25 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-21 12:20 122,900 --a------ C:\WINDOWS\system32\nbkkxnul.exe
2007-06-21 12:03 122,900 --a------ C:\WINDOWS\system32\avhjndqu.exe
2007-06-21 11:31 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2007-06-21 11:13 122,900 --a------ C:\WINDOWS\system32\tbhbcrji.exe
2007-06-21 11:06 122,900 --a------ C:\WINDOWS\system32\hhjdhhmy.exe
2007-06-20 20:05 122,900 --a------ C:\WINDOWS\system32\dmanlksh.exe
2007-06-20 17:05 122,900 --a------ C:\WINDOWS\system32\uhnlsbpu.exe
2007-06-20 10:52 122,900 --a------ C:\WINDOWS\system32\eyigmydy.exe
2007-06-19 12:22 49,152 --a------ C:\WINDOWS\win.exe
2007-06-15 21:36 98,304 --a------ C:\WINDOWS\system32\viscomtran.dll
2007-06-15 21:36 94,208 --a------ C:\WINDOWS\system32\viscomaudiodata.dll
2007-06-15 21:36 90,112 --a------ C:\WINDOWS\system32\viscomframe.dll
2007-06-15 21:36 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-06-15 21:36 598,016 --a------ C:\WINDOWS\system32\viscomqtde.dll
2007-06-15 21:36 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-06-15 21:36 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2007-06-15 21:36 110,592 --a------ C:\WINDOWS\system32\viscomaudioencoder.dll
2007-06-15 21:35 <DIR> d-------- C:\Programfiler\Kate's Video Toolkit
2007-06-15 21:23 1 --a------ C:\WINDOWS\pvc11.dll
2007-06-15 21:23 <DIR> d-------- C:\Programfiler\AML Products
2007-06-15 21:11 5 --a------ C:\WINDOWS\system32\SySvideocutter.dat
2007-06-15 21:10 991,232 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2007-06-15 21:10 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2007-06-15 21:10 793,536 --a------ C:\WINDOWS\system32\wmpcdcs8.exe
2007-06-15 21:10 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2007-06-15 21:10 356,352 --a------ C:\WINDOWS\system32\NCTVideoDxPlayer.dll
2007-06-15 21:10 294,912 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-06-15 21:10 282,624 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2007-06-15 21:10 262,144 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-06-15 21:10 2,658,304 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2007-06-15 21:10 2,260,992 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-06-15 21:10 196,608 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-06-15 21:10 139,264 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-06-15 21:10 1,810,432 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-06-15 21:10 1,245,184 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2007-06-15 21:10 <DIR> d-------- C:\WINDOWS\system32\RMBin
2007-06-15 21:10 <DIR> d-------- C:\Programfiler\Crystalsoftware
2007-06-15 13:27 <DIR> d-------- C:\Programfiler\Orb Networks
2007-06-15 13:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\OrbNetworks
2007-06-11 17:16 13,844 --a------ C:\WINDOWS\system32\ssltnrbn.exe
2007-06-08 18:03 0 -ra------ C:\logwmemory.bin
2007-06-08 17:35 <DIR> d-------- C:\Programfiler\Teamspeak2_RC2
2007-06-06 21:38 55,316 --a------ C:\WINDOWS\system32\thychsuq.dll
2007-06-05 21:41 <DIR> d-------- C:\DOCUME~1\LOCALS~1\PROGRA~1\CyberLink
2007-06-05 21:37 14,868 --a------ C:\WINDOWS\system32\jmuopglm.exe
2007-06-04 21:36 2,580 --a------ C:\WINDOWS\system32\yhptprwh.exe
2007-06-04 16:42 <DIR> d-------- C:\DOCUME~1\PETERK~1\PROGRA~1\CyberLink
2007-06-04 15:04 <DIR> d-------- C:\!KillBox
2007-06-03 21:41 2,580 --a------ C:\WINDOWS\system32\pkpedpeh.exe
2007-06-03 20:00 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware
2007-06-03 20:00 <DIR> d-------- C:\DOCUME~1\PETERK~1\PROGRA~1\SUPERAntiSpyware.com
2007-06-03 20:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com
2007-06-03 19:55 12,300,483 --------- C:\AVG7QT.DAT
2007-06-03 18:58 2,580 --a------ C:\WINDOWS\system32\bjnurhxo.exe
2007-06-03 18:48 60,928 --a------ C:\WINDOWS\system32\cjp.dll
2007-06-03 18:37 <DIR> d-------- C:\Programfiler\SmartSound Software
2007-06-03 18:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SmartSound Software Inc
2007-06-03 18:35 <DIR> d-------- C:\Programfiler\QuickTime
2007-06-02 23:16 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-06-02 19:50 <DIR> d-------- C:\Programfiler\MagicISO
2007-05-31 08:45 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 08:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 08:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 08:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 08:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-28 14:37 <DIR> d-------- C:\Programfiler\HyCam2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-21 09:31:21 4,196 ----a-w C:\WINDOWS\mozver.dat
2007-06-19 13:07:57 -------- d-----w C:\DOCUME~1\PETERK~1\PROGRA~1\uTorrent
2007-06-08 15:35:51 -------- d-----w C:\DOCUME~1\PETERK~1\PROGRA~1\teamspeak2
2007-06-04 15:24:11 -------- d-----w C:\Programfiler\DivX
2007-06-03 17:59:27 -------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard
2007-06-03 16:41:15 -------- d--h--w C:\Programfiler\InstallShield Installation Information
2007-06-03 16:41:15 -------- d-----w C:\Programfiler\CyberLink
2007-06-01 17:01:06 -------- d-----w C:\Programfiler\World of Warcraft
2007-05-18 16:02:39 -------- d-----w C:\Programfiler\LimeWire
2007-05-16 15:19:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 17:19:38 -------- d-----w C:\Programfiler\9Dragons
2007-05-13 10:24:29 -------- d-----w C:\Programfiler\Folding@Home
2007-05-04 21:13:42 -------- d-----w C:\Programfiler\FDRLab
2007-05-04 21:12:08 -------- d-----w C:\Programfiler\FreeUndelete
2007-05-04 21:08:02 -------- d-----w C:\Programfiler\SoftLogica
2007-05-04 21:02:30 -------- d-----w C:\Programfiler\DiskInternals
2007-05-04 20:51:50 -------- d-----w C:\Programfiler\WinUndelete
2007-05-02 13:00:38 -------- d-----w C:\DOCUME~1\PETERK~1\PROGRA~1\Viewpoint
2007-04-25 14:23:31 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:25 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-04-23 00:15:24 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-04-23 00:15:24 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:15:14 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-25 12:48:14 60,326 ----a-w C:\WINDOWS\system32\perfc014.dat
2007-03-25 12:48:14 384,784 ----a-w C:\WINDOWS\system32\perfh014.dat
2005-05-13 15:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 09:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 19:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 17:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 10:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 08:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 11:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll [2005-07-07 16:21]
{E57A1D42-81AA-DD2D-8A0B-88ADD2E624C7}=C:\WINDOWS\system32\cjp.dll [2007-05-21 15:59]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\programfiler\steam\steam.exe" -silent
"Aim6"="C:\Programfiler\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"Orb"="C:\Programfiler\Orb Networks\Orb\bin\OrbTray.exe" /background
"SUPERAntiSpyware"=C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" -atboottime
"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"
"Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" -hide
"WinampAgent"=C:\Programfiler\Winamp\winampa.exe
"hpfsched"=C:\WINDOWS\hpfsched.exe
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
"GPLv3"=rundll32.exe "C:\WINDOWS\system32\bxtlqwjw.dll",realset
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\install.EXE id= ver=1.0.0.0
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\AutoRunMorrowind.exe
install\command- E:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\AutoRun\Demo.exe
Contents of the 'Scheduled Tasks' folder
2007-06-15 15:16:08 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-05-26 23:32:00 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 12:33:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-21 12:34:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-21 12:34
--- E O F ---
2005-05-11 16:35 2333184 --a------ C:\Qoobox\Quarantine\C\WINDOWS\Installer\7d9e8.msi.vir 2006-04-29 20:53 49152 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\win.exe.vir 2007-06-03 18:47 33302 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkkige.dll.vir 2007-06-03 18:47 33302 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnlmll.dll.vir 2007-06-03 18:52 688392 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hgjlm.bak1.vir 2007-06-03 21:25 706559 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hgjlm.ini.vir 2007-06-03 21:35 263220 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gebcd.dll.vir 2007-06-03 21:35 688392 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.bak1.vir 2007-06-03 21:38 50740 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\biuxslqu.dll.vir 2007-06-06 20:44 67860 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xpdx.sys.vir 2007-06-07 21:38 58420 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bqnhkaqn.dll.vir 2007-06-10 17:15 125460 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lmhoxtup.dll.vir 2007-06-11 17:46 919653 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.tmp.vir 2007-06-11 20:16 939243 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.ini.vir 2007-06-14 13:56 62516 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uvndekft.dll.vir 2007-06-17 18:17 58420 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hgdpuftr.dll.vir 2007-06-17 18:23 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jjttyyps.dll.vir 2007-06-18 09:31 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bxtlqwjw.dll.vir 2007-06-18 09:32 2119174 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\spyyttjj.ini.vir 2007-06-18 09:39 355 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wjwqltxb.ini.vir 2007-06-20 11:01 125460 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\haonvrgi.dll.vir 2007-06-21 12:06 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fentvdyi.dll.vir 2007-06-21 12:20 907543 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iydvtnef.ini.vir 2007-06-21 12:20 925979 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.bak2.vir 2007-06-21 12:23 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kqnrjlrw.dll.vir 2007-06-21 12:25 890332 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wrljrnqk.ini.vir 2007-06-21 12:26 62516 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yoglobvr.dll.vir 2007-06-21 12:30 200 --a------ C:\Qoobox\Quarantine\Registry_backups\services_xpdx.reg.cf 2007-06-21 12:30 399 --a------ C:\Qoobox\Quarantine\catchme.log 2007-06-21 12:30 66310 --a------ C:\Qoobox\Quarantine\catchme2007-06-21_123327.20.zip 2007-06-21 12:30 920621 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dcbeg.ini2.vir S›kebane Volumserienummeret er 94FF-5604 C:\QOOBOX \---Quarantine | catchme.log | catchme2007-06-21_123327.20.zip | +---C | \---WINDOWS | +---Installer | | 7d9e8.msi.vir | | | \---system32 | biuxslqu.dll.vir | bqnhkaqn.dll.vir | bxtlqwjw.dll.vir | dcbeg.bak1.vir | dcbeg.bak2.vir | dcbeg.ini.vir | dcbeg.ini2.vir | dcbeg.tmp.vir | fentvdyi.dll.vir | gebcd.dll.vir | haonvrgi.dll.vir | hgdpuftr.dll.vir | hgjlm.bak1.vir | hgjlm.ini.vir | iydvtnef.ini.vir | jjttyyps.dll.vir | jkkkige.dll.vir | kqnrjlrw.dll.vir | lmhoxtup.dll.vir | pmnlmll.dll.vir | spyyttjj.ini.vir | uvndekft.dll.vir | win.exe.vir | wjwqltxb.ini.vir | wrljrnqk.ini.vir | xpdx.sys.vir | yoglobvr.dll.vir | \---Registry_backups services_xpdx.reg.cf
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lmpdaxtw
*******************
Script file located at: \??\C:\Documents and Settings\ilbdolwu.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\ufxvhudj.dll deleted successfully.
File C:\WINDOWS\system32\j6201834.exe deleted successfully.
File C:\WINDOWS\system32\skvxwvtf.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 12:39:42, on 21.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamereactor.no
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B1843C0D-7415-4DD4-A619-6A1EDB32B96A} - (no file)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll
O2 - BHO: (no name) - {E57A1D42-81AA-DD2D-8A0B-88ADD2E624C7} - C:\WINDOWS\system32\cjp.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm
O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/229?4dde03ce85104e3bb83b32813cb83cb
O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/230?4dde03ce85104e3bb83b32813cb83cb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DB8E775-305B-4402-BFB7-67090DB28F66}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mimer.no
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mimer.no
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
-
Hei Norbat, noe må fprtsatt vre galt. Jeg får meldinger som skrur av PCn min og av og til går internett kjempetregt. Jeg får en melding av "services.exe" slås av og da slås PCn av etter 30 sek. Av og til blir internett umulig. Jeg holder meg til å bumpe denne tråden, da det er samme problem. Jeg inkluderer en Hijack-this loggfil. Edit; Det kommer og plutselig opp popups med Celldorado etc. i iExplorer selv om jeg bruker FF.
Logfile of HijackThis v1.99.1
Scan saved at 11:17:18, on 21.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\j6201834.exe
C:\WINDOWS\system32\skvxwvtf.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamereactor.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamereactor.no
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\ufxvhudj.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm
O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/229?4dde03ce85104e3bb83b32813cb83cb
O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/230?4dde03ce85104e3bb83b32813cb83cb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DB8E775-305B-4402-BFB7-67090DB28F66}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mimer.no
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mimer.no
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:\WINDOWS\system32\j6201834.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\skvxwvtf.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
-
Som alle andre lisenserte spill, aner jeg hvor dette går.
-
Jeg har laget selv følkegnde (Fra spillet Morrowind)
http://www.youtube.com/watch?v=Y6_2K9zjEts
Alle items over der var plassert av meg. Verken cheats eller CS ble brukt.
Den siste;
-
Vel, da er stort sett alt trygt ja. Har nok lært meg en saftig lekse her, (var sløv og åpnet selvutpakkende trojanere) og selv om jeg prøvde selv i begynnelsen fikk jeg det ikke til.
Men må spørre Norbat, hvordan du har blitt så kunnskapsfull i dette området, og hvordan du analyserer HJT logger?
Takker hjertelig
-
Grei, visste ikke hvordan jeg fant filen i HJT og vet ikke helt og kan ikke bruke Killbox skikkelig tror jeg. (Den viste en slags melding etter det skulle komme reboot om at den var slettet) så jeg fant den i startup prosessene i tuneup utilities og fjernet den.
Her er nyeste HJT logg;
Logfile of HijackThis v1.99.1
Scan saved at 15:20:52, on 04.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamereactor.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamereactor.no
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm
O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/229?4dde03ce85104e3bb83b32813cb83cb
O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/230?4dde03ce85104e3bb83b32813cb83cb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DB8E775-305B-4402-BFB7-67090DB28F66}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mimer.no
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mimer.no
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
Må forresten rette en STOR takk mot Norbat som har hjulpet meg her, mesterlig gjort !
Må forresten tillate meg å spørre; Hvor har du fått slik kunnskap fra, og hvordan analyserer du alle loggene?
-
SAS logg;
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/03/2007 at 09:23 PM
Application Version : 3.8.1002
Core Rules Database Version : 3248
Trace Rules Database Version: 1259
Scan type : Complete Scan
Total Scan Time : 00:55:21
Memory items scanned : 167
Memory threats detected : 1
Registry items scanned : 5762
Registry threats detected : 55
File items scanned : 40408
File threats detected : 17
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\MLJGH.DLL
C:\WINDOWS\SYSTEM32\MLJGH.DLL
HKLM\Software\Classes\CLSID\{B1843C0D-7415-4DD4-A619-6A1EDB32B96A}
HKCR\CLSID\{B1843C0D-7415-4DD4-A619-6A1EDB32B96A}
HKCR\CLSID\{B1843C0D-7415-4DD4-A619-6A1EDB32B96A}\InprocServer32
HKCR\CLSID\{B1843C0D-7415-4DD4-A619-6A1EDB32B96A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}
HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}
HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}\InprocServer32
HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\FBLBBCRS.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1843C0D-7415-4DD4-A619-6A1EDB32B96A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD3447D4-CA39-4377-8084-30E86331D74C}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh
HKCR\CLSID\{CD3447D4-CA39-4377-8084-30E86331D74C}
Unclassified.Oreans32
HKLM\System\ControlSet002\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet004\Services\oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance
Trojan.Vundo
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#Asynchronous
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#DllName
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#Impersonate
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#Startup
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljgh#Logoff
Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon
C:\Programfiler\Outerinfo\Terms.rtf
C:\Programfiler\Outerinfo
Adware.ClickSpring
C:\DOCUMENTS AND SETTINGS\PETER KONGSVIK\MINE DOKUMENTER\DOBE~1\SPOOL32.EXE
Adware.Aurora-Installer
C:\PROGRAMFILER\CYBERLINK\POWERDIRECTOR\PDAURORA.DLL
Adware.ClickSpring/Yazzle
C:\PROGRAMFILER\FELLESFILER\YAZZLE1162OINUNINSTALLER.EXE
C:\RECYCLER\S-1-5-21-842925246-1993962763-725345543-1003\DC1\UNINSTALL.LNK
C:\WINDOWS\PREFETCH\YAZZLE1162OINADMIN.EXE-02D607D0.PF
Dialer.Dial/Gen Variant
C:\SDFIX\BACKUPS\MAX1D1641.EXE
Trojan.Downloader-PoofPoof/Rootkit
C:\SDFIX\BACKUPS\NTIO256.SYS
Trojan.Unknown Origin
C:\WINDOWS\SMANAGER.7.EXE~
C:\WINDOWS\SYSTEM32\WNSINTISV32.EXE
Trojan.Downloader-SpyTool
C:\WINDOWS\SYSTEM32\IFIOPFDV.DLL
Trace.Known Threat Sources
C:\Documents and Settings\Peter Kongsvik\Lokale innstillinger\Temporary Internet Files\Content.IE5\CNQBI9EP\campaigns7[1].encrypted
C:\Documents and Settings\Peter Kongsvik\Lokale innstillinger\Temporary Internet Files\Content.IE5\6HAV03WL\client_settings_3[1].bin
Logfile of HijackThis v1.99.1
Scan saved at 22:33:45, on 03.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamereactor.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamereactor.no
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ipqpwngj.exe] C:\Documents and Settings\All Users\Programdata\ipqpwngj.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Programfiler\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm
O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/229?4dde03ce85104e3bb83b32813cb83cb
O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/230?4dde03ce85104e3bb83b32813cb83cb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DB8E775-305B-4402-BFB7-67090DB28F66}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mimer.no
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mimer.no
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
Må forresten si at jeg setter STOR pris på Hjelpen Norbat, Tusen takk
-
Ok, her er loggene;
SDFix: Version 1.85
Run by Peter Kongsvik - 03.06.2007 - 20:15:57.18
Microsoft Windows XP [Versjon 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
ntio256
ImagePath:
\??\C:\WINDOWS\system32\ntio256.sys
ntio256 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system32\max1d1641.exe - Deleted
C:\WINDOWS\system32\ntio256.sys - Deleted
C:\WINDOWS\system32\winsys.exe - Deleted
C:\WINDOWS\wr.txt - Deleted
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programfiler\\EA Games\\MOHAA\\MOHAA.exe"="C:\\Programfiler\\EA Games\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Programfiler\\EA Games\\Battlefield 2\\Bf2_w32ded.exe"="C:\\Programfiler\\EA Games\\Battlefield 2\\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\\Programfiler\\EA Games\\Battlefield 2\\BF2VoipServer_w32ded.exe"="C:\\Programfiler\\EA Games\\Battlefield 2\\BF2VoipServer_w32ded.exe:*:Enabled:BF2VoipServer_w32ded"
"C:\\Programfiler\\GameSpy Arcade\\Aphex.exe"="C:\\Programfiler\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Programfiler\\BitTorrent\\bittorrent.exe"="C:\\Programfiler\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Programfiler\\EA Games\\Battlefield 2\\BF2.exe"="C:\\Programfiler\\EA Games\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Programfiler\\uTorrent\\utorrent.exe"="C:\\Programfiler\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Programfiler\\MSN Messenger\\msncall.exe"="C:\\Programfiler\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programfiler\\Grisoft\\AVG Free\\avginet.exe"="C:\\Programfiler\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programfiler\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Programfiler\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Programfiler\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Programfiler\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programfiler\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Programfiler\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Programfiler\\LimeWire\\LimeWire.exe"="C:\\Programfiler\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programfiler\\Steam\\SteamApps\\ar_pharazon\\counter-strike\\hl.exe"="C:\\Programfiler\\Steam\\SteamApps\\ar_pharazon\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Documents and Settings\\All Users\\Dokumenter\\Wc3 on espen (Espen)\\War3.exe"="C:\\Documents and Settings\\All Users\\Dokumenter\\Wc3 on espen (Espen)\\War3.exe:*:Enabled:Warcraft III"
"C:\\Documents and Settings\\All Users\\Dokumenter\\Counter-Strike\\Counter-Strike\\cstrike.exe"="C:\\Documents and Settings\\All Users\\Dokumenter\\Counter-Strike\\Counter-Strike\\cstrike.exe:*:Enabled:CounterStrike Launcher"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Programfiler\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"="C:\\Programfiler\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Programfiler\\Messenger\\msmsgs.exe"="C:\\Programfiler\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Programfiler\\Skype\\Phone\\Skype.exe"="C:\\Programfiler\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Programfiler\\Fellesfiler\\AOL\\Loader\\aolload.exe"="C:\\Programfiler\\Fellesfiler\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programfiler\\MSN Messenger\\msncall.exe"="C:\\Programfiler\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes:
C:\Documents and Settings\Peter Kongsvik\AndrMask\filmes p† adorocinema.cidadeinternet.com.br\Desktop.ini
C:\Documents and Settings\Peter Kongsvik\Lokale innstillinger\Programdata\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\HABBO RAID\Thumbs.db
C:\Programfiler\eRightSoft\SUPER\_Setup.dll
C:\Programfiler\eRightSoft\SUPER\mencoder\14_43260.dll
C:\Programfiler\eRightSoft\SUPER\mencoder\28_83260.dll
C:\Programfiler\eRightSoft\SUPER\mencoder\atrc3260.dll
C:\Programfiler\eRightSoft\SUPER\mencoder\cook3260.dll
C:\Programfiler\eRightSoft\SUPER\mencoder\dnet3260.dll
C:\Programfiler\eRightSoft\SUPER\mencoder\drv23260.dll
C:\Programfiler\eRightSoft\SUPER\mencoder\drv33260.dll
C:\Programfiler\eRightSoft\SUPER\mencoder\drv43260.dll
C:\Programfiler\eRightSoft\SUPER\mencoder\ivvideo.dll
C:\Programfiler\eRightSoft\SUPER\mencoder\qtmlClient.dll
C:\Programfiler\eRightSoft\SUPER\mencoder\raac.dll
C:\Programfiler\eRightSoft\SUPER\mencoder\sipr3260.dll
C:\Programfiler\VID_0E8F&PID_0012\Masspread\DualVibration\GAJoyFF.dll
C:\Programfiler\VID_0E8F&PID_0012\Masspread\DualVibration\GAJoyPS.dll
C:\WINDOWS\system32\avisynth.dll
C:\WINDOWS\system32\AVSredirect.dll
C:\WINDOWS\system32\cygwin1.dll
C:\WINDOWS\system32\cygz.dll
C:\WINDOWS\system32\i420vfw.dll
C:\WINDOWS\system32\Smab.dll
C:\WINDOWS\system32\yv12vfw.dll
C:\Programfiler\eRightSoft\SUPER\Setup.exe
C:\Programfiler\Home Plan Software\Easy Image Convertor\uninstall_imgconv.exe
C:\Programfiler\Smart Projects\IsoBuster\Help\AHlp.exe
C:\WINDOWS\meta4.exe
C:\WINDOWS\MOTA113.exe
C:\WINDOWS\x2.64.exe
C:\WINDOWS\system32\x.264.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp
Finished
Logfile of HijackThis v1.99.1
Scan saved at 21:45:03, on 03.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Documents and Settings\All Users\Programdata\ipqpwngj.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamereactor.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamereactor.no
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ipqpwngj.exe] C:\Documents and Settings\All Users\Programdata\ipqpwngj.exe
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\faxaviwl.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Programfiler\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Awre] "C:\DOCUME~1\PETERK~1\PROGRA~1\SSTEM~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Qlffj] "C:\Documents and Settings\Peter Kongsvik\Mine dokumenter\?dobe\spool32.exe"
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm
O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/229?4dde03ce85104e3bb83b32813cb83cb
O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/230?4dde03ce85104e3bb83b32813cb83cb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DB8E775-305B-4402-BFB7-67090DB28F66}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mimer.no
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mimer.no
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
Jeg vet ikke hvor jeg finner SAS loggen. Har lett overalt her
-
Ok, begynner nå.
-
Tror jeg har litt problemer med noen trojanere. Prøver å fjerne dem, men er ikke sikker på om de er borte. Legger ved HJT logfil
Logfile of HijackThis v1.99.1
Scan saved at 19:45:42, on 03.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Programfiler\Grisoft\AVG Free\avgcc.exe
C:\Programfiler\Grisoft\AVG Free\avgwb.dat
C:\WINDOWS\winhlp32.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamereactor.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamereactor.no
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sManager] smanager.7.exe
O4 - HKLM\..\Run: [ipqpwngj.exe] C:\Documents and Settings\All Users\Programdata\ipqpwngj.exe
O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\faxaviwl.dll",realset
O4 - HKLM\..\RunOnce: [Regcledtkrn] C:\WINDOWS\system32\Regsvr32.exe /s "C:\Programfiler\CyberLink\PowerDirector\cledtkrn.dll"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Programfiler\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Awre] "C:\DOCUME~1\PETERK~1\PROGRA~1\SSTEM~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Qlffj] "C:\Documents and Settings\Peter Kongsvik\Mine dokumenter\?dobe\spool32.exe"
O8 - Extra context menu item: &MSN Search - res://C:\Programfiler\MSN Toolbar Suite\TB\02.05.0000.1105\nb-no\msntb.dll/search.htm
O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/229?4dde03ce85104e3bb83b32813cb83cb
O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\MSN Toolbar Suite\TAB\02.05.0000.1105\nb-no\msntabres.dll/230?4dde03ce85104e3bb83b32813cb83cb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DB8E775-305B-4402-BFB7-67090DB28F66}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mimer.no
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mimer.no
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
-
Denne kan sikkert hackes, og da blir det bråk.
Nei stoler ikke på dette.
-
Kan denne brukes i mobiler, psp, ol. (som støtter memory stick Pro DUO)?
Dvs; Kan den brukes i min w810i?
Allergi mot fenalår?
i Helse
Skrevet
Nei, jeg reagerer vanligvis bare på salte "ubehandlede" kjøtt-typer som fenalår og mør. Annet kokt, stekt eller dampet kjøtt virker ikke å fremskape en allergisk reaksjon hos meg.
Jeg har prøvd å spise flere forskjellige typer fenalår, bla.a med og uten krydder. Alle har fremskapt samme type reaksjon