Tilkoblingsproblemene

**rocker9455** · #1 5 november 2008, 12:37

Hei,
Jeg ble fortalt for å legge et kapre denne logfile av serverguy fra dette innlegget:
http://www.computer-juice.com/forums...998/ # post90830

Her er det:
Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 19:36:22, on 05/11/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Kan ikke hente Internet Explorer versjon!
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ Explorer.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ Bonjour \ mDNSResponder.exe
C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
C: \ Programfiler \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ egui.exe
C: \ Programfiler \ Java \ jre6 \ bin \ jusched.exe
C: \ Programfiler \ PeerGuardian2 \ pg2.exe
C: \ Programfiler \ POP Peeper \ POPPeeper.exe
C: \ Programfiler \ uTorrent \ utorrent.exe
C: \ Programfiler \ Windows Live \ Messenger \ msnmsgr.exe
C: \ Documents and Settings \ Administrator \ Lokale innstillinger \ Programdata \ Google \ Update \ GoogleUpdate.exe
C: \ Programfiler \ filehippo.com \ UpdateChecker.exe
C: \ Programfiler \ SlySoft \ AnyDVD \ AnyDVDtray.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Programfiler \ CalcFire \ CalcFire.exe
C: \ Programfiler \ FreshIP \ FreshIP.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ Sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. local
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: Klikk for å ringe BHO - (5C255C8A-E604-49b4-9D64-90988571CECB) - C: \ Programfiler \ Windows Live \ Messenger \ wlchtc.dll
O2 - BHO: Java (tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Programfiler \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Programfiler \ Java \ jre6 \ lib \ distribuere \ jqs \ ie \ jqs_plugin.dll
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [egui] "C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ egui.exe" / hide / waitservice
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [PeerGuardian] C: \ Programfiler \ PeerGuardian2 \ pg2.exe
O4 - HKCU \ .. \ Run: [POP Peeper] "C: \ Programfiler \ POP Peeper \ POPPeeper.exe"-min
O4 - HKCU \ .. \ Run: [μTorrent] "C: \ Programfiler \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [uTorrent] "C: \ Programfiler \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Programfiler \ Windows Live \ Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [Google Update] "C: \ Documents and Settings \ Administrator \ Lokale innstillinger \ Programdata \ Google \ Update \ GoogleUpdate.exe" / c
O4 - HKCU \ .. \ Run: [filehippo.com] "C: \ Programfiler \ filehippo.com \ UpdateChecker.exe" / bakgrunn
O4 - HKCU \ .. \ Run: [AnyDVD] C: \ Programfiler \ SlySoft \ AnyDVD \ AnyDVDtray.exe
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_3] rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'Default user')
O4 - Startup: CalcFire.lnk = C: \ Programfiler \ CalcFire \ CalcFire.exe
O4 - Startup: FreshIP.lnk = C: \ Programfiler \ FreshIP \ FreshIP.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Restriksjoner presentere
O6 - HKLM \ Software \ Policies \ Microsoft \ Internet Explorer \ Restriksjoner presentere
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 1 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Hjem Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Programfiler \ Bonjour \ mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Programfiler \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: lxcf_device - - C: \ WINDOWS \ system32 \ lxcfcoms.exe

--
End of file - 5869 bytes

**evilfantasy** · #2 5te Nov 2008, 15:27

Laste ned Malwarebytes' Anti-Malware (MBAM)

Dobbeltklikk mbam-setup.exe og følger instruksjonene for å installere programmet.
Ved utgangen, må du passe på et merke plasseres ved siden av det følgende:
- Oppdater Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Deretter klikker du Fullfør.
Hvis en oppdatering er funnet, vil laste ned og installere den nyeste versjonen.
Når programmet er lastet, velger du Utføre rask skanning, Og klikk Scan.
Når skanningen er fullført, klikker du OK, Deretter Vis resultater å vise resultater.
Pass på at alt er sjekket, og klikk Fjern valgte.
Når desinfeksjon er ferdig, en logg åpnes i Notepad, og du kan bli bedt om å starte. (Se Extra Note)
Loggen lagres automatisk ved MBAM og kan vises ved å klikke Logger kategorien i MBAM.
Kopier og lim inn hele rapporten i neste svaret.

Ekstra Merk: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli presentert med 1 av 2 ledetekster, klikk OK for å enten og la MBAM fortsette med desinfeksjon prosessen, hvis du blir bedt om å starte datamaskinen på nytt, kan du gjøre det umiddelbart.

**rocker9455** · #3 6te Nov 2008, 01:01

Malwarebytes' Anti-Malware 1.30
Database versjon: 1368
Windows 5.1.2600 Service Pack 2

06/11/2008 07:44:27
mbam-log-2008-11-06 (07-44-27). txt

Scan type: Quick Scan
Objekter skannet: 43086
Tid brukt: 3 minute (s), 25 sekund (er)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registernøkler Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(Ingen skadelige eks oppdaget)

Memory Modules Infected:
(Ingen skadelige eks oppdaget)

Registernøkler Infected:
(Ingen skadelige eks oppdaget)

Registry Values Infected:
(Ingen skadelige eks oppdaget)

Registry Data Items Infected:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> karantene og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> karantene og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> karantene og slettet.

Folders Infected:
(Ingen skadelige eks oppdaget)

Files Infected:
C: \ WINDOWS \ run32.sys (Trojan.Agent) -> karantene og slettet.

**evilfantasy** · #4 6te Nov 2008, 09:35

Last ned ComboFix av ubåter fra én av de nedenfor koblinger. Pass på at toppen lagre det til Desktop.

Link # 1
Link # 2

** Merk: Det er viktig at det er lagret direkte til skrivebordet ditt

Lukk alle åpne weblesere. (Firefox, Internet Explorer, osv.) før du starter ComboFix.

Midlertidig deaktivere din antivirus, Og eventuelle antispyware sanntid beskyttelse før utføre en skanning. Klikk denne koblingen å se en liste over sikkerhetsprogrammer som skal være deaktivert og hvordan du deaktiverer dem.

Dobbeltklikk combofix.exe og følg instruksjonene.

For Windows XP systemer installere gjenopprettingskonsollen:

- Hvis du bruker Windows XP og ikke allerede har gjenopprettingskonsollen er installert, må du sørge for Internett-tilkoblingen er aktiv (hvis mulig) og klikk Ja.
- Hvis for noe grunn din Internett fungerer ikke klikker Nei.
-- Hvis du ikke bruker Windows XP, vil du ikke bli bedt om.
- Når du blir bedt om å godta lisensavtalen klikk OK.
- Godta Microsofts EULA (Klikk Ja).
- Når du blir fortalt at RC er riktig installert klikk JA å fortsette scanning for malware.

Når du er ferdig ComboFix vil produsere en logg for deg.
Poste ComboFix logg og en ny HijackThis log i neste svaret.

Viktig: Ikke mouseclick ComboFix's vinduet mens den kjører. Det kan føre til stall.

Husk å aktivere din antivirus og antispyware beskyttelse når ComboFix er fullført.

**rocker9455** · #5 6te Nov 2008, 10:56

ComboFix 08-11-05.02 - Administrator 2008-11-06 17:52:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.607 [GMT 0:00]
Running from: C: \ Documents and Settings \ Administrator \ Skrivebord \ ComboFix.exe
.

((((((((((((((((((((((((( Files Created fra 2008-10-06 til 2008-11-06 ))))))))))) ))))))))))))))))))))
.

2008-11-06 07:59. 2008-11-06 07:59 236 - en ------ C: \ sqmdata02.sqm
2008-11-06 07:59. 2008-11-06 07:59 200 - en ------ C: \ sqmnoopt02.sqm
2008-11-06 07:39. 2008-11-06 07:39 236 - en ------ C: \ sqmdata01.sqm
2008-11-06 07:39. 2008-11-06 07:39 200 - en ------ C: \ sqmnoopt01.sqm
2008-11-05 22:36. 2008-11-05 22:36 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008-11-05 22:35. 2008-11-05 22:35 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware
2008-11-05 22:35. 2008-11-05 22:35 <DIR> d -------- C: \ Documents and settings \ All Users \ Application Data \ Malwarebytes
2008-11-05 22:35. 2008-10-22 16:10 38.496 - en ------ c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2008-11-05 22:35. 2008-10-22 16:10 15.504 - en ------ c: \ windows \ system32 \ drivers \ mbam.sys
2008-11-05 19:35. 2008-11-05 19:35 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-11-04 22:07. 2008-11-04 22:07 <DIR> d -------- C: \ Program Files \ Cabos
2008-11-04 22:07. 2008-11-04 22:07 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Shared
2008-11-04 22:07. 2008-11-04 22:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Cabos
2008-11-04 17:50. 2008-11-04 17:50 <DIR> d -------- C: \ CloneDVDTemp
2008-11-04 17:49. 2008-11-04 17:49 <DIR> d -------- C: \ Documents and settings \ All Users \ Application Data \ forseggjort Bytes
2008-11-04 17:37. 2008-11-04 17:37 <DIR> d -------- C: \ Documents and settings \ All Users \ Application Data \ SlySoft
2008-11-04 17:33. 2008-11-04 17:33 <DIR> d -------- C: \ Program Files \ forseggjort Bytes
2008-11-04 17:31. 2008-11-04 17:31 <DIR> d -------- C: \ Program Files \ SlySoft
2008-11-03 17:05. 2008-11-03 17:05 2.560 - en ------ C: \ Windows \ _MSRSTRT.EXE
2008-11-03 17:05. 2008-11-03 17:05 236 - en ------ C: \ sqmdata00.sqm
2008-11-03 17:05. 2008-11-03 17:05 200 - en ------ C: \ sqmnoopt00.sqm
2008-11-03 17:04. 2008-11-03 17:05 <DIR> d -------- C: \ Program Files \ Your Uninstaller 2008
2008-11-03 17:04. 2008-11-03 17:05 <DIR> da ------ C: \ Documents and settings \ All Users \ Application Data \ TEMP
2008-11-03 17:04. 2008-11-03 17:04 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ URSoft
2008-11-03 17:01. 2008-11-03 17:09 158 - en ------ C: \ Windows \ nurtab.bat
2008-11-03 07:53. 2008-11-03 07:53 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ ImgBurn
2008-11-03 07:50. 2008-11-03 07:50 0 --------- C: \ Windows \ WB.ini
2008-11-02 13:19. 2008-11-02 13:36 64 - en ------ C: \ Windows \ prio.ini
2008-11-01 22:23. 2008-11-01 22:23 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ VLC
2008-11-01 18:49. 2008-11-01 18:49 410.976 - en ------ c: \ windows \ system32 \ deploytk.dll
2008-11-01 11:04. 2008-11-06 07:46 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Tracing
2008-11-01 11:00. 2008-11-01 11:03 <DIR> d -------- C: \ Program Files \ Mozilla Firefox 3.1 Beta 1
2008-11-01 10:59. 2008-11-01 10:59 <DIR> d -------- C: \ Program Files \ Microsoft
2008-11-01 10:57. 2008-11-01 10:58 <DIR> d -------- C: \ Program Files \ Windows Live
2008-11-01 10:54. 2008-11-01 10:54 <DIR> d -------- C: \ Program Files \ filehippo.com
2008-11-01 10:51. 2008-11-01 10:51 <DIR> d -------- C: \ Program Files \ Common Files \ Windows Live
2008-10-31 13:40. 2008-11-04 21:34 <DIR> d -------- C: \ Program Files \ DupeEliminator
2008-10-31 10:32. 2008-10-31 10:32 <DIR> d -------- C: \ Program Files \ Foxit Software
2008-10-30 23:21. 2008-10-30 23:21 <DIR> d -------- C: \ Windows \ søndag
2008-10-30 22:55. 2008-10-30 23:00 <DIR> d -------- C: \ Program Files \ Free Music Zilla
2008-10-30 22:55. 2008-10-30 22:59 <DIR> d -------- C: \ downloads
2008-10-30 22:55. 2008-10-30 22:55 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ FMZilla
2008-10-30 22:38. 2008-10-31 22:55 <DIR> d -------- C: \ DVDVideoSoft
2008-10-30 21:03. 2008-10-30 21:03 <DIR> d -------- C: \ Program Files \ Belkin
2008-10-30 21:03. 2005-10-03 09:49 204.800 - en ------ c: \ windows \ system32 \ UploadDLL.dll
2008-10-30 21:03. 2005-11-20 04:31 192.512 - en ------ c: \ windows \ system32 \ blkwcd.dll
2008-10-30 21:03. 2005-10-03 09:50 167.936 - en ------ c: \ windows \ system32 \ BelkinwcuiDLL.dll
2008-10-30 21:03. 2005-10-03 09:50 101.888 - en ------ c: \ windows \ system32 \ CrashRpt.dll
2008-10-30 21:03. 2005-10-03 09:49 81.920 - en ------ c: \ windows \ system32 \ brdcm2k.dll
2008-10-30 21:03. 2005-10-03 09:49 61.440 - en ------ c: \ windows \ system32 \ BelkinHWStatus.dll
2008-10-30 21:03. 2004-10-29 12:09 53.248 - en ------ c: \ windows \ system32 \ preflib.dll
2008-10-30 20:23. 2008-10-30 20:23 20.747 - en ------ c: \ windows \ system32 \ drivers \ AegisP.sys
2008-10-30 20:23. 2003-07-24 12:10 17.149 - en ------ c: \ windows \ system32 \ DNINDIS5.SYS
2008-10-30 20:21. 2008-10-30 20:21 <DIR> d -------- C: \ Program Files \ DVDVideoSoft
2008-10-30 20:21. 2008-10-30 20:22 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ DVDVideoSoft
2008-10-30 20:21. 2002-01-05 14:37 344.064 - en ------ c: \ windows \ system32 \ msvcr70.dll
2008-10-30 11:23. 2008-10-30 11:23 <DIR> d -------- C: \ Documents and settings \ All Users \ Application Data \ vsosdk
2008-10-30 09:53. 2008-11-02 16:08 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Vso
2008-10-30 09:53. 2008-10-30 09:53 47.360 - en ------ c: \ windows \ system32 \ drivers \ pcouffin.sys
2008-10-30 09:53. 2008-10-30 09:53 47.360 - en ------ C: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
2008-10-30 09:52. 2008-10-30 09:52 <DIR> d -------- C: \ Program Files \ VSO
2008-10-30 09:52. 2004-05-04 12:53 1.645.320 - en ------ C: \ Windows \ Gdiplus.dll
2008-10-30 09:52. 2006-05-20 17:16 1.184.984 - en ------ c: \ windows \ system32 \ wvc1dmod.dll
2008-10-30 09:52. 2006-05-11 20:21 626.688 - en ------ c: \ windows \ system32 \ vp7vfw.dll
2008-10-30 09:52. 2006-09-29 13:24 217.127 - en ------ c: \ windows \ system32 \ drv43260.dll
2008-10-30 09:52. 2006-09-29 13:25 208.935 - en ------ c: \ windows \ system32 \ drv33260.dll
2008-10-30 09:52. 2006-09-29 13:26 176.165 - en ------ c: \ windows \ system32 \ drv23260.dll
2008-10-30 09:52. 2007-03-18 21:37 65.602 - en ------ c: \ windows \ system32 \ cook3260.dll
2008-10-29 14:11. 2008-10-29 15:48 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ dvdcss
2008-10-29 13:17. 2008-10-29 13:17 376 - en ------ C: \ Windows \ ODBC.INI
2008-10-29 13:16. 2003-06-18 17:31 17.920 - en ------ c: \ windows \ system32 \ mdimon.dll
2008-10-29 13:13. 2008-10-29 13:13 <DIR> d -------- C: \ Program Files \ Microsoft ActiveSync
2008-10-29 13:10. 2008-10-29 13:10 <DIR> d -------- C: \ Windows \ SHELLNEW
2008-10-29 13:10. 2008-10-29 13:10 <DIR> d -------- C: \ Program Files \ Microsoft.NET
2008-10-29 13:08. 2008-10-29 13:08 <DIR> dr-h ----- C: \ MSOCache
2008-10-29 11:53. 2008-10-29 11:53 12.670 - en ------ c: \ windows \ system32 \ LexFiles.ulf
2008-10-29 11:52. 2008-10-30 09:38 <DIR> d -------- C: \ temp \ (9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15)
2008-10-29 11:52. 2008-10-29 11:53 <DIR> d -------- C: \ Program Files \ Lexmark 730 Series
2008-10-29 11:17. 2008-10-31 13:03 <DIR> d -------- C: \ Program Files \ håndbremsen
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- C: \ Program Files \ FreshIP
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- C: \ Program Files \ katapultsete
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- C: \ Program Files \ CalcFire
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- C: \ Windows \ SIS
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- C: \ Program Files \ sisagp
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- C: \ Program Files \ SiS VGA Utilities V3.81
2008-10-29 09:26. 2008-10-30 21:03 <DIR> d - h ----- C: \ Program Files \ InstallShield Installasjonsinformasjon
2008-10-29 09:26. 2008-10-30 21:03 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ InstallShield
2008-10-29 09:26. 2007-06-25 16:45 262.144 - en ------ c: \ windows \ system32 \ sistray.exe
2008-10-29 09:26. 2006-04-12 19:35 208.896 - en ------ C: \ Windows \ Progress.exe
2008-10-29 09:26. 2007-06-25 16:44 135.168 --------- c: \ windows \ system32 \ SiSApCom.dll
2008-10-29 09:26. 2007-06-25 16:46 110.592 --------- c: \ windows \ system32 \ TVMode.dll
2008-10-29 09:26. 2007-06-29 21:04 92.761 - en ------ C: \ Windows \ VGAsetup.ini
2008-10-29 09:26. 2008-10-29 09:26 78.664 - en ------ c: \ windows \ system32 \ VGAunistlog.ini
2008-10-29 09:26. 2007-06-25 16:46 65.536 --------- c: \ windows \ system32 \ SiSHook.dll
2008-10-29 09:25. 2007-06-25 16:46 9.728 - en ------ c: \ windows \ system32 \ SiSPIns2.dll
2008-10-28 20:06. 2004-08-03 22:58 5.504 - en ------ c: \ windows \ system32 \ drivers \ MSTEE.sys
2008-10-28 20:05. 2004-08-03 23:10 85.376 - en ------ c: \ windows \ system32 \ drivers \ NABTSFEC.sys
2008-10-28 20:05. 2004-08-03 23:10 19.328 - en ------ c: \ windows \ system32 \ drivers \ WSTCODEC.SYS
2008-10-28 20:05. 2004-08-03 23:10 17.024 - en ------ c: \ windows \ system32 \ drivers \ CCDECODE.sys
2008-10-28 20:05. 2004-08-04 00:56 16.384 - en ------ c: \ windows \ system32 \ ipsink.ax
2008-10-28 20:05. 2004-08-03 23:10 15.360 - en ------ c: \ windows \ system32 \ drivers \ StreamIP.sys
2008-10-28 20:05. 2004-08-03 23:10 11.136 - en ------ c: \ windows \ system32 \ drivers \ SLIP.sys
2008-10-28 20:05. 2004-08-03 23:10 10.880 - en ------ c: \ windows \ system32 \ drivers \ NdisIP.sys
2008-10-28 19:49. 2008-10-28 19:49 <DIR> d -------- C: \ Documents and Settings \ Administrator \ WINDOWS
2008-10-28 19:49. 1998-01-23 12:22 304.128 - en ------ C: \ Windows \ IsUninst.exe
2008-10-28 19:49. 2002-08-20 14:58 139.264 - en ------ c: \ windows \ system32 \ IDEproperty.dll
2008-10-28 19:49. 2002-10-17 15:14 49.024 - en ------ c: \ windows \ system32 \ drivers \ sisidex.sys
2008-10-28 19:49. 2002-08-20 17:19 9.472 - en ------ c: \ windows \ system32 \ drivers \ sisperf.sys
2008-10-28 19:49. 2003-03-25 17:50 4.096 - en ------ c: \ windows \ system32 \ drivers \ siside.sys
2008-10-28 18:36. 2008-10-28 18:36 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Media Player Classic
2008-10-28 18:19. 2008-10-28 18:49 <DIR> d -------- C: \ Windows \ system32 \ Adobe
2008-10-28 18:19. 2008-08-06 15:27 499.712 - en ------ c: \ windows \ system32 \ msvcp71.dll
2008-10-28 18:10. 2008-10-28 18:10 822 - en ------ C: \ Windows \ langorig.ini
2008-10-28 17:58. 2008-03-03 14:25 5.702 - ah ----- C: \ Windows \ nod32restoretemdono.reg
2008-10-28 17:58. 2008-03-03 18:21 568 - ah ----- C: \ Windows \ nod32fixtemdono.reg
2008-10-28 17:57. 2008-10-28 17:57 <DIR> d -------- C: \ Program Files \ ESET
2008-10-28 17:57. 2008-10-28 17:57 <DIR> d -------- C: \ Documents and settings \ All Users \ Application Data \ ESET
2008-10-28 17:49. 2008-10-28 17:49 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Contacts
2008-10-28 17:07. 2008-10-28 17:07 <DIR> d -------- C: \ Program Files \ POP Peeper
2008-10-28 17:07. 2008-11-04 20:22 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ POP Peeper
2008-10-28 17:02. 2008-10-28 17:02 <DIR> d -------- C: \ Documents and Settings \ Administrator \ dwhelper
2008-10-28 17:01. 2008-10-28 17:01 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Apple Computer
2008-10-28 17:01. 2008-04-17 13:12 107.368 - en ------ c: \ windows \ system32 \ GEARAspi.dll
2008-10-28 17:01. 2008-04-17 13:12 15.464 - en ------ c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys
2008-10-28 17:00. 2008-10-28 17:00 <DIR> d -------- C: \ Programfiler \ QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 15:52 --------- d ----- wc: \ Programfiler \ Opera
2008-10-23 15:07 99.904 ---- aw C: \ Windows \ system32 \ drivers \ AnyDVD.sys
2008-09-09 00:03 51.712 ---- aw C: \ Windows \ system32 \ sirenacm.dll
2008-08-29 10:18 87.336 ---- aw C: \ Windows \ system32 \ dns-sd.exe
2008-08-29 09:53 61.440 ---- aw C: \ Windows \ system32 \ dnssd.dll
2007-07-31 12:00 34.048 ---- ar C: \ Program Files \ Mozilla Firefox \ plugins \ upd62i9x.dll
2007-07-31 12:00 45.056 ---- ar C: \ Program Files \ Mozilla Firefox \ plugins \ upd62int.dll
2007-07-31 12:00 34.048 ---- ar C: \ Program Files \ Opera \ program \ plugins \ upd62i9x.dll
2007-07-31 12:00 45.056 ---- ar C: \ Program Files \ Opera \ program \ plugins \ upd62int.dll
.

------- Sigcheck -------

2007-07-31 12:00 360576 c7be59b07c6eb74bea6fd67c1b164015 c: \ windows \ system32 \ drivers \ Tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"PeerGuardian" = "C: \ Program Files \ PeerGuardian2 \ pg2.exe" [2007-01-30 1432064]
POP Peeper "=" C: \ Program Files \ POP Peeper \ POPPeeper.exe "[2008-07-18 1437696]
"μTorrent" = "C: \ Program Files \ uTorrent \ utorrent.exe" [2008-10-28 270128]
"uTorrent" = "C: \ Program Files \ uTorrent \ utorrent.exe" [2008-10-28 270128]
"msnmsgr" = "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" [2008-09-09 3513344]
"Google Update" = "C: \ Documents and Settings \ Administrator \ Lokale innstillinger \ Programdata \ Google \ Update \ GoogleUpdate.exe" [2008-11-01 133104]
"filehippo.com" = "C: \ Program Files \ filehippo.com \ UpdateChecker.exe" [2008-10-22 147968]
"AnyDVD" = "C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe" [2008-11-04 2259904]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = "c: \ Programfiler \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-10-01 289576]
"egui" = "C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe" [2008-02-20 1443072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2008-11-01 136600]
"SiSPower" = "SiSPower.dll" [2007-06-25 C: \ Windows \ system32 \ SiSPower.dll]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce]
"nltide_2" = "shell32" [X]
"nltide_3" = "advpack.dll" [2007-07-31 C: \ Windows \ system32 \ advpack.dll]

c: \ Documents and Settings \ Administrator \ Start-meny \ Programmer \ Startup
CalcFire.lnk - c: \ Programfiler \ CalcFire \ CalcFire.exe [2008-09-04 283529]
FreshIP.lnk - c: \ Programfiler \ FreshIP \ FreshIP.exe [2008-09-15 232891]

C: \ Documents and settings \ All Users \ Start-meny \ Programmer \ Startup
Utility Tray.lnk - c: \ windows \ system32 \ sistray.exe [2008-10-29 262144]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Policies \ Explorer]
"MemCheckBoxInRunDlg" = 1 (0x1)
"StartMenuFavorites" = 0 (0x0)
"Start_ShowMyComputer" = 1 (0x1)
"Start_ShowMyDocs" = 1 (0x1)
"Start_ShowMyMusic" = 0 (0x0)
"Start_ShowRun" = 1 (0x1)
"Start_ShowSearch" = 0 (0x0)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer]
"NoSMHelp" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoResolveTrack" = 1 (0x1)
"NoResolveSearch" = 1 (0x1)
"NoSMMyPictures" = 1 (0x1)
"NoSMConfigurePrograms" = 1 (0x1)
"MemCheckBoxInRunDlg" = 1 (0x1)

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ cur rentversion \ Policies \ Explorer]
"NoInternetIcon" = 1 (0x1)
"NoSMHelp" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoResolveTrack" = 1 (0x1)
"NoResolveSearch" = 1 (0x1)
"NoSMMyPictures" = 1 (0x1)
"NoSMConfigurePrograms" = 1 (0x1)
"MemCheckBoxInRunDlg" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ WBSrv]
2008-09-16 08:44 174328 C: \ Program Files \ Stardock \ Object Desktop \ WindowBlinds \ WbSrv.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ windows]
"AppInit_DLLs" = wbsys.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SecurityProviders]
SecurityProviders Schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center]
"UpdatesDisableNotify" = dword: 00000001
"AntiVirusDisableNotify" = dword: 00000001
"AntiVirusOverride" = dword: 00000001
"FirewallOverride" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =
"c: \ \ Program Files \ \ uTorrent \ \ utorrent.exe" =
"c: \ \ Program Files \ \ Free Music Zilla \ \ FMZilla.exe" =
"c: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ wlcsdk.exe" =
"c: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"c: \ \ WINDOWS \ \ system32 \ \ java.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ IcmpSettings]
"AllowInboundEchoRequest" = 1 (0x1)

R1 epfwtdir; epfwtdir; c: \ windows \ system32 \ drivers \ epfw tdir.sys [2008-02-20 33800]
R1 lusbaudio; Logitech USB Mikrofon; c: \ windows \ system32 \ drivers \ OVSound2.sy s [2001-08-17 25216]
R2 JavaQuickStarterService; Java Quick Starter; C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe [2008-11-01 152984]
R3 QCEmerald; Logitech QuickCam Web; c: \ windows \ system32 \ drivers \ OVCE.sys [2001-08-17 31872]
S2 NOD32FiXTemDono; Eset nod32 Boot; c: \ windows \ system32 \ Regedt32.exe [2007-07-31 3584]
S3 DNINDIS5; DNINDIS5 NDIS Protocol Driver; c: \ progra ~ 1 \ Belkin \ Belkin ~ 1.11G \ DNINDIS5.SY S [2003-07-24 17149]

NETSVCS KREVER REPARASJON - gjeldende oppføringene vises
6to4
AppMgmt
AudioSrv
Nettleser
Cryptsvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
IAS
Iprip
Irmon
LanmanServer
LanmanWorkstation
NETMAN
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
RasMan
RemoteAccess
Plan
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Temaer
TrkWks
W32Time
WZCSVC
WMI
WmdmPmSp
winmgmt
xmlprov
ShellHWDetection

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs

* Newly Created Service * - CatchMe
* Newly Created Service * - PROCEXP90
.
Innholdet i "Scheduled Tasks"-mappen

2008-11-03 C: \ Windows \ Tasks \ AppleSoftwareUpdate.job
- C: \ Programfiler \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-06 C: \ Windows \ Tasks \ GoogleUpdateTaskUser.job
- C: \ Documents and Settings \ Administrator \ Lokale innstillinger \ Programdata \ Google \ Update \ GoogleUpdate.exe [2008-11-01 10:54]
.
.
------- Tilleggsavtale Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \ p2eog6ij.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / www.google.com/
FF -: plugin - C: \ Documents and Settings \ Administrator \ Lokale innstillinger \ Programdata \ Google \ Update \ 1.2.131.25 \ npGoogleOneClick6.dl l
FF -: plugin - C: \ Program Files \ iTunes \ Mozilla Plugins \ npitunes.dll
FF -: plugin - C: \ Program Files \ Java \ jre6 \ bin \ new_plugin \ npdeploytk.dll
FF -: plugin - C: \ Program Files \ Java \ jre6 \ bin \ new_plugin \ npjp2.dll
FF -: plugin - C: \ Program Files \ K-Lite Codec Pack \ Real \ browser \ plugins \ nppl3260.dll
FF -: plugin - C: \ Program Files \ K-Lite Codec Pack \ Real \ browser \ plugins \ nprpjplug.dll
.

************************************************** ************************

CatchMe 0.3.1367 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 17:53:46
Windows 5.1.2600 Service Pack 2 NTFS

skanning skjulte prosesser ...

scanning hidden autostart entries ...

skanning skjulte filer ...

skanning er fullført
skjulte filer: 0

************************************************** ************************
.
Fullføringstidspunkt: 2008-11-06 17:55:07
ComboFix-karantene-files.txt 2008-11-06 17:54:43
ComboFix2.txt 2008-11-06 17:44:22

Pre-Run: 71168983040 bytes gratis
Post-Run: 71160324096 bytes gratis

306

**rocker9455** · #6 6te Nov 2008, 10:56

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 17:56:55, on 06/11/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Kan ikke hente Internet Explorer versjon!
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ Bonjour \ mDNSResponder.exe
C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
C: \ Programfiler \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ egui.exe
C: \ Programfiler \ Java \ jre6 \ bin \ jusched.exe
C: \ Programfiler \ POP Peeper \ POPPeeper.exe
C: \ Documents and Settings \ Administrator \ Lokale innstillinger \ Programdata \ Google \ Update \ GoogleUpdate.exe
C: \ Programfiler \ filehippo.com \ UpdateChecker.exe
C: \ Programfiler \ SlySoft \ AnyDVD \ AnyDVDtray.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Programfiler \ iTunes \ iTunes.exe
C: \ WINDOWS \ explorer.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ Sniper.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. local
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: Klikk for å ringe BHO - (5C255C8A-E604-49b4-9D64-90988571CECB) - C: \ Programfiler \ Windows Live \ Messenger \ wlchtc.dll
O2 - BHO: Java (tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Programfiler \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Programfiler \ Java \ jre6 \ lib \ distribuere \ jqs \ ie \ jqs_plugin.dll
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [egui] "C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ egui.exe" / hide / waitservice
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [PeerGuardian] C: \ Programfiler \ PeerGuardian2 \ pg2.exe
O4 - HKCU \ .. \ Run: [POP Peeper] "C: \ Programfiler \ POP Peeper \ POPPeeper.exe"-min
O4 - HKCU \ .. \ Run: [μTorrent] "C: \ Programfiler \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [uTorrent] "C: \ Programfiler \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Programfiler \ Windows Live \ Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [Google Update] "C: \ Documents and Settings \ Administrator \ Lokale innstillinger \ Programdata \ Google \ Update \ GoogleUpdate.exe" / c
O4 - HKCU \ .. \ Run: [filehippo.com] "C: \ Programfiler \ filehippo.com \ UpdateChecker.exe" / bakgrunn
O4 - HKCU \ .. \ Run: [AnyDVD] C: \ Programfiler \ SlySoft \ AnyDVD \ AnyDVDtray.exe
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_3] rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'Default user')
O4 - Startup: CalcFire.lnk = C: \ Programfiler \ CalcFire \ CalcFire.exe
O4 - Startup: FreshIP.lnk = C: \ Programfiler \ FreshIP \ FreshIP.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O6 - HKLM \ Software \ Policies \ Microsoft \ Internet Explorer \ Restriksjoner presentere
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 1 \ Office11 \ REFIEBAR.DLL
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Hjem Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Programfiler \ Bonjour \ mDNSResponder.exe
O23 - Service: indekseringstjenesten (CiSvc) - Unknown owner - C: \ WINDOWS \ system32 \ cisvc.exe (fil mangler)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C: \ Programfiler \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Programfiler \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: lxcf_device - - C: \ WINDOWS \ system32 \ lxcfcoms.exe

--
End of file - 5724 bytes

**evilfantasy** · #7 6te Nov 2008, 11:30

Åpne HijackThis og velg Gjør et søk.

Sett et merke ved siden av følgende oppføringer: (hvis det)

O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Hjem Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:

Viktig: Lukk alle vinduer unntatt HijackThis og klikk Fix kontrolleres.

Avslutt HijackThis.

----------

Laste ned CCleaner Slim og lagre det til skrivebordet ditt .- Alternative nedlastingskoblingen
Når filen er lagret, gå til skrivebordet og dobbeltklikk på ccsetupxxx_slim.exe
Følg instruksjonene for å installere programmet.
Dobbeltklikk CCleaner snarvei på skrivebordet for å starte programmet.

Klikk på Valg blokken til venstre, velg deretter Cookies.
Under Cookies til SlettMarkerer alle cookies du vil beholde permanent

Klikk høyrepilen > å flytte dem til Cookies til å vinduet.

Gå inn Valg > Avansert unsjekk Bare slette filer i Windows Temp mapper eldre enn 48 timer

Klikk Cleaner til venstre, deretter Kjør Cleaner til høyre for å kjøre programmet.

Viktig: Kontroller at ALL webleservinduer er lukket før du velger Kjør Cleaner

Forsiktig: Bare bruke Registry funksjonen hvis du er kjent med registret.
Alltid sikkerhetskopiere registret før å gjøre endringer.
Avslutt CCleaner etter at det har fullført den prosessen.

----------

Laste ned SUPERAntiSpyware.exe

Alternative nedlastingskoblingen 1
Alternative nedlastingskoblingen 2

Dobbeltklikk på ikonet på skrivebordet for å kjøre installasjonsprogrammet.
Når spurt om å Oppdatering programmet definisjoner, klikk Ja
Hvis det oppstår problemer under nedlasting av oppdateringer manuelt laste ned og pakke ut dem fra her
Neste Klikk Preferanser knappen.

Under Oppstart Valg avmerk følgende:

Start SUPERAntiSpyware når Windows starter

Vise SUPERAntiSpyware ikonet i systemstatusfeltet

Vis splash skjermen ved oppstart

Klikk Scanning Control tab.
Under Scanner Valg sørg bare følgende er kontrollert:

Lukk lesere før skanning

Søk etter sporingskapsler

Terminate minne trusler før quarantining

Scan Alternate Data Streams

Vennligst la andre ukontrollert.

Klikk Lukke knappen for å forlate Kontrollsenter skjermen.

På hovedskjermen klikk Skanner datamaskinen

På venstre merker av i boksen for stasjonen du søker.

På høyre velge Utfør Complete Scan

Klikk Neste å starte skanningen. Vær tålmodig mens den skanner datamaskinen din.

Når skanningen er fullført et sammendrag boks. Klikk OK

Sørg for at alt i den hvite boksen har et merke ved siden av den, klikk Neste

Det vil karantene det funnet, og hvis den spør om du vil starte på nytt, klikker du Ja

Å hente fjerningen informasjon, vennligst gjør følgende:

Etter omstart, dobbeltklikker SUPERAntiSpyware ikon på skrivebordet.

Klikk Preferanser. Klikk Statistikk / Logs tab.

Under Scanner Logger, dobbeltklikk SUPERAntiSpyware Scan Logg.

Det åpnes i standard tekstredigeringsprogram (fortrinnsvis Notisblokk).

Lagre notisblokken filen på skrivebordet ved å klikke (i notepad) Fil > Lagre som...

Lagre loggen sted du lett kan finne den. (normalt skrivebordet)
Klikk Lukk, og lukk igjen for å avslutte programmet.
Kopier og Lim inn loggen i innlegget.