remmern

Medlemmer
  • Innholdsteller

    24
  • Ble med

  • Besøkte siden sist


Nettsamfunnsomdømme

0 ProPoeng

Om remmern

  • Rang
    Nyansatt

remmern sin aktivitet

  1. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    Hei! har nå installert COmodo firewall og AVG virusscan.

    Firewall spør om jeg vil tillate et netverk å joine. Det heter:
    Broadcom 440x 10/100 Integrated Controller - Miniport for pakkeplanlegger

    Jeg tror ikke dette er noe skummelt, men tenkte å sjekke med deg.

    Tusen hjertelig for hjelpen! PCen virker bra nå! Du har fått poeng for løsning selvfølgelig.
    • 0
  2. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    om googletoolbar begynner igjen, så skal jeg sjekke. Alt virker som det er bra nå Har du noe tips til firewall+ virusscan program som er gratis?
    • 0
  3. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    det virker som den kjører greit. Googletoolbar på verktøylinjer popper opp avogtil og sier den har blokkert et program fra å endre søkeinstillingene
    • 0
  4. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:26:14, on 31.01.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\Smartscaps.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Dell\AccessDirect\dadapp.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe
    C:\Programfiler\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programfiler\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programfiler\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
    C:\Programfiler\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/no/nor/gen/default.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://www-cache.uib.no:81
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DadApp] C:\Programfiler\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [softwareStation] C:\Programfiler\eAcceleration\Station\station.exe /b Startup
    O4 - HKLM\..\Run: [OnAccess] C:\Programfiler\eAcceleration\OnAccess\OnAccess.exe -e
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RemoteCenter] C:\Programfiler\Creative\MediaSource\RemoteControl\RcMan.exe
    O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Certificate Mover.lnk = ?
    O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Programfiler\MultiPoker\MultiPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Programfiler\MultiPoker\MultiPoker.exe (file missing)
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154874370310
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154874278227
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} -
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
    O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in 1.4.2_06) -
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
    O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SmartTrust Smart Card Server (Smartscaps) - SmartTrust - C:\WINDOWS\system32\Smartscaps.exe

    --
    End of file - 8264 bytes
    • 0
  5. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    ComboFix 08-01-30.1 - Vanlig 2008-01-31 21:20:54.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.265 [GMT 1:00]
    Running from: C:\Documents and Settings\Vanlig\Skrivebord\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Vanlig\Skrivebord\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
    .

    2008-01-31 21:13 . 2008-01-31 21:13 <DIR> d-------- C:\Programfiler\Trend Micro
    2008-01-31 19:49 . 2008-01-31 20:25 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware
    2008-01-31 19:49 . 2008-01-31 19:49 <DIR> d-------- C:\Documents and Settings\Vanlig\Programdata\SUPERAntiSpyware.com
    2008-01-31 19:49 . 2008-01-31 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com
    2008-01-31 12:06 . 2008-01-31 12:06 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard
    2008-01-29 21:48 . 2008-01-29 22:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
    2008-01-29 21:48 . 2008-01-29 21:48 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
    2008-01-29 21:48 . 2008-01-29 21:48 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
    2008-01-29 17:53 . 2008-01-29 19:16 <DIR> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-29 15:28 . 2008-01-29 15:34 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata
    2008-01-29 15:28 . 2008-01-29 15:34 <DIR> d-------- C:\Documents and Settings\Administrator\Maler
    2008-01-29 15:28 . 2008-01-31 19:48 <DIR> d-------- C:\Documents and Settings\Administrator\Lokale innstillinger
    2008-01-29 15:28 . 2008-01-29 15:34 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter
    2008-01-10 23:12 . 2008-01-10 23:12 <DIR> d-------- C:\Programfiler\Octoshape Streaming Services
    2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
    2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini
    2007-12-19 22:27 . 2007-12-19 22:27 <DIR> d-------- C:\Programfiler\Google
    2007-12-11 15:59 . 2007-12-11 15:59 <DIR> d-------- C:\Programfiler\Microsoft ActiveSync
    2007-12-11 15:57 . 2007-12-11 15:59 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2007-12-11 15:57 . 2007-12-11 15:57 <DIR> d-------- C:\Programfiler\Microsoft.NET
    2007-12-11 15:43 . 2008-01-28 21:48 <DIR> d-------- C:\Documents and Settings\Vanlig\Programdata\BitTorrent

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
    2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
    2007-11-07 09:30 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
    2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
    2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
    2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
    2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
    2007-10-25 16:57 8,460,800 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
    2007-10-11 06:14 96,768 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
    2007-10-11 06:14 658,944 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
    2007-10-11 06:14 658,944 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
    2007-10-11 06:14 615,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
    2007-10-11 06:14 55,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
    2007-10-11 06:14 532,480 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
    2007-10-11 06:14 474,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
    2007-10-11 06:14 449,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
    2007-10-11 06:14 39,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
    2007-10-11 06:14 357,888 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
    2007-10-11 06:14 251,392 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
    2007-10-11 06:14 205,312 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
    2007-10-11 06:14 16,384 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
    2007-10-11 06:14 151,552 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
    2007-10-11 06:14 146,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
    2007-10-11 06:14 1,494,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
    2007-10-11 06:14 1,054,720 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
    2007-10-11 06:14 1,023,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
    2007-10-10 11:16 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
    2004-03-08 16:58 74,800 ----a-w C:\Documents and Settings\Vanlig\Programdata\GDIPFONTCACHEV1.DAT
    2003-10-29 19:33 59,992 ----a-w C:\WINDOWS\Media\msnaddin.exe
    2003-09-18 15:27 707,072 ----a-w C:\Programfiler\ws_ftple.exe
    2003-09-17 11:00 810 -c--a-w C:\Programfiler\INSTALL.LOG
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
    "RemoteCenter"="C:\Programfiler\Creative\MediaSource\RemoteControl\RcMan.exe" [2004-06-25 09:21 147456]
    "RemoteControl"="" []
    "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-25 12:22 68856]
    "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2004-10-26 12:01 921600 C:\WINDOWS\SYSTEM32\nwiz.exe]
    "DadApp"="C:\Programfiler\Dell\AccessDirect\dadapp.exe" [2003-03-07 12:36 209800]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 10:18 28672]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 09:04 46080]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 09:04 3309568]
    "RemoteCenter"="" []
    "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
    "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2005-12-20 20:54 278528]
    "SoftwareStation"="C:\Programfiler\eAcceleration\Station\station.exe" [ ]
    "OnAccess"="C:\Programfiler\eAcceleration\OnAccess\OnAccess.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

    C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
    Certificate Mover.lnk - C:\Programfiler\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe [2006-03-20 17:41:46 126976]
    Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

    R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-06-15 14:28]
    S3 AlcrFilt;Alcor Micro Corp;C:\WINDOWS\System32\Drivers\AlcrFilt.sys [2003-04-28 16:20]
    S3 CPWU6D;Philips Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\CPWU6D.sys [2005-03-07 10:27]
    S3 EWAVE;EWAVE;C:\WINDOWS\System32\drivers\ew.sys []
    S3 FILESPY;FILESPY;C:\WINDOWS\System32\drivers\FILESPY.sys []
    S3 NSTATION;NSTATION;C:\WINDOWS\System32\drivers\nstation.sys []
    S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys []
    S3 US122;US122 Driver;C:\WINDOWS\system32\Drivers\US122.sys [2003-02-13 13:40]
    S3 US122DL;US122 Firmware Downloader;C:\WINDOWS\system32\Drivers\US122DL.sys [2003-02-13 13:45]
    S3 Us122WdmService;US122 Wdm Audio;C:\WINDOWS\system32\Drivers\US122Wdm.sys [2003-02-13 13:40]
    S3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\System32\wlanndi5.SYS [2004-04-21 17:51]
    S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 07:07]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-31 21:24:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-31 21:24:59
    ComboFix-quarantined-files.txt 2008-01-31 20:24:38
    ComboFix2.txt 2008-01-31 18:48:29
    ComboFix3.txt 2008-01-30 22:41:28
    .
    2008-01-10 08:38:59 --- E O F ---
    • 0
  6. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    Merket at etter jeg slettet eaccess så dukket det opp et utropstegn ved siden av klokken, som sa at jeg var uten firewall og noe om at jeg skulle klikke på den for mer info. er dette virus, eller er det xp funksjon kanskje?
    • 0
  7. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    Her er SAS:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/31/2008 at 08:21 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3391
    Trace Rules Database Version: 1383

    Scan type : Complete Scan
    Total Scan Time : 00:29:39

    Memory items scanned : 330
    Memory threats detected : 0
    Registry items scanned : 5485
    Registry threats detected : 6
    File items scanned : 36366
    File threats detected : 146

    Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}
    HKCR\CLSID\{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}
    HKCR\CLSID\{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}\InprocServer32
    HKCR\CLSID\{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}\InprocServer32#ThreadingModel
    C:\PROGRA~1\EACCEL~1\ONACCESS\SEHK.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}
    HKCR\CLSID\{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}

    Adware.Tracking Cookie
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ilead.itrack[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@adrevolver[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@date.ventivmedia[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@infostat.hio[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@pandasoftware.112.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@www.burstnet[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@tradedoubler[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@scripts[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@realmedia[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.veoh[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@eas4.emediate[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@adopt.euroclick[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@indexstats[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.allyourfacearebelongto[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@azjmp[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@eas.apm.emediate[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@cassava[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@adrevolver[3].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@adsby.webtraffic[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@www.yourtracking[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ad1.hardware[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.gamesbannernet[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@atwola[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@bs.serving-sys[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@3.adbrite[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@www.eonsex[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@media.adrevolver[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@stat.katalysatormedia[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@burstnet[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@mtgnewmedia[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.adbrite[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@findexa.adbureau[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ad1.clickhype[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@zedo[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@mediaplex[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@apmebf[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@overture[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.webgains[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.vg.basefarm[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@e2.emediate[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@a[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@adbrite[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@tribalfusion[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@rotator.adjuggler[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@keygenguru[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@atdmt[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@bt.no.112.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[19].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@tacoda[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@chicagosuntimes.122.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@msnaccountservices.112.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@revenue[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@specificclick[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@blankclicks[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@cgi-bin[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.pointroll[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ad.yieldmanager[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.greteroede[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.associatedcontent[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@adtech[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@casalemedia[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@server.cpmstar[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@serving-sys[3].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ad.adtoma[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@clicktorrent[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@www.burstbeacon[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.heias[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@rb4.worldsex[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@yadro[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@m1.webstats.motigo[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@clicktracks.konsepthuset[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@metacafe.122.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@nordea.112.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@1069335999[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@xiti[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.hitsquad[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@rezidor.112.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.repeatmedia[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ad1.emediate[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@eonsex[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@xxxcounter[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@statcounter[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@888[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@adserver.avis2[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@worldsex[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@brightcove.112.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@media.chicagoreader[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@doubleclick[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@nielsen.112.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@smartadserver[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.cnn[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ad[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@stat.onestat[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@saxoorklamedia.122.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@adlegend[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.ak.facebook[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@server.iad.liveperson[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ads.diet[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@anad.tacoda[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@1068878584[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@revsci[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@questionmarket[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@perf.overture[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@advertising[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@484[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ad.zanox[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@maxis.112.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@indextools[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@stylefinder[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@adinterax[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@adserve.v-store.co[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@maxim.122.2o7[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@1071009974[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ncrv-nl[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@partypoker[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@divx.112.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@klo[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ad.adtoma[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@ipsos_track_2007_10[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@mtgnewmedia[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@mtgnewmedia[3].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[10].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[11].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[12].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[13].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[14].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[15].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[17].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[18].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[1].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[2].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[3].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[4].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[5].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[6].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[7].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[8].txt
    C:\Documents and Settings\Vanlig\Cookies\vanlig@track.adform[9].txt

    Adware.OuterInfo-Installer
    C:\QOOBOX\QUARANTINE\C\PROGRAMFILER\OUTERINFO\OIUNINSTALLER.EXE.VIR

    Malware.WinAntiSpyware-Installer
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRVNIDR.DLL.VIR

    Trojan.Unclassified/DRV-Slice
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B82622C0-F5EB-4389-9CA2-5DB47444639C}\RP2\A0000227.DLL

    Adware.Mirar/NetNucleus
    C:\WINDOWS\SYSTEM32\MIRARSEARCH_TOOLBAR.EXE
    • 0
  8. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    Hei. Endringer i planene, får gjort det nå. Har slettet alt eaccsess som du sa, og kjørt både combofix og SAS.

    Her er combofixloggen:

    ComboFix 08-01-30.1 - Vanlig 2008-01-31 19:39:28.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.263 [GMT 1:00]
    Running from: C:\Documents and Settings\Vanlig\Skrivebord\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Vanlig\Skrivebord\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE
    C:\WINDOWS\SYSTEM32\drvnid.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\SYSTEM32\drvnid.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_LKQOOZTT
    -------\LKQOOZTT


    ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
    .

    2008-01-31 12:06 . 2008-01-31 12:06 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard
    2008-01-29 21:48 . 2008-01-29 22:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
    2008-01-29 21:48 . 2008-01-29 21:48 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
    2008-01-29 21:48 . 2008-01-29 21:48 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
    2008-01-29 17:53 . 2008-01-29 19:16 <DIR> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-29 15:28 . 2008-01-29 15:34 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata
    2008-01-29 15:28 . 2008-01-29 15:34 <DIR> d-------- C:\Documents and Settings\Administrator\Maler
    2008-01-29 15:28 . 2008-01-30 23:41 <DIR> d-------- C:\Documents and Settings\Administrator\Lokale innstillinger
    2008-01-29 15:28 . 2008-01-29 15:34 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter
    2008-01-10 23:12 . 2008-01-10 23:12 <DIR> d-------- C:\Programfiler\Octoshape Streaming Services
    2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
    2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini
    2007-12-19 22:27 . 2007-12-19 22:27 <DIR> d-------- C:\Programfiler\Google
    2007-12-11 15:59 . 2007-12-11 15:59 <DIR> d-------- C:\Programfiler\Microsoft ActiveSync
    2007-12-11 15:57 . 2007-12-11 15:59 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2007-12-11 15:57 . 2007-12-11 15:57 <DIR> d-------- C:\Programfiler\Microsoft.NET
    2007-12-11 15:43 . 2008-01-28 21:48 <DIR> d-------- C:\Documents and Settings\Vanlig\Programdata\BitTorrent

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2004-03-08 16:58 74,800 ----a-w C:\Documents and Settings\Vanlig\Programdata\GDIPFONTCACHEV1.DAT
    2003-09-18 15:27 707,072 ----a-w C:\Programfiler\ws_ftple.exe
    2003-09-17 11:00 810 -c--a-w C:\Programfiler\INSTALL.LOG
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
    "RemoteCenter"="C:\Programfiler\Creative\MediaSource\RemoteControl\RcMan.exe" [2004-06-25 09:21 147456]
    "RemoteControl"="" []
    "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-25 12:22 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2004-10-26 12:01 921600 C:\WINDOWS\SYSTEM32\nwiz.exe]
    "DadApp"="C:\Programfiler\Dell\AccessDirect\dadapp.exe" [2003-03-07 12:36 209800]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 10:18 28672]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-24 09:04 46080]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-24 09:04 3309568]
    "RemoteCenter"="" []
    "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
    "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2005-12-20 20:54 278528]
    "SoftwareStation"="C:\Programfiler\eAcceleration\Station\station.exe" [ ]
    "OnAccess"="C:\Programfiler\eAcceleration\OnAccess\OnAccess.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

    C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
    Certificate Mover.lnk - C:\Programfiler\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe [2006-03-20 17:41:46 126976]
    Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{1A42F606-3E21-4AB5-9565-E7C8EF6B0929}"= C:\PROGRA~1\EACCEL~1\OnAccess\sehk.dll [ ]

    R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-06-15 14:28]
    S3 AlcrFilt;Alcor Micro Corp;C:\WINDOWS\System32\Drivers\AlcrFilt.sys [2003-04-28 16:20]
    S3 CPWU6D;Philips Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\CPWU6D.sys [2005-03-07 10:27]
    S3 EWAVE;EWAVE;C:\WINDOWS\System32\drivers\ew.sys []
    S3 FILESPY;FILESPY;C:\WINDOWS\System32\drivers\FILESPY.sys []
    S3 NSTATION;NSTATION;C:\WINDOWS\System32\drivers\nstation.sys []
    S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys []
    S3 US122;US122 Driver;C:\WINDOWS\system32\Drivers\US122.sys [2003-02-13 13:40]
    S3 US122DL;US122 Firmware Downloader;C:\WINDOWS\system32\Drivers\US122DL.sys [2003-02-13 13:45]
    S3 Us122WdmService;US122 Wdm Audio;C:\WINDOWS\system32\Drivers\US122Wdm.sys [2003-02-13 13:40]
    S3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\System32\wlanndi5.SYS [2004-04-21 17:51]
    S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 07:07]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-31 19:45:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\Smartscaps.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programfiler\Dell\AccessDirect\dadapp.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe
    C:\Programfiler\iTunes\iTunesHelper.exe
    C:\Programfiler\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programfiler\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
    C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Programfiler\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2008-01-31 19:48:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-31 18:48:19
    ComboFix2.txt 2008-01-30 22:41:28
    .
    2008-01-10 08:38:59 --- E O F ---
    • 0
  9. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    Jeg får ikke gjort noe før i morgen, dessverre. Kameraten min har enda ikke svart meg (er på jobb) og jeg skal vekk nå, så jeg får ta det i morgen.
    • 0
  10. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    Norbat: Har du tips til gratis firewall+ virusscan til etter viruset er borte? Jeg sitter å venter på klarsignal fra kameraten min nå, så håper jeg får gå igang med prosessen snart.

    Må bare si hjertelig takk til alle som har hjulpet til
    • 0
  11. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    men du blir her i morgen da? er dette et veldig alvorlig virus eller? kan det potensielt ødelegge maskinen, eller er det bare plagsomt ?

    og skal jeg slå av gjenopprettingsfunksjonen før SAS?
    • 0
  12. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    Jepp den er grei. Er det greit om jeg poster loggen i morgen? jeg må nesten prate med ham om dette (jeg stoler selvsagt på deg, men må bare ha hans "blessing" for å gå videre". Blir du her i morgen? Vet du sånn ca når på dagen du blir her? Tusen hjertelig for hjelpen så langt, det er virkelig flott, har hatt skikkelig mageverk siden dette dukket opp, hehe. Men dette problemet blusset opp da jeg lastet ned en heroes of might and magic 2 crack fra en side. helt idiotisk av meg. Slettet alle filene rundt dette programmet selvsagt, så jeg vet ikke om bare å fjerne stopsign vil stanse det, siden stopsign lå der fra før. Så det blir spennende om det funker.
    • 0
  13. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    er du helt sikker på at stopsign er virus? det er som sagt kameraten min sin maskin, og jeg vet ikke om han har betalt for det, om han har lisens tilfellet det ikke er virus
    • 0
  14. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    og hvor finner jeg SAS? har du link? er i sikkermodus så tørr ikke drive å søke
    • 0
  15. remmern la til et innlegg i et emne [LØST] hjelp! Har fått virus!   

    norbat: skal jeg slette stopsign by eaccalaration på legg til fjern? finner ingen som heter bare eaccelaration
    • 0