Urbanlapp
-
Innlegg
72 -
Ble med
-
Besøkte siden sist
Innholdstype
Profiler
Forum
Hendelser
Blogger
Om forumet
Innlegg skrevet av Urbanlapp
-
-
http://www.komplett.no/k/ki.aspx?sku=596334
Den bestilte jeg i dag, jeg tror du og vil bli fornøyd med den!
-
Noen som har erfaringer med disse:
http://www.komplett.no/k/ki.aspx?sku=579891&cks=ASS&assoc=20ACC316-0E63-43E2-9BBE-D2583A1CB52E
og
http://www.komplett.no/k/ki.aspx?sku=596333
Ev. noen andre modeller!
-
Hei!
Jeg er på utkikk etter en ny TV.
Den skal være mellom 42 og 47 tommer(helst 45/47), LED, budsjett under 10 tusen kr.
Tv-en blir brukt til film, TV (analog kabel, og digital ), og PS3.
Noen tips??
-
Jeg har fått alle oppdateringene samme dag som Nokia har gitt dem ut. Og min N97 er norsk!
Min N97 har fungert opp i mot perfekt siden jeg kjøpte den i juli. Og lurer fælt på om det er jeg og de jeg kjenner som har N97 som er veldig heldige, eller er det andre grunner til at våre telefoner fungerer utmerket, mens andre sliter mer, og klager på nettfora.
-
Batteriet varer ikke en dag engang...!!!! Jeg nevnte vel at telefonen er TREG?. Oppdatering av firmware er det sikkert noen som mener jeg skal prøve på.. vel det har jeg gjort og det er en oppdatert firmware ute.. men jeg får ikke oppdatere.. hva med nokia support..?? ingen hjelp av de heller.
Vurdert å dra innom stedet du kjøpte telefonen? De kan sikkert hjelpe deg med oppdateringen!
Min telefon er ikke spesielt treg, og batteriet holder i noen dager ved normal bruk, litt kortere tid en min gamle N95, men fremdeles helt greit.
-
Er fristet til å kjøpe telefonen, jeg har en N97, og har ikke opplevd noen problemer med den. Ikke noen form for problemer siden jeg kjøpte den i juli.
Synd at noen sliter med telefonen, jeg er storfornøyd!
-
http://www.finn.no/finn/bap/object?finnkode=18097942
En litt for god deal.
Telefonen er i Romania og betaling kan skje via express-global.net........
-
Selvom maskinen serut til å fungere, er det ønskelig med en ny logg (etter at du har kjørt CCleaner)
Hvilken av loggene? ComboFix?
-
last ned Ccleaner: http://www.filehippo.com/download_ccleaner/
og kjør en skann
også hadde en ny logg vært fint
Beklager sent svar!
Maskinen fungerer utmerket og var hos eier og i bruk når jeg så denne posten. uansett så ser det ut til å ha hjulpet, alt fungerer utmerket!
Tusen tak for hjelpen!
-
Når jeg skal installere Wall-E så velger installasjonsprogrammet å avinstalere Ratatouille... Noen som har vært borti det?
-
Scan taken on 16 Nov 2008 00:06:30 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
ComboFix 08-11-13.02 - evamhg 2008-11-16 0:51:37.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.577 [GMT 1:00]
Running from: c:\documents and settings\evamhg\Skrivebord\ComboFix.exe
Command switches used :: c:\documents and settings\evamhg\Skrivebord\CFScript.txt
* Created a new restore point
FILE ::
c:\documents and settings\All Users\Application Data\edomyqinec.exe
c:\documents and settings\evamhg\Programdata\mocimy.sys
c:\documents and settings\evamhg\Programdata\motyva.scr
c:\program files\Common Files\ofiro.pif
c:\program files\Common Files\rysoxys.vbs
c:\program files\Common Files\ytyjyxetu.sys
c:\windows\abujyrozap.dl
c:\windows\iluj.vbs
c:\windows\mawuwe.com
c:\windows\ocyhiwyt.sys
c:\windows\system32\ucyrixora.lib
c:\windows\system32\zomuz.db
c:\windows\ubyvito.lib
c:\windows\xedyqy.ban
c:\windows\ylowumu.com
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\edomyqinec.exe
c:\documents and settings\evamhg\Programdata\mocimy.sys
c:\documents and settings\evamhg\Programdata\motyva.scr
c:\program files\Common Files\ofiro.pif
c:\program files\Common Files\rysoxys.vbs
c:\program files\Common Files\ytyjyxetu.sys
c:\windows\abujyrozap.dl
c:\windows\iluj.vbs
c:\windows\mawuwe.com
c:\windows\ocyhiwyt.sys
c:\windows\system32\ucyrixora.lib
c:\windows\system32\zomuz.db
c:\windows\ubyvito.lib
c:\windows\xedyqy.ban
c:\windows\ylowumu.com
.
((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.
2008-11-15 20:07 . 2008-11-15 20:07 <DIR> d-------- c:\program files\Trend Micro
2008-11-15 17:59 . 2008-11-15 17:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 17:59 . 2008-11-15 17:59 <DIR> d-------- c:\documents and settings\evamhg\Programdata\Malwarebytes
2008-11-15 17:59 . 2008-11-15 17:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-15 17:59 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 17:59 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 16:55 . 2008-11-15 16:55 118 --a------ c:\windows\system32\MRT.INI
2008-10-25 16:28 . 2008-10-25 16:28 268 --ah----- C:\sqmdata06.sqm
2008-10-25 16:28 . 2008-10-25 16:28 244 --ah----- C:\sqmnoopt06.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-03 11:33 --------- d-----w c:\program files\ICE
2008-09-20 20:39 --------- d-----w c:\documents and settings\evamhg\Programdata\vlc
2008-09-20 20:37 --------- d-----w c:\program files\VideoLAN
2008-08-25 09:29 10,752 ----a-w c:\windows\DCEBoot.exe
2008-08-23 10:50 24,314,424 ----a-w C:\Norman_Malware_Cleaner.exe
2007-12-06 20:55 20,632 ----a-w c:\documents and settings\evamhg\Programdata\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-11-15_18.29.01.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-15 17:13:52 71,710 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-15 22:38:38 71,710 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-15 17:13:52 442,192 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-15 22:38:39 442,192 ----a-w c:\windows\system32\perfh009.dat
+ 2007-01-08 19:15:18 176,195 ----a-w c:\windows\temp\LS4882.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"OfficeScanNT Monitor"="c:\officescan nt\pccntmon.exe" [2007-01-08 356429]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-08-21 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-28 28544]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2008-10-03 93440]
S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792]
.
Contents of the 'Scheduled Tasks' folder
2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 00:55:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\scardsvr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\officescan nt\NTRtScan.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\officescan nt\TmListen.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\officescan nt\OfcPfwSvc.exe
c:\windows\temp\LS4882.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-11-16 0:58:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-15 23:58:18
ComboFix2.txt 2008-11-15 22:39:39
ComboFix3.txt 2008-11-15 20:44:34
ComboFix4.txt 2008-11-15 17:29:27
Pre-Run: 10,485,571,584 bytes free
Post-Run: 10,504,974,336 byte ledig
181 --- E O F --- 2008-11-15 15:55:45
-
Beklager at det tok litt tid...
ComboFix 08-11-13.02 - evamhg 2008-11-15 23:30:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.572 [GMT 1:00]
Running from: c:\documents and settings\evamhg\Skrivebord\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.
2008-11-15 20:07 . 2008-11-15 20:07 <DIR> d-------- c:\program files\Trend Micro
2008-11-15 17:59 . 2008-11-15 17:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 17:59 . 2008-11-15 17:59 <DIR> d-------- c:\documents and settings\evamhg\Programdata\Malwarebytes
2008-11-15 17:59 . 2008-11-15 17:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-15 17:59 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 17:59 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 16:55 . 2008-11-15 16:55 118 --a------ c:\windows\system32\MRT.INI
2008-11-15 16:41 . 2008-11-15 16:41 19,085 --a------ c:\documents and settings\All Users\Application Data\edomyqinec.exe
2008-11-15 16:41 . 2008-11-15 16:41 18,791 --a------ c:\windows\xedyqy.ban
2008-11-15 16:41 . 2008-11-15 16:41 18,745 --a------ c:\windows\system32\zomuz.db
2008-11-15 16:41 . 2008-11-15 16:41 18,510 --a------ c:\windows\iluj.vbs
2008-11-15 16:41 . 2008-11-15 16:41 18,238 --a------ c:\program files\Common Files\ytyjyxetu.sys
2008-11-15 16:41 . 2008-11-15 16:41 17,531 --a------ c:\program files\Common Files\ofiro.pif
2008-11-15 16:41 . 2008-11-15 16:41 17,442 --a------ c:\windows\ocyhiwyt.sys
2008-11-15 16:41 . 2008-11-15 16:41 17,322 --a------ c:\documents and settings\evamhg\Programdata\mocimy.sys
2008-11-15 16:41 . 2008-11-15 16:41 15,155 --a------ c:\windows\system32\ucyrixora.lib
2008-11-15 16:41 . 2008-11-15 16:41 14,992 --a------ c:\program files\Common Files\rysoxys.vbs
2008-11-15 16:41 . 2008-11-15 16:41 14,714 --a------ c:\windows\mawuwe.com
2008-11-15 16:41 . 2008-11-15 16:41 13,504 --a------ c:\windows\ylowumu.com
2008-11-15 16:41 . 2008-11-15 16:41 12,247 --a------ c:\windows\abujyrozap.dl
2008-11-15 16:41 . 2008-11-15 16:41 11,467 --a------ c:\documents and settings\evamhg\Programdata\motyva.scr
2008-11-15 16:41 . 2008-11-15 16:41 10,134 --a------ c:\windows\ubyvito.lib
2008-10-25 16:28 . 2008-10-25 16:28 268 --ah----- C:\sqmdata06.sqm
2008-10-25 16:28 . 2008-10-25 16:28 244 --ah----- C:\sqmnoopt06.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-03 11:33 --------- d-----w c:\program files\ICE
2008-09-20 20:39 --------- d-----w c:\documents and settings\evamhg\Programdata\vlc
2008-09-20 20:37 --------- d-----w c:\program files\VideoLAN
2008-08-25 09:29 10,752 ----a-w c:\windows\DCEBoot.exe
2008-08-23 10:50 24,314,424 ----a-w C:\Norman_Malware_Cleaner.exe
2007-12-06 20:55 20,632 ----a-w c:\documents and settings\evamhg\Programdata\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-11-15_18.29.01.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-15 17:13:52 71,710 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-15 20:32:44 71,710 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-15 17:13:52 442,192 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-15 20:32:44 442,192 ----a-w c:\windows\system32\perfh009.dat
+ 2007-01-08 19:15:18 176,195 ----a-w c:\windows\temp\ZD8922.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"OfficeScanNT Monitor"="c:\officescan nt\pccntmon.exe" [2007-01-08 356429]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-08-21 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-28 28544]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2008-10-03 93440]
S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792]
.
Contents of the 'Scheduled Tasks' folder
2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 -: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://sastud/officescan/console/html/AtxEnc.cab
c:\windows\Downloaded Program Files\AtxEnc.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 23:36:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\scardsvr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\officescan nt\NTRtScan.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\officescan nt\TmListen.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\officescan nt\OfcPfwSvc.exe
c:\windows\temp\ZD8922.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-11-15 23:39:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-15 22:39:33
ComboFix2.txt 2008-11-15 20:44:34
ComboFix3.txt 2008-11-15 17:29:27
Pre-Run: 10,550,308,864 bytes free
Post-Run: 10,535,305,216 byte ledig
169 --- E O F --- 2008-11-15 15:55:4
-
Malwarebytes' Anti-Malware 1.30
Database versjon: 1400
Windows 5.1.2600 Service Pack 2
2008-11-15 22:48:15
mbam-log-2008-11-15 (22-48-15).txt
Skanntype: Rask Skann
Objekter skannet: 45358
Tid tilbakelagt: 3 minute(s), 53 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert: 0
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
(Ingen mistenkelige filer funnet)
Registerverdier infisert:
(Ingen mistenkelige filer funnet)
Registerfiler infisert:
(Ingen mistenkelige filer funnet)
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
(Ingen mistenkelige filer funnet)
-
Av en eller annen grunn har virusprogrammet blitt borte..... derfor misstanken om skumle programmer på maskinen...
AVG skal installeres straks..
-
Malwarebytes' Anti-Malware 1.30
Database versjon: 1400
Windows 5.1.2600 Service Pack 2
15.11.2008 18:08:08
mbam-log-2008-11-15 (18-08-08).txt
Skanntype: Rask Skann
Objekter skannet: 46733
Tid tilbakelagt: 4 minute(s), 28 second(s)
Minneprosesser infisert: 1
Minnemoduler infisert: 0
Registernøkler infisert: 4
Registerverdier infisert: 4
Registerfiler infisert: 0
Mapper infisert: 6
Filer infisert: 21
Minneprosesser infisert:
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00c2b9 (Trojan.Vundo) -> Quarantined and deleted successfully.
Registerverdier infisert:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f783b4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Registerfiler infisert:
(Ingen mistenkelige filer funnet)
Mapper infisert:
C:\Program Files\AntivirusPro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antispy (Rogue.AntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\Antispy\AboutBuster (Rogue.AntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\Antispy\CWShredder (Rogue.AntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\Antispy\HSRemove (Rogue.AntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\Antispy\McAfee Avert Stinger (Rogue.AntiSpy) -> Quarantined and deleted successfully.
Filer infisert:
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\flav.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Uninstall.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antispy\AboutBuster\AboutBuster.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\Antispy\AboutBuster\AboutBuster.zip (Rogue.AntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\Antispy\AboutBuster\Read Me.rtf (Rogue.AntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\Antispy\CWShredder\cwshredder.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\Antispy\HSRemove\hsremove.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\Antispy\McAfee Avert Stinger\stng260.exe (Rogue.AntiSpy) -> Quarantined and deleted successfully.
C:\Program Files\Antispy\McAfee Avert Stinger\stng260.opt (Rogue.AntiSpy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10542.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\evamhg\Lokale innstillinger\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\evamhg\Cookies\woqy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Skal scanne på nytt....
-
ComboFix 08-11-13.02 - evamhg 2008-11-15 21:25:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.569 [GMT 1:00]
Running from: c:\documents and settings\evamhg\Skrivebord\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.
2008-11-15 20:07 . 2008-11-15 20:07 <DIR> d-------- c:\program files\Trend Micro
2008-11-15 17:59 . 2008-11-15 17:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 17:59 . 2008-11-15 17:59 <DIR> d-------- c:\documents and settings\evamhg\Programdata\Malwarebytes
2008-11-15 17:59 . 2008-11-15 17:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-15 17:59 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 17:59 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 16:55 . 2008-11-15 16:55 118 --a------ c:\windows\system32\MRT.INI
2008-11-15 16:41 . 2008-11-15 16:41 19,085 --a------ c:\documents and settings\All Users\Application Data\edomyqinec.exe
2008-11-15 16:41 . 2008-11-15 16:41 18,791 --a------ c:\windows\xedyqy.ban
2008-11-15 16:41 . 2008-11-15 16:41 18,745 --a------ c:\windows\system32\zomuz.db
2008-11-15 16:41 . 2008-11-15 16:41 18,510 --a------ c:\windows\iluj.vbs
2008-11-15 16:41 . 2008-11-15 16:41 18,238 --a------ c:\program files\Common Files\ytyjyxetu.sys
2008-11-15 16:41 . 2008-11-15 16:41 17,531 --a------ c:\program files\Common Files\ofiro.pif
2008-11-15 16:41 . 2008-11-15 16:41 17,442 --a------ c:\windows\ocyhiwyt.sys
2008-11-15 16:41 . 2008-11-15 16:41 17,322 --a------ c:\documents and settings\evamhg\Programdata\mocimy.sys
2008-11-15 16:41 . 2008-11-15 16:41 15,155 --a------ c:\windows\system32\ucyrixora.lib
2008-11-15 16:41 . 2008-11-15 16:41 14,992 --a------ c:\program files\Common Files\rysoxys.vbs
2008-11-15 16:41 . 2008-11-15 16:41 14,714 --a------ c:\windows\mawuwe.com
2008-11-15 16:41 . 2008-11-15 16:41 13,504 --a------ c:\windows\ylowumu.com
2008-11-15 16:41 . 2008-11-15 16:41 12,247 --a------ c:\windows\abujyrozap.dl
2008-11-15 16:41 . 2008-11-15 16:41 11,467 --a------ c:\documents and settings\evamhg\Programdata\motyva.scr
2008-11-15 16:41 . 2008-11-15 16:41 10,134 --a------ c:\windows\ubyvito.lib
2008-10-25 16:28 . 2008-10-25 16:28 268 --ah----- C:\sqmdata06.sqm
2008-10-25 16:28 . 2008-10-25 16:28 244 --ah----- C:\sqmnoopt06.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-03 11:33 --------- d-----w c:\program files\ICE
2008-09-20 20:39 --------- d-----w c:\documents and settings\evamhg\Programdata\vlc
2008-09-20 20:37 --------- d-----w c:\program files\VideoLAN
2008-08-25 09:29 10,752 ----a-w c:\windows\DCEBoot.exe
2008-08-23 10:50 24,314,424 ----a-w C:\Norman_Malware_Cleaner.exe
2007-12-06 20:55 20,632 ----a-w c:\documents and settings\evamhg\Programdata\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-11-15_18.29.01.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-15 17:13:52 71,710 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-15 20:32:44 71,710 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-15 17:13:52 442,192 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-15 20:32:44 442,192 ----a-w c:\windows\system32\perfh009.dat
+ 2007-01-08 19:15:18 176,195 ----a-w c:\windows\temp\BUC623.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"OfficeScanNT Monitor"="c:\officescan nt\pccntmon.exe" [2007-01-08 356429]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-08-21 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-28 28544]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2008-10-03 93440]
S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792]
.
Contents of the 'Scheduled Tasks' folder
2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 -: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://sastud/officescan/console/html/AtxEnc.cab
c:\windows\Downloaded Program Files\AtxEnc.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 21:42:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\scardsvr.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\officescan nt\NTRtScan.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\officescan nt\TmListen.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\officescan nt\OfcPfwSvc.exe
c:\windows\temp\BUC623.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-11-15 21:44:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-15 20:44:28
ComboFix2.txt 2008-11-15 17:29:27
Pre-Run: 10,548,830,208 bytes free
Post-Run: 10,539,724,800 byte ledig
168 --- E O F --- 2008-11-15 15:55:45
-
Jeg har fulgt "oppskriften" postet her, og her er loggen til HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24, on 2008-11-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\OfficeScan NT\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\OfficeScan NT\tmlisten.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\OfficeScan NT\OfcPfwSvc.exe
C:\WINDOWS\TEMP\QZ820F.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\MSN Messenger\usnsvc.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PowerTech - {4E21EFFE-F0AB-4C0E-A01E-8A60C4690CB8} - http://www.powertech.no/ (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://sastud/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sastud/officescan/console/ClientInstall/setup.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://sastud/officescan/console/html/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sastud/officescan/console/ClientIns.../RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187686828103
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187687231305
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = studentnett.intern
O17 - HKLM\Software\..\Telephony: DomainName = studentnett.intern
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = studentnett.intern
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = studentnett.intern
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
-
Tusen tak for hjelpen! Har gjort alt, og håper på at alt er bra.
Pop Upen har ikke dukket opp etter at jeg har kjørt programmene. Jeg kommer tilbake til tråden hvis det dukker opp noe sånt i løpet av de neste timene!
Igjen.....Tusen takk for hjelpen!
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:07, on 23.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe
C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe
c:\programfiler\lenovo\system update\suservice.exe
C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\DAEMON Tools Lite\daemon.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\Fellesfiler\Lenovo\Logger\logmon.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dan\Skrivebord\Test.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207729548343
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
-
Malwarebytes' Anti-Malware 1.30
Database versjon: 1310
Windows 5.1.2600 Service Pack 3
23.10.2008 22:23:51
mbam-log-2008-10-23 (22-23-42).txt
Skanntype: Rask Skann
Objekter skannet: 48994
Tid tilbakelagt: 5 minute(s), 44 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 2
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert: 2
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
(Ingen mistenkelige filer funnet)
Registerverdier infisert:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\utilset (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\admutilchk (Trojan.FakeAlert.H) -> No action taken.
Registerfiler infisert:
(Ingen mistenkelige filer funnet)
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
C:\WINDOWS\system32\lulipofq.exe (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\system32\hejqbuts.exe (Trojan.FakeAlert.H) -> No action taken.
ComboFix 08-10-23.01 - Dan 2008-10-23 22:35:44.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.494 [GMT 2:00]
Running from: C:\Documents and Settings\Dan\Skrivebord\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))
.
2008-10-23 22:16 . 2008-10-23 22:16 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware
2008-10-23 22:16 . 2008-10-23 22:16 <DIR> d-------- C:\Documents and Settings\Dan\Programdata\Malwarebytes
2008-10-23 22:16 . 2008-10-23 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-10-23 22:16 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-23 22:16 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-23 22:13 . 2008-10-23 22:33 <DIR> dr-h----- C:\Documents and Settings\Dan\Siste
2008-10-23 21:19 . 2008-10-15 18:38 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 17:22 . 2008-10-23 17:21 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-23 17:20 . 2008-10-23 20:15 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-10-23 12:11 . 2007-12-02 18:11 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny
2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere
2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste
2008-10-23 12:11 . 2008-10-23 17:19 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata
2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter
2008-10-23 12:11 . 2007-12-02 18:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler
2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger
2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter
2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask
2008-10-23 12:11 . 2008-10-23 17:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-22 09:59 . 2008-10-23 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\xchezyzg
2008-10-20 14:24 . 2008-10-20 14:24 <DIR> d-------- C:\Documents and Settings\Dan\Programdata\OpenOffice.org
2008-10-20 14:21 . 2008-10-20 14:21 <DIR> d-------- C:\Programfiler\OpenOffice.org 3
2008-10-15 10:09 . 2008-08-14 15:27 2,190,976 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 10:09 . 2008-08-14 15:27 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 10:09 . 2008-08-14 15:27 2,067,840 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 10:09 . 2008-08-14 15:27 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 09:21 . 2008-09-15 17:29 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 09:15 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 19:26 . 2008-10-23 22:39 2,600 --a------ C:\WINDOWS\system32\ICAutoUpdate.log.bak
2008-10-14 18:55 . 2008-10-14 19:25 <DIR> d-------- C:\Programfiler\ThinkVantage Fingerprint Software
2008-10-14 18:55 . 2008-10-14 18:55 <DIR> d-------- C:\Programfiler\Fellesfiler\ThinkVantage Fingerprint Software
2008-10-14 18:55 . 2008-10-14 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\UIB
2008-09-23 19:52 . 2008-09-23 19:52 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite
2008-09-23 19:52 . 2008-09-23 19:52 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia
2008-09-23 19:52 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-09-23 19:52 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-09-23 19:52 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-09-23 19:52 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-09-23 19:52 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-09-23 19:52 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-09-23 19:51 . 2008-09-23 19:52 <DIR> d-------- C:\Programfiler\Nokia
2008-09-23 19:21 . 2008-09-23 19:21 <DIR> d-------- C:\Programfiler\VS Revo Group
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 10:43 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2008-10-22 10:14 --------- d-----w C:\Programfiler\Spybot - Search & Destroy
2008-10-22 07:35 --------- d-----w C:\Programfiler\Microsoft Silverlight
2008-10-20 11:21 --------- d-----w C:\Documents and Settings\Dan\Programdata\OpenOffice.org2
2008-10-14 20:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lenovo
2008-10-14 17:02 --------- d-----w C:\Programfiler\Lenovo
2008-10-14 17:02 --------- d-----w C:\Programfiler\Fellesfiler\Lenovo
2008-10-14 17:01 33,536 ----a-w C:\WINDOWS\system32\drivers\tvtfilter.sys
2008-10-14 16:56 30,144 ----a-w C:\WINDOWS\system32\drivers\psadd.sys
2008-09-24 23:47 4,442 ------w C:\WINDOWS\system32\drivers\TPPWRIF.SYS
2008-09-24 23:47 16,384 ------w C:\WINDOWS\PWMBTHLP.EXE
2008-09-23 17:53 --------- d-----w C:\Documents and Settings\Dan\Programdata\Nokia
2008-09-23 17:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations
2008-09-23 17:39 --------- d-----w C:\Programfiler\DIFX
2008-09-23 17:33 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nokia
2008-09-21 15:03 --------- d-----w C:\Programfiler\UltraISO
2008-09-11 10:39 --------- d-----w C:\Documents and Settings\Dan\Programdata\Skype
2008-09-11 10:38 --------- d-----w C:\Documents and Settings\Dan\Programdata\skypePM
2008-09-10 12:30 --------- d-----w C:\Programfiler\Apple Software Update
2008-09-10 12:26 --------- d-----w C:\Programfiler\iTunes
2008-09-10 12:26 --------- d-----w C:\Programfiler\iPod
2008-09-10 12:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 12:24 --------- d-----w C:\Programfiler\QuickTime
2008-09-10 12:24 --------- d-----w C:\Programfiler\Bonjour
2008-09-10 12:23 --------- d-----w C:\Programfiler\Fellesfiler\Apple
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-05 20:16 36,864 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-05 12:35 --------- d-----w C:\Programfiler\SUPERAntiSpyware
2008-09-05 10:23 --------- d-----w C:\Programfiler\Free WMA to MP3 Converter
2008-08-30 17:50 --------- d-----w C:\Programfiler\MSN Messenger
2008-08-30 07:05 --------- d-----w C:\Programfiler\PC Connectivity Solution
2008-08-29 07:32 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-27 07:57 --------- d-----w C:\Programfiler\Nordic Softsales
2008-08-23 19:35 --------- d-----w C:\Programfiler\Mozilla Firefox 3 Beta 5
2008-08-23 16:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com
2008-08-23 16:46 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-08-23 16:46 --------- d-----w C:\Documents and Settings\Dan\Programdata\SUPERAntiSpyware.com
2008-05-06 21:29 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008050620080507\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-03-05 137752]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"TpShocks"="TpShocks.exe" [2008-06-06 C:\WINDOWS\system32\TpShocks.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 15:54 89600 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 C:\Programfiler\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02 34080 C:\Programfiler\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-08-15 21:37 32768 C:\Programfiler\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Dan^Start-meny^Programmer^Oppstart^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Dan\Start-meny\Programmer\Oppstart\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
--a------ 2008-08-15 21:36 143360 C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
--a------ 2006-11-07 20:51 91688 C:\Programfiler\Lenovo\AwayTask\AwaySch.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
--------- 2008-09-25 01:47 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
--a------ 2008-06-13 20:08 3073336 C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--------- 2008-06-05 02:36 242976 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iIWiper]
--a------ 2005-09-11 13:24 258048 C:\Programfiler\iISystem Wiper\SystemWiper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-08 23:02 289576 C:\Programfiler\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
--------- 2008-06-09 03:00 124248 C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
--------- 2008-06-09 03:00 165208 C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--a------ 2007-08-30 10:44 25856 C:\Programfiler\NetWaiting\NetWaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Programfiler\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Programfiler\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-08-11 08:31 1124352 C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
--------- 2008-09-25 01:47 331776 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Programfiler\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2005-05-20 10:11 925696 C:\Programfiler\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-05 14:35 1576176 C:\Programfiler\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
--------- 2008-03-26 03:06 59680 C:\PROGRA~1\Lenovo\NPDIRECT\tpfnf7sp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
--a------ 2008-03-24 10:15 68464 C:\Programfiler\Lenovo\HOTKEY\TPOSDSVC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
--a------ 2007-01-09 17:28 868352 C:\Programfiler\ThinkPad\Utilities\TpKmapAp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackPointSrv]
--a------ 2008-03-04 07:28 92960 C:\Programfiler\Lenovo\TrackPoint\tp4serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--a------ 2008-05-14 16:42 487424 C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programfiler\\BitLord\\BitLord.exe"=
"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=
"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\MSN Messenger\\livecall.exe"=
"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=
R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2008-08-15 11520]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2008-08-15 4224]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2008-09-25 4442]
R1 tvtumon;tvtumon;C:\WINDOWS\system32\DRIVERS\tvtumon.sys [2008-05-09 46144]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 76040]
R2 Power Manager DBC Service;Power Manager DBC Service;C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe [2008-09-25 94208]
R2 smihlp;SMI Helper Driver (smihlp);C:\Programfiler\Fellesfiler\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 10896]
R2 TVT Backup Protection Service;TVT Backup Protection Service;C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 253952]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2008-03-04 22568]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-11-15 57216]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-09-05 36864]
.
Contents of the 'Scheduled Tasks' folder
2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-20 C:\WINDOWS\Tasks\PMTask.job
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-25 01:47]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-chkwinadm - C:\WINDOWS\system32\rwzubmrw.exe
HKLM-Run-{A59BC778-DFB6-5249-AB18-D3678680D918} - C:\Documents and Settings\Dan\Mine dokumenter\MSCodec.1408.13.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Dan\Programdata\Mozilla\Firefox\Profiles\3rsoxtqk.default\
FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - C:\Programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 22:40:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\TEMP\93e8f2e7-3c53-4f97-a7dd-7f7a5414d9ad.tmp
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\BRSS01A.EXE
C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Programfiler\Lenovo\Client Security Solution\tvttcsd.exe
C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe
C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programfiler\Lenovo\System Update\SUService.exe
C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programfiler\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-23 22:44:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-23 20:43:58
ComboFix2.txt 2008-08-23 19:40:03
Pre-Run: 2 689 957 888 byte ledig
Post-Run: 2,765,672,448 byte ledig
279 --- E O F --- 2008-10-21 08:56:30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:07, on 23.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe
C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe
c:\programfiler\lenovo\system update\suservice.exe
C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\DAEMON Tools Lite\daemon.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\Fellesfiler\Lenovo\Logger\logmon.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dan\Skrivebord\Test.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207729548343
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
-
Får en advarsel på skjermen av og til, den sier at det er et skadelig program på maskinen.
Har scannet maskinen i sikkerhetsmodus, men meldingen duket opp igjen!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:18, on 23.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe
C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe
c:\programfiler\lenovo\system update\suservice.exe
C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\lulipofq.exe
C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\BitLord\BitLord.exe
C:\Programfiler\Fellesfiler\Lenovo\Logger\logmon.exe
C:\Documents and Settings\Dan\Skrivebord\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [utilset] C:\WINDOWS\system32\lulipofq.exe
O4 - HKCU\..\Run: [AdmUtilChk] C:\WINDOWS\system32\hejqbuts.exe
O4 - HKCU\..\Run: [chkwinadm] C:\WINDOWS\system32\rwzubmrw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207729548343
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
-
Og plutselig våknet den til liv, ingen klikkelyder, alt ser greit ut!
-
Takker for innspillene!
Var redd for at konklusjonen var at det var lite håp for den.....er glad jeg har sikkerhetskopi av det meste, men selvsagt ikke det viktigste....
IBAS starter på ca 3500 hvis jeg ikke husker helt feil. Er dine data viktige nok?
Ikke i nærheten en gang...
-
Takker for innspillene!
Var redd for at konklusjonen var at det var lite håp for den.....er glad jeg har sikkerhetskopi av det meste, men selvsagt ikke det viktigste....
Ser etter en ny tv , 42 til 47 tommer
i TV, hjemmekino og bilde
Skrevet
Er det noen her som kan fortelle meg om dette er en bra tv: Samsung UE46C7000