StereoSteward

5. september 2008

Hei.

Har en HP tx1250eo som jeg ønsker å legge inn XP på istedenfor Vista. Vil ha muligheten til å gå tilbake til Vista, så mitt spørsmål er det holder å ha en recovery cd til dette (forutsett at samtlige partisjoner på maskinen formateres)?

Evt. hva må jeg gjøre for å ha mulighet for å legge komme tilbake til original?

På forhånd takk

25. august 2008

Hjertelig takk for hjelpen!

22. august 2008

Her kommer loggene. Sent svar grunnet ferie.

Takk for hjelpen så langt!

ComboFix:

ComboFix 08-07-30.02 - ** 2008-08-22 11:48:22.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1499 [GMT 2:00]

Running from: C:\Documents and Settings\**\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\**\Skrivebord\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- REDUCED FUNCTIONALITY MODE -

FILE ::

C:\WINDOWS\7C5DA49A7AAD04B60D362BAEC3073F.exe

C:\WINDOWS\system32\lich.dat

C:\WINDOWS\system32\note32.exe

C:\WINDOWS\system32\SET18C.tmp

C:\WINDOWS\system32\tiqrgfap.tmp

C:\WINDOWS\system32\wpx11.cpx

C:\WINDOWS\system32\wpx15.cpx

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\7C5DA49A7AAD04B60D362BAEC3073F.exe

C:\WINDOWS\system32\lich.dat

C:\WINDOWS\system32\note32.exe

C:\WINDOWS\system32\tiqrgfap.tmp

.

((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))

.

2008-08-01 13:16 . 2008-08-22 11:46 <DIR> dr-h----- C:\Documents and Settings\**\Siste

2008-08-01 12:53 . 2008-08-01 12:53 <DIR> d-------- C:\Programfiler\MSXML 4.0

2008-07-31 14:02 . 2008-08-01 10:43 <DIR> d-------- C:\Programfiler\Trend Micro

2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d-------- C:\Documents and Settings\**\Programdata\SUPERAntiSpyware.com

2008-07-31 13:38 . 2008-07-31 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-07-31 13:26 . 2008-07-31 13:26 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-31 13:21 . 2008-07-31 13:21 <DIR> d-------- C:\Programfiler\CCleaner

2008-07-31 13:12 . 2008-07-31 13:12 <DIR> d-------- C:\Programfiler\Sun

2008-07-31 13:11 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-07-31 13:10 . 2008-07-31 13:11 <DIR> d-------- C:\Programfiler\Java

2008-07-31 12:54 . 2008-07-31 12:54 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-07-31 10:51 . 2008-07-31 10:57 <DIR> d-------- C:\Documents and Settings\**\.housecall6.6

2008-07-31 09:40 . 2008-07-31 09:40 <DIR> d-------- C:\WINDOWS\system32\4213

2008-07-31 09:35 . 2008-07-31 09:35 168 --a------ C:\log.udt

2008-07-30 11:11 . 2008-08-02 05:07 <DIR> d--h----- C:\$AVG8.VAULT$

2008-07-30 11:10 . 2008-07-30 11:10 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-30 11:10 . 2008-07-30 11:10 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-30 11:10 . 2008-07-30 11:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-07-30 11:09 . 2008-08-01 10:42 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-07-30 11:09 . 2008-07-30 11:09 <DIR> d-------- C:\Programfiler\AVG

2008-07-30 11:09 . 2008-07-31 10:39 <DIR> d-------- C:\Documents and Settings\**\Programdata\AVGTOOLBAR

2008-07-30 11:08 . 2008-07-30 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8

2008-07-30 10:25 . 2008-02-17 08:20 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste

2008-07-30 10:25 . 2008-07-31 14:05 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter

2008-07-30 10:25 . 2008-02-17 00:45 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2008-07-30 10:25 . 2008-08-22 11:48 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter

2008-07-30 10:25 . 2008-02-17 08:20 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2008-07-30 10:25 . 2008-07-30 11:10 <DIR> d-------- C:\Documents and Settings\Administrator

2008-07-29 14:24 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-29 14:24 . 2008-06-14 20:00 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-23 13:01 . 2008-07-23 13:01 <DIR> d-------- C:\Programfiler\VideoLAN

2008-07-23 13:01 . 2008-07-23 13:01 <DIR> d-------- C:\Documents and Settings\**\Programdata\vlc

2008-07-23 11:40 . 2008-07-23 11:40 49 --a------ C:\WINDOWS\hpntwksetup.ini

2008-07-23 11:20 . 2008-07-23 11:20 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-11 09:27 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-07-11 09:27 --------- d-----w C:\Programfiler\Bonjour

2008-07-11 06:31 --------- d-----w C:\Programfiler\AutoCAD 2002

2008-07-08 09:20 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet

2008-07-08 09:17 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared

2008-07-03 07:52 --------- d-----w C:\Programfiler\Hewlett-Packard

2008-07-03 07:51 --------- d-----w C:\Documents and Settings\All Users\Programdata\Hewlett-Packard

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

.

((((((((((((((((((((((((((((( snapshot_2008-08-01_13.20.19.57 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-08-02 12:00:00 100,352 ------w C:\WINDOWS\system32\6to4svc.dll

+ 2006-08-16 12:00:08 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll

- 2007-08-02 12:00:00 1,022,976 ------w C:\WINDOWS\system32\browseui.dll

+ 2008-04-21 07:04:03 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll

- 2007-08-02 12:00:00 100,352 -c----w C:\WINDOWS\system32\dllcache\6to4svc.dll

+ 2006-08-16 12:00:08 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll

- 2007-08-02 12:00:00 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys

+ 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys

- 2007-08-02 12:00:00 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll

+ 2008-06-20 17:43:13 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

- 2007-08-02 12:00:00 246,784 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll

+ 2008-06-20 17:43:14 246,784 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll

- 2007-08-02 12:00:00 359,040 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys

+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys

- 2007-08-02 12:00:00 223,616 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

- 2007-08-02 12:00:00 148,480 ------w C:\WINDOWS\system32\dnsapi.dll

+ 2008-06-20 17:43:13 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

- 2007-08-02 12:00:00 3,070,464 ------w C:\WINDOWS\system32\mshtml.dll

+ 2008-04-21 07:04:05 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2007-08-02 12:00:00 1,492,480 ------w C:\WINDOWS\system32\shdocvw.dll

+ 2008-04-21 07:04:05 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll

- 2007-08-02 12:00:00 474,112 ------w C:\WINDOWS\system32\shlwapi.dll

+ 2008-04-21 07:04:05 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll

- 2007-08-02 12:00:00 612,352 ------w C:\WINDOWS\system32\urlmon.dll

+ 2008-04-21 07:04:05 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2007-08-02 12:00:00 655,872 ------w C:\WINDOWS\system32\wininet.dll

+ 2008-04-21 07:04:06 658,944 ----a-w C:\WINDOWS\system32\wininet.dll

- 2007-08-02 12:00:00 353,792 ------w C:\WINDOWS\system32\xpsp3res.dll

+ 2008-04-17 11:03:56 354,304 ----a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2008-08-22 09:43:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_ac.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 14:35 90112]

"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2006-10-14 12:43 69632]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 14:00 15360]

"LightScribe Control Panel"="C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe" [2007-06-20 13:49 451872]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-08-04 02:15 1667584]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power_Gear"="C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 19:01 90112]

"ACU"="C:\Programfiler\Atheros\ACU.exe" [2007-05-03 18:42 376921]

"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 18:37 110592]

"SMSERIAL"="C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 18:31 630784]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"Adobe Acrobat Speed Launcher"="C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 02:25 37232]

"Acrobat Assistant 8.0"="C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 22:43 640376]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-30 11:09 1232152]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 18:21 16270848 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\**\Start-meny\Programmer\Oppstart\

CCC.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 11:57:36 49152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=mssetd.dll,avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-30 11:10]

R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-30 11:09]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-30 11:09]

R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-30 11:10]

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-02-07 19:44]

R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 15:37]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-02-13 13:41]

R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 20:52]

S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []

S2 PlugPlayRPC;Plug and Play (RPC);C:\WINDOWS\portsv.exe service []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Programfiler\Fellesfiler\LightScribe\LSRunOnce.exe"

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-C:\WINDOWS\system32\kdnww.exe - C:\WINDOWS\system32\kdnww.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-22 11:48:46

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\13f42a0d3b00787e425af6020fcbcdcf.sys 36864 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C:]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\13f42a0d3b00787e425af6020fcbcdcf]

"ImagePath"="system32\13f42a0d3b00787e425af6020fcbcdcf.sys"

.

Completion time: 2008-08-22 11:50:46

ComboFix-quarantined-files.txt 2008-08-22 09:50:26

Pre-Run: 67,953,901,568 byte ledig

Post-Run: 67,944,341,504 byte ledig

191 --- E O F --- 2008-08-01 10:57:17

Fikk ikke kjørt sc stop PlugPlay RPC

Fikk denne feilmld:

C:\Documents and Settings\SINDRE1>sc stop PlugPlayRPC

[sC] ControlService FAILED 1062:

Tjenesten er ikke startet.

Gikk inn i Kontrollpanel -> Administrative verktøy -> Tjenester og sjekket at Plug and Play (RPC) tjenestestatus = stoppet

MBAM:

Malwarebytes' Anti-Malware 1.25

Database versjon: 1062

Windows 5.1.2600 Service Pack 2

12:05:05 22.08.2008

mbam-log-08-22-2008 (12-04-57).txt

Skanntype: Rask Skann

Objekter skannet: 45373

Tid tilbakelagt: 3 minute(s), 8 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\rhcg3fj0e92a (Rogue.Multiple) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlayRPC (Trojan.Agent) -> No action taken.

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\http://91.203.92.13/files/41/0/file.exe (Trojan.Agent) -> No action taken.

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\WINDOWS\system32\13f42a0d3b00787e425af6020fcbcdcf.sys (Trojan.Agent) -> No action taken.

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:42:22, on 22.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mnmsrvc.exe

C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\StkCSrv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe

C:\Programfiler\Atheros\ACU.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe

C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe

C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ASUSTPE.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\Høyjakk\jee.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [Power_Gear] C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [ACU] C:\Programfiler\Atheros\ACU.exe -nogui

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: CCC.lnk = ?

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217496979090

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programfiler\AutoCAD 2002\AcPreview.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{19C9F23F-CC70-422B-8E9A-62BD036ECA49}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{19C9F23F-CC70-422B-8E9A-62BD036ECA49}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{19C9F23F-CC70-422B-8E9A-62BD036ECA49}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: mssetd.dll,avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Atheros konfigurasjonstjeneste (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--

End of file - 8719 bytes

1. august 2008

Beklager dårlig topic men får ikke beskrevet det på annet vis...

Lastet ned oppdateringer til XP via winupdate, da jeg restartet maskinene fikk jeg opp Antivirus XP 2008 som fortalte at jeg hadde masse virus. Jeg har ikke installert AntiVIRUS XP 2008, så jeg startet opp i sikkermodus og prøvde og avinstallere det uten hell. Kompisen min sa jeg skulle slette det fra regedit > HKEY_LOCAL_MACHINE\SOFTWARE\rh_ettellerannet og fra C:\programfiler\rhEttEllerAnnet, så da gjorde jeg det uten at problemet stoppet der...

Har kjørt AVG som har tatt noe, men tydeligvis ikke alt.

Kan nevne at de oppdateringene jeg lastet ned fra windows må jeg nå laste ned på nytt igjen. Hadde også problemer under oppstart hvor bl.a. ATI ikke fikk startet sitt kontrollpanel, og winupdate.exe ikke fant pathway, men disse problemene er tilsynelatende borte.

Får ikke kjørt SAS da det dukker opp blåskjerm med mld 0x00000050 når jeg har kjørt SAS i ca 1,5 min

HJT:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:21:46, on 01.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mnmsrvc.exe

C:\Programfiler\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\StkCSrv.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe

C:\Programfiler\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ASUSTPE.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe