kan noen sjekke HijackThis logg

[Tommy-]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:20:31, on 24.11.08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\Ati2evxx.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\Ati2evxx.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

E:\WINDOWS\Explorer.EXE

E:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

E:\WINDOWS\RTHDCPL.EXE

E:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

E:\Programfiler\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

E:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

E:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Programfiler\Steam\Steam.exe

E:\Programfiler\MSN Messenger\MsnMsgr.Exe

E:\Programfiler\Samurize\Client.exe

E:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

E:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

E:\Programfiler\Bonjour\mDNSResponder.exe

E:\WINDOWS\system32\CTsvcCDA.exe

E:\WINDOWS\system32\svchost.exe

E:\Programfiler\MSN Messenger\usnsvc.exe

E:\WINDOWS\system32\wuauclt.exe

E:\Programfiler\Creative\Video Converter\CtConvU.exe

E:\PROGRA~1\Creative\SHARED~1\OpaQManU.exe

E:\Programfiler\Mozilla Firefox\firefox.exe

E:\WINDOWS\system32\NOTEPAD.EXE

E:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [NBKeyScan] "E:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [CTCheck] E:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

O4 - HKLM\..\Run: [LWBMOUSE] E:\Programfiler\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

O4 - HKLM\..\Run: [startCCC] "E:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "E:\Programfiler\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [avgnt] "E:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "E:\Programfiler\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [LightScribe Control Panel] E:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [CTSyncU.exe] "E:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Client Default.lnk = E:\Programfiler\Samurize\Client.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Programfiler\Yahoo!\Common\yinsthelper.dll

O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - E:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Programfiler\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Programfiler\Spyware Doctor\pctsSvc.exe

 

--

End of file - 7381 bytes

 

 

 

 

 

Og hvor kan jeg laste ned combofix?

[Tosha0007]

har ikkje tid til å sjekke HijackThis loggen no. Før du køyrer Combofix, last ned og køyr Malwarebyte'.

 

 

Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet.

 

Kjør fila og installer programmet. Velg Norsk språkdrakt.

[*]Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig.

La programmet oppdatere seg og velg Utfør hurtig systemskann.

 

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

 

Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet.

 

Notis:

Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål.

Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen.

Hvis du blir spurt om å restarte maskinen, gjør du det med en gang.

 

Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies

 

 

Last ned Combofix (av sUBs), og legg det på Skrivebordet.

 

Kjør combofix.exe, og følg veiledningen. Du får et spørsmål om at "Roughly 1/100 machines failed to make it through the disinfection process!! Are you sure you want to do this??" - Svar Yes

Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser.

 

Hva gjør ComboFix:

 

- ComboFix er et multifix-program som er laget for å fjerne en hel del kjente infeksjoner, samt lager en logg/rapport som viser filer/prosesser/registeroppføringer som ligger på PC-en. Loggen kan avgjøre om det fortsatt ligger noe på PC-en som skal fjernes. Det kreves da at noen med erfaring kan lese loggen og fortelle hvordan man skal gå videre.

 

PS: Combofix vil blant ramse opp alle filer som har blitt opprettet den siste måneden, og kan i enkelte tilfeller også fortelle fullt navn og annen informasjon som kan betraktes som sensitiv. Av den grunn bør du gå gjennom loggen og se om du finner informasjon du ikke vil dele med alle, og sensurere det.

 

Post loggfilen fra Combofix (c:\combofix.txt)

[Tommy-]

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1419

Windows 5.1.2600 Service Pack 2

 

24.11.08 19:10:40

mbam-log-2008-11-24 (19-10-40).txt

 

Skanntype: Full Skann (E:\|F:\|)

Objekter skannet: 174103

Tid tilbakelagt: 58 minute(s), 42 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 3

Registernøkler infisert: 2

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 4

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

E:\Programfiler\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Delete on reboot.

E:\Programfiler\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.

E:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\phge (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\phge (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

E:\Programfiler\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully.

E:\Programfiler\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

E:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\drivers\poqfkeen.sys (Trojan.Downloader) -> Quarantined and deleted successfully.

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:31, on 24.11.08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\WINDOWS\Explorer.EXE
E:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
E:\Programfiler\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
E:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programfiler\Steam\Steam.exe
E:\Programfiler\MSN Messenger\MsnMsgr.Exe
E:\Programfiler\Samurize\Client.exe
E:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\Programfiler\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\WINDOWS\system32\svchost.exe
E:\Programfiler\MSN Messenger\usnsvc.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Programfiler\Creative\Video Converter\CtConvU.exe
E:\PROGRA~1\Creative\SHARED~1\OpaQManU.exe
E:\Programfiler\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.ask.com?o=1607"][url="http://www.ask.com?o=1607"]http://www.ask.com?o=1607[/url][/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NBKeyScan] "E:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTCheck] E:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] E:\Programfiler\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [startCCC] "E:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "E:\Programfiler\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [avgnt] "E:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [steam] "E:\Programfiler\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LightScribe Control Panel] E:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTSyncU.exe] "E:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Client Default.lnk = E:\Programfiler\Samurize\Client.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [url="http://www.srtest.com/srl_bin/sysreqlab_srl.cab"][url="http://www.srtest.com/srl_bin/sysreqlab_srl.cab"]http://www.srtest.com/srl_bin/sysreqlab_srl.cab[/url][/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Programfiler\Yahoo!\Common\yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - E:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Programfiler\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Programfiler\Spyware Doctor\pctsSvc.exe

--
End of file - 7381 bytes

 

ComboFix 08-11-23.02 - Tommy Tommy 2008-11-24 19:14:14.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.1361 [GMT 1:00]
Running from: e:\documents and settings\Tommy Tommy\Skrivebord\ComboFix.exe
* Created a new restore point

[color="RED"][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system32\mpg4c32.dll

.
(((((((((((((((((((((((((   Files Created from 2008-10-24 to 2008-11-24  )))))))))))))))))))))))))))))))
.

2008-11-24 17:46 . 2008-11-24 17:46	<DIR>	d--------	e:\programfiler\Malwarebytes' Anti-Malware
2008-11-24 17:46 . 2008-11-24 17:46	<DIR>	d--------	e:\documents and settings\Tommy Tommy\Programdata\Malwarebytes
2008-11-24 17:46 . 2008-11-24 17:46	<DIR>	d--------	e:\documents and settings\All Users\Programdata\Malwarebytes
2008-11-24 17:46 . 2008-10-22 16:10	38,496	--a------	e:\windows\system32\drivers\mbamswissarmy.sys
2008-11-24 17:46 . 2008-10-22 16:10	15,504	--a------	e:\windows\system32\drivers\mbam.sys
2008-11-24 16:22 . 2008-11-24 19:10	<DIR>	dr-h-----	e:\documents and settings\Tommy Tommy\Siste
2008-11-24 16:20 . 2008-11-24 16:20	<DIR>	d--------	e:\programfiler\Trend Micro
2008-11-16 16:17 . 2008-11-16 21:58	<DIR>	d--------	e:\programfiler\NOS
2008-11-16 16:17 . 2008-11-16 21:58	<DIR>	d--------	e:\documents and settings\All Users\Programdata\NOS
2008-11-15 12:02 . 2008-11-15 12:02	268	--ah-----	E:\sqmdata03.sqm
2008-11-15 12:02 . 2008-11-15 12:02	244	--ah-----	E:\sqmnoopt03.sqm
2008-11-14 23:36 . 2008-11-19 17:30	<DIR>	d--------	e:\programfiler\SpeedFan
2008-11-14 22:43 . 2008-11-14 22:43	244	--ah-----	E:\sqmnoopt02.sqm
2008-11-14 22:43 . 2008-11-14 22:43	232	--ah-----	E:\sqmdata02.sqm
2008-11-12 22:31 . 1997-11-19 15:49	303,616	--a------	e:\windows\IsUninst.exe
2008-11-12 21:03 . 2008-11-12 21:03	<DIR>	d--------	e:\programfiler\ZoneAlarmSB
2008-11-12 21:02 . 2008-11-12 21:02	<DIR>	d--------	e:\documents and settings\All Users\Programdata\MailFrontier
2008-11-12 21:02 . 2008-11-12 21:03	4,212	---h-----	e:\windows\system32\zllictbl.dat
2008-11-12 21:01 . 2004-04-27 04:40	11,264	--a------	e:\windows\system32\SpOrder.dll
2008-11-12 21:00 . 2008-11-12 21:08	<DIR>	d--------	e:\windows\Internet Logs
2008-11-12 19:12 . 2008-11-12 19:12	<DIR>	d--------	e:\programfiler\Avira
2008-11-12 19:12 . 2008-11-12 19:12	<DIR>	d--------	e:\documents and settings\All Users\Programdata\Avira
2008-11-12 15:25 . 2008-10-24 12:10	453,632	-----c---	e:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 08:08 . 2008-11-10 08:08	<DIR>	d--------	e:\programfiler\MSXML 6.0
2008-11-09 22:17 . 2008-11-09 22:17	<DIR>	d--------	e:\documents and settings\Tommy Tommy\Programdata\Publish Providers
2008-11-09 22:16 . 2008-11-09 22:16	<DIR>	d--------	e:\documents and settings\Tommy Tommy\Programdata\Sony
2008-11-09 22:03 . 2008-11-09 22:03	<DIR>	d--------	e:\programfiler\MSBuild
2008-11-09 22:00 . 2008-11-09 22:00	<DIR>	d--------	e:\windows\system32\XPSViewer
2008-11-09 22:00 . 2008-11-09 22:00	<DIR>	d--------	e:\programfiler\Reference Assemblies
2008-11-09 21:59 . 2006-06-29 13:07	14,048	---------	e:\windows\system32\spmsg2.dll
2008-11-09 21:55 . 2008-11-09 21:55	<DIR>	d--------	e:\programfiler\Sony Setup
2008-11-09 21:55 . 2008-11-09 21:55	<DIR>	d--------	e:\documents and settings\Tommy Tommy\Programdata\Sony Setup
2008-11-07 19:21 . 2008-11-07 19:21	<DIR>	d--------	e:\windows\system32\windows media
2008-11-07 19:21 . 2008-11-07 19:21	<DIR>	d--h-----	e:\windows\msdownld.tmp
2008-11-07 19:21 . 2008-11-07 19:21	<DIR>	d--------	e:\programfiler\Windows Media Components
2008-11-07 07:52 . 2008-11-20 18:46	<DIR>	d--------	e:\programfiler\Spyware Doctor
2008-11-07 07:52 . 2008-11-07 07:52	<DIR>	d--------	e:\documents and settings\Tommy Tommy\Programdata\PC Tools
2008-11-07 07:52 . 2008-08-25 12:36	81,288	--a------	e:\windows\system32\drivers\iksyssec.sys
2008-11-07 07:52 . 2008-08-25 12:36	66,952	--a------	e:\windows\system32\drivers\iksysflt.sys
2008-11-07 07:52 . 2008-08-25 12:36	40,840	--a------	e:\windows\system32\drivers\ikfilesec.sys
2008-11-07 07:52 . 2008-06-02 16:19	29,576	--a------	e:\windows\system32\drivers\kcom.sys
2008-11-07 07:41 . 2008-11-07 07:41	<DIR>	d--------	e:\programfiler\OJOsoft
2008-11-07 07:39 . 2008-11-07 07:43	<DIR>	d--------	e:\programfiler\XVideoConverter
2008-11-07 07:33 . 2008-11-07 07:33	<DIR>	d--------	e:\documents and settings\Tommy Tommy\Programdata\AVS4YOU
2008-11-07 07:33 . 2008-11-07 07:33	<DIR>	d--------	e:\documents and settings\All Users\Programdata\AVS4YOU
2008-11-07 07:31 . 2008-11-07 07:43	<DIR>	d--------	e:\programfiler\Fellesfiler\AVSMedia
2008-11-07 07:31 . 2008-11-07 07:45	<DIR>	d--------	e:\programfiler\AVS4YOU
2008-11-07 07:31 . 2007-10-15 10:35	1,700,352	--a------	e:\windows\system32\GdiPlus.dll
2008-11-07 07:31 . 2007-10-15 10:35	974,848	--a------	e:\windows\system32\mfc70.dll
2008-11-07 07:31 . 2007-10-15 10:35	638,976	--a------	e:\windows\system32\divx.dll
2008-11-07 07:31 . 2007-10-15 10:35	487,424	--a------	e:\windows\system32\msvcp70.dll
2008-11-07 07:31 . 2007-10-15 10:35	344,064	--a------	e:\windows\system32\msvcr70.dll
2008-11-07 07:31 . 2007-10-15 10:35	261,632	--a------	e:\windows\system32\mcdvd_32.dll
2008-11-07 07:31 . 2007-10-15 10:35	221,215	--a------	e:\windows\system32\divxdec.ax
2008-11-07 07:31 . 2007-10-15 10:35	156,910	--a------	e:\windows\WMSysPr8.prx
2008-11-07 07:31 . 2007-10-15 10:35	82,944	--a------	e:\windows\system32\vct3216.acm
2008-11-07 07:31 . 2007-10-15 10:35	81,920	--a------	e:\windows\system32\AC3ACM.acm
2008-11-07 07:31 . 2007-10-15 10:35	38,912	--a------	e:\windows\system32\alf2cd.acm
2008-11-07 07:31 . 2007-10-15 10:35	13,239	--a------	e:\windows\system32\Scg726.acm
2008-11-06 22:53 . 2008-11-06 22:53	<DIR>	d--------	e:\programfiler\VersalSoft
2008-11-06 22:53 . 2008-11-06 22:55	<DIR>	d--------	E:\Program Files
2008-11-03 20:11 . 2008-10-27 18:37	192,307	--a------	E:\wubildr
2008-11-03 20:11 . 2008-10-27 18:37	8,192	--a------	E:\wubildr.mbr
2008-11-03 20:02 . 2008-11-03 20:02	<DIR>	d--------	E:\ubuntu
2008-11-03 19:16 . 2008-11-03 19:17	<DIR>	d--------	E:\ubuntu-backup
2008-11-02 01:51 . 2008-11-02 13:07	<DIR>	d--------	e:\programfiler\DC++
2008-11-02 00:22 . 2008-11-02 00:22	<DIR>	d--------	e:\programfiler\Western Digital Technologies
2008-11-02 00:15 . 2008-11-02 00:15	<DIR>	d--------	e:\programfiler\Seagate
2008-11-02 00:14 . 2008-11-02 00:14	<DIR>	d--------	e:\programfiler\Fellesfiler\Wise Installation Wizard
2008-11-01 15:43 . 2008-11-14 23:36	45	--a------	e:\windows\system32\initdebug.nfo
2008-11-01 14:32 . 2008-11-07 23:19	<DIR>	d--------	e:\programfiler\Samurize
2008-10-31 21:44 . 2008-10-31 21:44	268	--ah-----	E:\sqmdata01.sqm
2008-10-31 21:44 . 2008-10-31 21:44	244	--ah-----	E:\sqmnoopt01.sqm
2008-10-31 20:57 . 2008-10-31 20:57	<DIR>	d--------	e:\programfiler\EA GAMES
2008-10-31 20:14 . 2008-10-31 20:14	268	--ah-----	E:\sqmdata00.sqm
2008-10-31 20:14 . 2008-10-31 20:14	244	--ah-----	E:\sqmnoopt00.sqm
2008-10-31 19:30 . 2008-10-31 19:30	<DIR>	d--------	e:\programfiler\VstPlugins
2008-10-31 19:30 . 2008-10-31 19:30	<DIR>	d--------	e:\programfiler\ASIO4ALL v2
2008-10-31 19:30 . 2006-06-20 09:56	225,280	--a------	e:\windows\system32\rewire.dll
2008-10-31 19:29 . 2008-10-31 19:29	<DIR>	d--------	e:\programfiler\Outsim
2008-10-31 19:29 . 2002-07-07 23:14	1,294,336	--a------	e:\windows\system32\vorbis.acm
2008-10-31 19:28 . 2008-10-31 19:30	<DIR>	d--------	e:\programfiler\Image-Line
2008-10-30 16:31 . 2008-11-01 12:22	<DIR>	d--------	e:\programfiler\Valve
2008-10-30 13:38 . 2008-10-30 13:38	<DIR>	d--------	e:\documents and settings\All Users\Programdata\ATI
2008-10-30 13:35 . 2008-10-30 15:09	<DIR>	d--------	e:\programfiler\ATI
2008-10-30 13:15 . 2008-09-23 21:05	593,920	---------	e:\windows\system32\ati2sgag.exe
2008-10-30 13:04 . 2008-03-10 02:37	3,107,788	-ra------	e:\windows\system32\ativvaxx.dat
2008-10-30 13:04 . 2008-03-10 02:37	3,107,788	-ra------	e:\windows\system32\ativva5x.dat
2008-10-30 13:04 . 2008-03-10 02:37	887,724	-ra------	e:\windows\system32\ativva6x.dat
2008-10-30 13:04 . 2008-09-24 03:18	425,984	--a------	e:\windows\system32\ATIDEMGX.dll
2008-10-30 13:04 . 2008-09-24 02:56	307,200	--a------	e:\windows\system32\atiiiexx.dll
2008-10-30 13:04 . 2008-09-17 20:17	176,918	--a------	e:\windows\system32\atiicdxx.dat
2008-10-30 13:04 . 2007-08-31 14:20	7,167	-ra------	e:\windows\system32\atifglpf.xml
2008-10-30 12:36 . 2008-07-31 15:36	14,696	--a------	e:\windows\atiogl.xml
2008-10-30 12:19 . 2008-10-30 12:57	10	--a------	e:\windows\WININIT.INI
2008-10-30 12:12 . 2008-03-12 22:17	372,736	-ra------	e:\windows\system32\SET6B.tmp
2008-10-28 19:33 . 2008-11-20 18:47	<DIR>	d-a------	e:\documents and settings\All Users\Programdata\TEMP
2008-10-27 21:27 . 2008-10-27 21:27	<DIR>	dr-h-----	e:\documents and settings\Tommy Tommy\Programdata\SecuROM
2008-10-27 21:23 . 2008-10-27 21:27	107,888	--a------	e:\windows\system32\CmdLineExt.dll
2008-10-27 21:19 . 2008-10-28 17:26	682,280	--a------	e:\windows\system32\pbsvc.exe
2008-10-27 21:19 . 2008-10-27 21:19	22,328	--a------	e:\documents and settings\Tommy Tommy\Programdata\PnkBstrK.sys
2008-10-27 21:17 . 2008-10-27 21:17	<DIR>	d--------	e:\programfiler\Ubisoft
2008-10-26 19:31 . 2004-08-04 01:03	159,232	--a------	e:\windows\system32\ptpusd.dll
2008-10-26 19:31 . 2004-08-03 22:58	15,104	--a------	e:\windows\system32\drivers\usbscan.sys
2008-10-26 19:31 . 2004-08-03 22:58	15,104	--a--c---	e:\windows\system32\dllcache\usbscan.sys
2008-10-26 19:31 . 2001-10-06 14:02	5,632	--a------	e:\windows\system32\ptpusb.dll
2008-10-26 18:33 . 2008-10-26 18:33	<DIR>	d--------	E:\ATI
2008-10-25 23:27 . 2008-10-25 23:27	<DIR>	d--------	e:\documents and settings\Tommy Tommy\WINDOWS
2008-10-25 16:44 . 2008-10-25 16:44	<DIR>	d--------	e:\programfiler\Browser Mouse
2008-10-25 16:44 . 2000-05-10 06:29	6,205	--a------	e:\windows\system32\LWBHMVXD.VXD
2008-10-25 11:22 . 2008-10-25 11:27	<DIR>	d--------	e:\windows\system32\CatRoot_bak
2008-10-24 18:36 . 2008-10-24 18:36	36,103	--a------	e:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-10-24 18:36 . 2008-10-24 18:36	33,846	--a------	e:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2008-10-24 15:52 . 2008-10-24 15:52	<DIR>	d--------	e:\programfiler\GoldWave
2008-10-24 15:34 . 2008-10-24 15:34	<DIR>	d--------	e:\programfiler\Illustrate
2008-10-24 15:34 . 2008-10-24 18:36	131,072	--a------	e:\windows\system32\SpoonUninstall.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 18:14	---------	d-----w	e:\documents and settings\Tommy Tommy\Programdata\uTorrent
2008-11-24 17:33	---------	d-----w	e:\programfiler\Steam
2008-11-19 17:34	---------	d-----w	e:\documents and settings\Tommy Tommy\Programdata\FrostWire
2008-11-19 15:39	---------	d-----w	e:\documents and settings\Tommy Tommy\Programdata\dvdcss
2008-11-16 16:44	---------	d-----w	e:\programfiler\Clue
2008-11-16 15:18	---------	d-----w	e:\programfiler\Fellesfiler\Adobe
2008-11-09 21:01	---------	d-----w	e:\documents and settings\Tommy Tommy\Programdata\Creative
2008-11-07 16:08	---------	d-----w	e:\programfiler\Fellesfiler\Apple
2008-11-07 06:43	---------	d-----w	e:\programfiler\AviSynth 2.5
2008-10-31 19:56	---------	d--h--w	e:\programfiler\InstallShield Installation Information
2008-10-30 12:34	---------	d-----w	e:\programfiler\ATI Technologies
2008-10-26 16:50	---------	d-----w	e:\programfiler\SystemRequirementsLab
2008-10-24 18:05	---------	d-----w	e:\programfiler\Yahoo!
2008-10-24 17:04	---------	d-----w	e:\documents and settings\All Users\Programdata\Apple Computer
2008-10-24 11:10	453,632	----a-w	e:\windows\system32\drivers\mrxsmb.sys
2008-10-22 12:11	---------	d-----w	e:\programfiler\Lavalys
2008-10-22 05:50	---------	d-----w	e:\documents and settings\All Users\Programdata\Adobe Systems
2008-10-22 05:47	20,016	------w	e:\windows\system32\drivers\pxhelp20.sys
2008-10-21 15:51	---------	d--h--w	e:\programfiler\Creative Installation Information
2008-10-21 15:51	---------	d-----w	e:\programfiler\Creative
2008-10-21 15:51	---------	d-----w	e:\documents and settings\All Users\Programdata\Creative
2008-10-21 15:21	---------	d-----w	e:\programfiler\Fellesfiler\Creative
2008-10-21 15:05	---------	d-----w	e:\programfiler\Rockstar Games
2008-10-19 17:34	---------	d-----w	e:\documents and settings\Tommy Tommy\Programdata\Apple Computer
2008-10-19 17:32	---------	d-----w	e:\programfiler\QuickTime
2008-10-19 17:32	---------	d-----w	e:\programfiler\Bonjour
2008-10-19 17:31	---------	d-----w	e:\documents and settings\All Users\Programdata\Apple
2008-10-19 12:04	---------	d-----w	e:\programfiler\Fellesfiler\Nero
2008-10-19 12:04	---------	d-----w	e:\documents and settings\All Users\Programdata\Nero
2008-10-19 10:38	---------	d-----w	e:\programfiler\Microsoft.NET
2008-10-19 10:05	---------	d-----w	e:\programfiler\Fellesfiler\Macrovision Shared
2008-10-19 10:00	---------	d-----w	e:\programfiler\MagicISO
2008-10-18 21:58	---------	d-----w	e:\programfiler\Windows Media Connect 2
2008-10-18 12:46	---------	d-----w	e:\programfiler\MSXML 4.0
2008-10-18 10:10	---------	d-----w	e:\programfiler\Fellesfiler\Adobe Systems Shared
2008-10-18 09:43	34,308	----a-w	e:\windows\system32\Chip.dll
2008-10-18 09:43	---------	d-----w	e:\programfiler\MagicDVDRipper
2008-10-17 21:20	---------	d-----w	e:\programfiler\FrostWire
2008-10-17 21:19	---------	d-----w	e:\programfiler\Sun
2008-10-17 21:18	---------	d-----w	e:\programfiler\Java
2008-10-17 21:11	---------	d-----w	e:\programfiler\AskSBar
2008-10-17 21:03	---------	d-----w	e:\programfiler\Fellesfiler\Java
2008-10-17 17:37	---------	d-----w	e:\programfiler\Fellesfiler\Thraex Software
2008-10-17 16:20	---------	d-----w	e:\programfiler\DAEMON Tools Lite
2008-10-17 16:18	---------	d-----w	e:\programfiler\DAEMON Tools Toolbar
2008-10-17 16:15	717,296	----a-w	e:\windows\system32\drivers\sptd.sys
2008-10-17 16:15	---------	d-----w	e:\documents and settings\Tommy Tommy\Programdata\DAEMON Tools
2008-10-17 16:07	---------	d-----w	e:\programfiler\Opera
2008-10-17 15:57	218,624	----a-w	e:\windows\system32\uxtheme.dll
2008-10-17 15:38	---------	d-----w	e:\documents and settings\All Users\Programdata\LightScribe
2008-10-17 15:37	---------	d-----w	e:\documents and settings\Tommy Tommy\Programdata\Nero
2008-10-17 15:36	---------	d-----w	e:\programfiler\CCleaner
2008-10-17 15:36	---------	d-----w	e:\documents and settings\Tommy Tommy\Programdata\vlc
2008-10-17 15:35	---------	d-----w	e:\programfiler\VideoLAN
2008-10-17 15:35	---------	d-----w	e:\programfiler\NeroInstall.bak
2008-10-17 15:34	---------	d-----w	e:\programfiler\uTorrent
2008-10-17 15:32	---------	d-----w	e:\programfiler\Nero
2008-10-17 14:57	---------	d-----w	e:\programfiler\Kaspersky Lab
2008-10-17 14:52	---------	d-----w	e:\documents and settings\All Users\Programdata\Kaspersky Lab Setup Files
2008-10-17 14:49	---------	d-----w	e:\programfiler\MSN Messenger
2008-10-17 14:39	315,392	----a-w	e:\windows\HideWin.exe
2008-10-17 14:39	---------	d-----w	e:\programfiler\Realtek
2008-10-17 14:38	---------	d-----w	e:\documents and settings\Tommy Tommy\Programdata\ATI
2008-10-17 14:33	---------	d-----w	e:\programfiler\AMD
2008-10-17 14:32	---------	d-----w	e:\programfiler\Fellesfiler\InstallShield
2008-10-17 14:32	---------	d-----w	e:\programfiler\Fellesfiler\ATI Technologies
2008-10-17 14:30	---------	d-----w	e:\documents and settings\Tommy Tommy\Programdata\InstallShield
2008-10-17 13:37	---------	d-----w	e:\programfiler\microsoft frontpage
2008-10-17 13:36	---------	d-----w	e:\programfiler\Fellesfiler\Tjenester
2008-10-17 13:36	---------	d-----w	e:\programfiler\Elektroniske tjenester
2008-10-16 13:13	202,776	----a-w	e:\windows\system32\wuweb.dll
2008-10-16 13:13	1,809,944	----a-w	e:\windows\system32\wuaueng.dll
2008-10-16 13:12	561,688	----a-w	e:\windows\system32\wuapi.dll
2008-10-16 13:12	323,608	----a-w	e:\windows\system32\wucltui.dll
2008-10-16 13:09	92,696	----a-w	e:\windows\system32\cdm.dll
2008-10-16 13:09	51,224	----a-w	e:\windows\system32\wuauclt.exe
2008-10-16 13:09	43,544	----a-w	e:\windows\system32\wups2.dll
2008-10-16 13:08	34,328	----a-w	e:\windows\system32\wups.dll
2008-10-02 23:46	81,920	----a-w	e:\windows\system32\frapsvid.dll
2008-09-30 15:43	1,286,152	----a-w	e:\windows\system32\msxml4.dll
2008-09-24 03:09	3,331,072	----a-w	e:\windows\system32\drivers\ati2mtag.sys
2008-09-24 02:17	311,296	----a-w	e:\windows\system32\ati2dvag.dll
2008-09-24 02:09	10,772,480	----a-w	e:\windows\system32\atioglxx.dll
2008-09-24 02:07	188,416	----a-w	e:\windows\system32\atipdlxx.dll
2008-09-24 02:06	43,520	----a-w	e:\windows\system32\ati2edxx.dll
2008-09-24 02:06	26,112	----a-w	e:\windows\system32\Ati2mdxx.exe
2008-09-24 02:06	143,360	----a-w	e:\windows\system32\Oemdspif.dll
2008-09-24 02:06	143,360	----a-w	e:\windows\system32\ati2evxx.dll
2008-09-24 02:04	581,632	----a-w	e:\windows\system32\ati2evxx.exe
2008-09-24 02:03	53,248	----a-w	e:\windows\system32\ATIDDC.DLL
2008-09-24 01:54	4,008,864	----a-w	e:\windows\system32\ati3duag.dll
2008-09-24 01:38	2,399,744	----a-w	e:\windows\system32\ativvaxx.dll
2008-09-24 01:24	48,640	----a-w	e:\windows\system32\amdpcom32.dll
2008-09-24 01:20	380,928	----a-w	e:\windows\system32\atikvmag.dll
2008-09-24 01:19	39,424	----a-w	e:\windows\system32\atiadlxx.dll
2008-09-24 01:18	53,248	----a-w	e:\windows\system32\drivers\ati2erec.dll
2008-09-24 01:18	253,952	----a-w	e:\windows\system32\atiok3x2.dll
2008-09-24 01:18	17,408	----a-w	e:\windows\system32\atitvo32.dll
2008-09-24 01:12	573,440	----a-w	e:\windows\system32\ati2cqag.dll
2008-09-15 15:42	1,846,016	----a-w	e:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "e:\programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-10-17 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-10-17 22:11	66912	--a------	e:\programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Steam"="e:\programfiler\Steam\Steam.exe" [2008-10-17 1410296]
"MsnMsgr"="e:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="e:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"CTSyncU.exe"="e:\programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="e:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="e:\programfiler\QuickTime\QTTask.exe" [2008-09-06 413696]
"CTCheck"="e:\programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"LWBMOUSE"="e:\programfiler\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [2001-11-20 356352]
"StartCCC"="e:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"ATICustomerCare"="e:\programfiler\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"avgnt"="e:\programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="e:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Malwarebytes Anti-Malware (reboot)"="e:\programfiler\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 e:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

e:\documents and settings\Tommy Tommy\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - e:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Client Default.lnk - e:\programfiler\Samurize\Client.exe [2007-04-07 2010624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"e:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"e:\\Programfiler\\MSN Messenger\\livecall.exe"=
"e:\\Programfiler\\uTorrent\\uTorrent.exe"=
"e:\\Programfiler\\Steam\\steamapps\\nfkurple\\counter-strike source\\hl2.exe"=
"e:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"e:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"e:\\Programfiler\\Valve\\hl.exe"=
"e:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Documents and Settings\\Tommy Tommy\\Mine dokumenter\\Instalasjon filer\\Flatout 2\\installert\\FlatOut2.exe"=
"e:\\Programfiler\\DC++\\DCPlusPlus.exe"=
"e:\\Programfiler\\Steam\\Steam.exe"=
"e:\\Programfiler\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

R3 MBAMSwissArmy;MBAMSwissArmy;\??\e:\windows\system32\drivers\mbamswissarmy.sys [2008-11-24 38496]

*Newly Created Service* - MBAMSWISSARMY
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - e:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-LightScribe Control Panel - e:\programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe
HKLM-Run-NBKeyScan - e:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - e:\documents and settings\Tommy Tommy\Programdata\Mozilla\Firefox\Profiles\c2t26m88.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - nettavisen.no
FF -: plugin - e:\programfiler\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - e:\programfiler\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - e:\programfiler\Opera\program\plugins\np_gp.dll
FF -: plugin - e:\programfiler\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"][url="http://www.gmer.net"]http://www.gmer.net[/url][/url]
Rootkit scan 2008-11-24 19:16:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
e:\windows\system32\Ati2evxx.dll
e:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(788)
e:\windows\system32\msprivs.dll
e:\windows\system32\rsaenh.dll
.
Completion time: 2008-11-24 19:17:13
ComboFix-quarantined-files.txt  2008-11-24 18:17:03

Pre-Run: 109 396 946 944 byte ledig
Post-Run: 109,382,684,672 byte ledig

324	--- E O F ---	2008-11-13 11:54:12

 

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1419

Windows 5.1.2600 Service Pack 2

 

24.11.08 19:10:40

mbam-log-2008-11-24 (19-10-40).txt

 

Skanntype: Full Skann (E:\|F:\|)

Objekter skannet: 174103

Tid tilbakelagt: 58 minute(s), 42 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 3

Registernøkler infisert: 2

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 4

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

E:\Programfiler\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Delete on reboot.

E:\Programfiler\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.

E:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\phge (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\phge (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

E:\Programfiler\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully.

E:\Programfiler\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

E:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\drivers\poqfkeen.sys (Trojan.Downloader) -> Quarantined and deleted successfully.

 

 

 

 

ComboFix 08-11-23.02 - Tommy Tommy 2008-11-24 19:14:14.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1361 [GMT 1:00]

Running from: e:\documents and settings\Tommy Tommy\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

e:\windows\system32\mpg4c32.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))

.

 

2008-11-24 17:46 . 2008-11-24 17:46 <DIR> d-------- e:\programfiler\Malwarebytes' Anti-Malware

2008-11-24 17:46 . 2008-11-24 17:46 <DIR> d-------- e:\documents and settings\Tommy Tommy\Programdata\Malwarebytes

2008-11-24 17:46 . 2008-11-24 17:46 <DIR> d-------- e:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-24 17:46 . 2008-10-22 16:10 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys

2008-11-24 17:46 . 2008-10-22 16:10 15,504 --a------ e:\windows\system32\drivers\mbam.sys

2008-11-24 16:22 . 2008-11-24 19:10 <DIR> dr-h----- e:\documents and settings\Tommy Tommy\Siste

2008-11-24 16:20 . 2008-11-24 16:20 <DIR> d-------- e:\programfiler\Trend Micro

2008-11-16 16:17 . 2008-11-16 21:58 <DIR> d-------- e:\programfiler\NOS

2008-11-16 16:17 . 2008-11-16 21:58 <DIR> d-------- e:\documents and settings\All Users\Programdata\NOS

2008-11-15 12:02 . 2008-11-15 12:02 268 --ah----- E:\sqmdata03.sqm

2008-11-15 12:02 . 2008-11-15 12:02 244 --ah----- E:\sqmnoopt03.sqm

2008-11-14 23:36 . 2008-11-19 17:30 <DIR> d-------- e:\programfiler\SpeedFan

2008-11-14 22:43 . 2008-11-14 22:43 244 --ah----- E:\sqmnoopt02.sqm

2008-11-14 22:43 . 2008-11-14 22:43 232 --ah----- E:\sqmdata02.sqm

2008-11-12 22:31 . 1997-11-19 15:49 303,616 --a------ e:\windows\IsUninst.exe

2008-11-12 21:03 . 2008-11-12 21:03 <DIR> d-------- e:\programfiler\ZoneAlarmSB

2008-11-12 21:02 . 2008-11-12 21:02 <DIR> d-------- e:\documents and settings\All Users\Programdata\MailFrontier

2008-11-12 21:02 . 2008-11-12 21:03 4,212 ---h----- e:\windows\system32\zllictbl.dat

2008-11-12 21:01 . 2004-04-27 04:40 11,264 --a------ e:\windows\system32\SpOrder.dll

2008-11-12 21:00 . 2008-11-12 21:08 <DIR> d-------- e:\windows\Internet Logs

2008-11-12 19:12 . 2008-11-12 19:12 <DIR> d-------- e:\programfiler\Avira

2008-11-12 19:12 . 2008-11-12 19:12 <DIR> d-------- e:\documents and settings\All Users\Programdata\Avira

2008-11-12 15:25 . 2008-10-24 12:10 453,632 -----c--- e:\windows\system32\dllcache\mrxsmb.sys

2008-11-10 08:08 . 2008-11-10 08:08 <DIR> d-------- e:\programfiler\MSXML 6.0

2008-11-09 22:17 . 2008-11-09 22:17 <DIR> d-------- e:\documents and settings\Tommy Tommy\Programdata\Publish Providers

2008-11-09 22:16 . 2008-11-09 22:16 <DIR> d-------- e:\documents and settings\Tommy Tommy\Programdata\Sony

2008-11-09 22:03 . 2008-11-09 22:03 <DIR> d-------- e:\programfiler\MSBuild

2008-11-09 22:00 . 2008-11-09 22:00 <DIR> d-------- e:\windows\system32\XPSViewer

2008-11-09 22:00 . 2008-11-09 22:00 <DIR> d-------- e:\programfiler\Reference Assemblies

2008-11-09 21:59 . 2006-06-29 13:07 14,048 --------- e:\windows\system32\spmsg2.dll

2008-11-09 21:55 . 2008-11-09 21:55 <DIR> d-------- e:\programfiler\Sony Setup

2008-11-09 21:55 . 2008-11-09 21:55 <DIR> d-------- e:\documents and settings\Tommy Tommy\Programdata\Sony Setup

2008-11-07 19:21 . 2008-11-07 19:21 <DIR> d-------- e:\windows\system32\windows media

2008-11-07 19:21 . 2008-11-07 19:21 <DIR> d--h----- e:\windows\msdownld.tmp

2008-11-07 19:21 . 2008-11-07 19:21 <DIR> d-------- e:\programfiler\Windows Media Components

2008-11-07 07:52 . 2008-11-20 18:46 <DIR> d-------- e:\programfiler\Spyware Doctor

2008-11-07 07:52 . 2008-11-07 07:52 <DIR> d-------- e:\documents and settings\Tommy Tommy\Programdata\PC Tools

2008-11-07 07:52 . 2008-08-25 12:36 81,288 --a------ e:\windows\system32\drivers\iksyssec.sys

2008-11-07 07:52 . 2008-08-25 12:36 66,952 --a------ e:\windows\system32\drivers\iksysflt.sys

2008-11-07 07:52 . 2008-08-25 12:36 40,840 --a------ e:\windows\system32\drivers\ikfilesec.sys

2008-11-07 07:52 . 2008-06-02 16:19 29,576 --a------ e:\windows\system32\drivers\kcom.sys

2008-11-07 07:41 . 2008-11-07 07:41 <DIR> d-------- e:\programfiler\OJOsoft

2008-11-07 07:39 . 2008-11-07 07:43 <DIR> d-------- e:\programfiler\XVideoConverter

2008-11-07 07:33 . 2008-11-07 07:33 <DIR> d-------- e:\documents and settings\Tommy Tommy\Programdata\AVS4YOU

2008-11-07 07:33 . 2008-11-07 07:33 <DIR> d-------- e:\documents and settings\All Users\Programdata\AVS4YOU

2008-11-07 07:31 . 2008-11-07 07:43 <DIR> d-------- e:\programfiler\Fellesfiler\AVSMedia

2008-11-07 07:31 . 2008-11-07 07:45 <DIR> d-------- e:\programfiler\AVS4YOU

2008-11-07 07:31 . 2007-10-15 10:35 1,700,352 --a------ e:\windows\system32\GdiPlus.dll

2008-11-07 07:31 . 2007-10-15 10:35 974,848 --a------ e:\windows\system32\mfc70.dll

2008-11-07 07:31 . 2007-10-15 10:35 638,976 --a------ e:\windows\system32\divx.dll

2008-11-07 07:31 . 2007-10-15 10:35 487,424 --a------ e:\windows\system32\msvcp70.dll

2008-11-07 07:31 . 2007-10-15 10:35 344,064 --a------ e:\windows\system32\msvcr70.dll

2008-11-07 07:31 . 2007-10-15 10:35 261,632 --a------ e:\windows\system32\mcdvd_32.dll

2008-11-07 07:31 . 2007-10-15 10:35 221,215 --a------ e:\windows\system32\divxdec.ax

2008-11-07 07:31 . 2007-10-15 10:35 156,910 --a------ e:\windows\WMSysPr8.prx

2008-11-07 07:31 . 2007-10-15 10:35 82,944 --a------ e:\windows\system32\vct3216.acm

2008-11-07 07:31 . 2007-10-15 10:35 81,920 --a------ e:\windows\system32\AC3ACM.acm

2008-11-07 07:31 . 2007-10-15 10:35 38,912 --a------ e:\windows\system32\alf2cd.acm

2008-11-07 07:31 . 2007-10-15 10:35 13,239 --a------ e:\windows\system32\Scg726.acm

2008-11-06 22:53 . 2008-11-06 22:53 <DIR> d-------- e:\programfiler\VersalSoft

2008-11-06 22:53 . 2008-11-06 22:55 <DIR> d-------- E:\Program Files

2008-11-03 20:11 . 2008-10-27 18:37 192,307 --a------ E:\wubildr

2008-11-03 20:11 . 2008-10-27 18:37 8,192 --a------ E:\wubildr.mbr

2008-11-03 20:02 . 2008-11-03 20:02 <DIR> d-------- E:\ubuntu

2008-11-03 19:16 . 2008-11-03 19:17 <DIR> d-------- E:\ubuntu-backup

2008-11-02 01:51 . 2008-11-02 13:07 <DIR> d-------- e:\programfiler\DC++

2008-11-02 00:22 . 2008-11-02 00:22 <DIR> d-------- e:\programfiler\Western Digital Technologies

2008-11-02 00:15 . 2008-11-02 00:15 <DIR> d-------- e:\programfiler\Seagate

2008-11-02 00:14 . 2008-11-02 00:14 <DIR> d-------- e:\programfiler\Fellesfiler\Wise Installation Wizard

2008-11-01 15:43 . 2008-11-14 23:36 45 --a------ e:\windows\system32\initdebug.nfo

2008-11-01 14:32 . 2008-11-07 23:19 <DIR> d-------- e:\programfiler\Samurize

2008-10-31 21:44 . 2008-10-31 21:44 268 --ah----- E:\sqmdata01.sqm

2008-10-31 21:44 . 2008-10-31 21:44 244 --ah----- E:\sqmnoopt01.sqm

2008-10-31 20:57 . 2008-10-31 20:57 <DIR> d-------- e:\programfiler\EA GAMES

2008-10-31 20:14 . 2008-10-31 20:14 268 --ah----- E:\sqmdata00.sqm

2008-10-31 20:14 . 2008-10-31 20:14 244 --ah----- E:\sqmnoopt00.sqm

2008-10-31 19:30 . 2008-10-31 19:30 <DIR> d-------- e:\programfiler\VstPlugins

2008-10-31 19:30 . 2008-10-31 19:30 <DIR> d-------- e:\programfiler\ASIO4ALL v2

2008-10-31 19:30 . 2006-06-20 09:56 225,280 --a------ e:\windows\system32\rewire.dll

2008-10-31 19:29 . 2008-10-31 19:29 <DIR> d-------- e:\programfiler\Outsim

2008-10-31 19:29 . 2002-07-07 23:14 1,294,336 --a------ e:\windows\system32\vorbis.acm

2008-10-31 19:28 . 2008-10-31 19:30 <DIR> d-------- e:\programfiler\Image-Line

2008-10-30 16:31 . 2008-11-01 12:22 <DIR> d-------- e:\programfiler\Valve

2008-10-30 13:38 . 2008-10-30 13:38 <DIR> d-------- e:\documents and settings\All Users\Programdata\ATI

2008-10-30 13:35 . 2008-10-30 15:09 <DIR> d-------- e:\programfiler\ATI

2008-10-30 13:15 . 2008-09-23 21:05 593,920 --------- e:\windows\system32\ati2sgag.exe

2008-10-30 13:04 . 2008-03-10 02:37 3,107,788 -ra------ e:\windows\system32\ativvaxx.dat

2008-10-30 13:04 . 2008-03-10 02:37 3,107,788 -ra------ e:\windows\system32\ativva5x.dat

2008-10-30 13:04 . 2008-03-10 02:37 887,724 -ra------ e:\windows\system32\ativva6x.dat

2008-10-30 13:04 . 2008-09-24 03:18 425,984 --a------ e:\windows\system32\ATIDEMGX.dll

2008-10-30 13:04 . 2008-09-24 02:56 307,200 --a------ e:\windows\system32\atiiiexx.dll

2008-10-30 13:04 . 2008-09-17 20:17 176,918 --a------ e:\windows\system32\atiicdxx.dat

2008-10-30 13:04 . 2007-08-31 14:20 7,167 -ra------ e:\windows\system32\atifglpf.xml

2008-10-30 12:36 . 2008-07-31 15:36 14,696 --a------ e:\windows\atiogl.xml

2008-10-30 12:19 . 2008-10-30 12:57 10 --a------ e:\windows\WININIT.INI

2008-10-30 12:12 . 2008-03-12 22:17 372,736 -ra------ e:\windows\system32\SET6B.tmp

2008-10-28 19:33 . 2008-11-20 18:47 <DIR> d-a------ e:\documents and settings\All Users\Programdata\TEMP

2008-10-27 21:27 . 2008-10-27 21:27 <DIR> dr-h----- e:\documents and settings\Tommy Tommy\Programdata\SecuROM

2008-10-27 21:23 . 2008-10-27 21:27 107,888 --a------ e:\windows\system32\CmdLineExt.dll

2008-10-27 21:19 . 2008-10-28 17:26 682,280 --a------ e:\windows\system32\pbsvc.exe

2008-10-27 21:19 . 2008-10-27 21:19 22,328 --a------ e:\documents and settings\Tommy Tommy\Programdata\PnkBstrK.sys

2008-10-27 21:17 . 2008-10-27 21:17 <DIR> d-------- e:\programfiler\Ubisoft

2008-10-26 19:31 . 2004-08-04 01:03 159,232 --a------ e:\windows\system32\ptpusd.dll

2008-10-26 19:31 . 2004-08-03 22:58 15,104 --a------ e:\windows\system32\drivers\usbscan.sys

2008-10-26 19:31 . 2004-08-03 22:58 15,104 --a--c--- e:\windows\system32\dllcache\usbscan.sys

2008-10-26 19:31 . 2001-10-06 14:02 5,632 --a------ e:\windows\system32\ptpusb.dll

2008-10-26 18:33 . 2008-10-26 18:33 <DIR> d-------- E:\ATI

2008-10-25 23:27 . 2008-10-25 23:27 <DIR> d-------- e:\documents and settings\Tommy Tommy\WINDOWS

2008-10-25 16:44 . 2008-10-25 16:44 <DIR> d-------- e:\programfiler\Browser Mouse

2008-10-25 16:44 . 2000-05-10 06:29 6,205 --a------ e:\windows\system32\LWBHMVXD.VXD

2008-10-25 11:22 . 2008-10-25 11:27 <DIR> d-------- e:\windows\system32\CatRoot_bak

2008-10-24 18:36 . 2008-10-24 18:36 36,103 --a------ e:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat

2008-10-24 18:36 . 2008-10-24 18:36 33,846 --a------ e:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp

2008-10-24 15:52 . 2008-10-24 15:52 <DIR> d-------- e:\programfiler\GoldWave

2008-10-24 15:34 . 2008-10-24 15:34 <DIR> d-------- e:\programfiler\Illustrate

2008-10-24 15:34 . 2008-10-24 18:36 131,072 --a------ e:\windows\system32\SpoonUninstall.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-24 18:14 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\uTorrent

2008-11-24 17:33 --------- d-----w e:\programfiler\Steam

2008-11-19 17:34 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\FrostWire

2008-11-19 15:39 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\dvdcss

2008-11-16 16:44 --------- d-----w e:\programfiler\Clue

2008-11-16 15:18 --------- d-----w e:\programfiler\Fellesfiler\Adobe

2008-11-09 21:01 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\Creative

2008-11-07 16:08 --------- d-----w e:\programfiler\Fellesfiler\Apple

2008-11-07 06:43 --------- d-----w e:\programfiler\AviSynth 2.5

2008-10-31 19:56 --------- d--h--w e:\programfiler\InstallShield Installation Information

2008-10-30 12:34 --------- d-----w e:\programfiler\ATI Technologies

2008-10-26 16:50 --------- d-----w e:\programfiler\SystemRequirementsLab

2008-10-24 18:05 --------- d-----w e:\programfiler\Yahoo!

2008-10-24 17:04 --------- d-----w e:\documents and settings\All Users\Programdata\Apple Computer

2008-10-24 11:10 453,632 ----a-w e:\windows\system32\drivers\mrxsmb.sys

2008-10-22 12:11 --------- d-----w e:\programfiler\Lavalys

2008-10-22 05:50 --------- d-----w e:\documents and settings\All Users\Programdata\Adobe Systems

2008-10-22 05:47 20,016 ------w e:\windows\system32\drivers\pxhelp20.sys

2008-10-21 15:51 --------- d--h--w e:\programfiler\Creative Installation Information

2008-10-21 15:51 --------- d-----w e:\programfiler\Creative

2008-10-21 15:51 --------- d-----w e:\documents and settings\All Users\Programdata\Creative

2008-10-21 15:21 --------- d-----w e:\programfiler\Fellesfiler\Creative

2008-10-21 15:05 --------- d-----w e:\programfiler\Rockstar Games

2008-10-19 17:34 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\Apple Computer

2008-10-19 17:32 --------- d-----w e:\programfiler\QuickTime

2008-10-19 17:32 --------- d-----w e:\programfiler\Bonjour

2008-10-19 17:31 --------- d-----w e:\documents and settings\All Users\Programdata\Apple

2008-10-19 12:04 --------- d-----w e:\programfiler\Fellesfiler\Nero

2008-10-19 12:04 --------- d-----w e:\documents and settings\All Users\Programdata\Nero

2008-10-19 10:38 --------- d-----w e:\programfiler\Microsoft.NET

2008-10-19 10:05 --------- d-----w e:\programfiler\Fellesfiler\Macrovision Shared

2008-10-19 10:00 --------- d-----w e:\programfiler\MagicISO

2008-10-18 21:58 --------- d-----w e:\programfiler\Windows Media Connect 2

2008-10-18 12:46 --------- d-----w e:\programfiler\MSXML 4.0

2008-10-18 10:10 --------- d-----w e:\programfiler\Fellesfiler\Adobe Systems Shared

2008-10-18 09:43 34,308 ----a-w e:\windows\system32\Chip.dll

2008-10-18 09:43 --------- d-----w e:\programfiler\MagicDVDRipper

2008-10-17 21:20 --------- d-----w e:\programfiler\FrostWire

2008-10-17 21:19 --------- d-----w e:\programfiler\Sun

2008-10-17 21:18 --------- d-----w e:\programfiler\Java

2008-10-17 21:11 --------- d-----w e:\programfiler\AskSBar

2008-10-17 21:03 --------- d-----w e:\programfiler\Fellesfiler\Java

2008-10-17 17:37 --------- d-----w e:\programfiler\Fellesfiler\Thraex Software

2008-10-17 16:20 --------- d-----w e:\programfiler\DAEMON Tools Lite

2008-10-17 16:18 --------- d-----w e:\programfiler\DAEMON Tools Toolbar

2008-10-17 16:15 717,296 ----a-w e:\windows\system32\drivers\sptd.sys

2008-10-17 16:15 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\DAEMON Tools

2008-10-17 16:07 --------- d-----w e:\programfiler\Opera

2008-10-17 15:57 218,624 ----a-w e:\windows\system32\uxtheme.dll

2008-10-17 15:38 --------- d-----w e:\documents and settings\All Users\Programdata\LightScribe

2008-10-17 15:37 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\Nero

2008-10-17 15:36 --------- d-----w e:\programfiler\CCleaner

2008-10-17 15:36 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\vlc

2008-10-17 15:35 --------- d-----w e:\programfiler\VideoLAN

2008-10-17 15:35 --------- d-----w e:\programfiler\NeroInstall.bak

2008-10-17 15:34 --------- d-----w e:\programfiler\uTorrent

2008-10-17 15:32 --------- d-----w e:\programfiler\Nero

2008-10-17 14:57 --------- d-----w e:\programfiler\Kaspersky Lab

2008-10-17 14:52 --------- d-----w e:\documents and settings\All Users\Programdata\Kaspersky Lab Setup Files

2008-10-17 14:49 --------- d-----w e:\programfiler\MSN Messenger

2008-10-17 14:39 315,392 ----a-w e:\windows\HideWin.exe

2008-10-17 14:39 --------- d-----w e:\programfiler\Realtek

2008-10-17 14:38 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\ATI

2008-10-17 14:33 --------- d-----w e:\programfiler\AMD

2008-10-17 14:32 --------- d-----w e:\programfiler\Fellesfiler\InstallShield

2008-10-17 14:32 --------- d-----w e:\programfiler\Fellesfiler\ATI Technologies

2008-10-17 14:30 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\InstallShield

2008-10-17 13:37 --------- d-----w e:\programfiler\microsoft frontpage

2008-10-17 13:36 --------- d-----w e:\programfiler\Fellesfiler\Tjenester

2008-10-17 13:36 --------- d-----w e:\programfiler\Elektroniske tjenester

2008-10-16 13:13 202,776 ----a-w e:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w e:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w e:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w e:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w e:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w e:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w e:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w e:\windows\system32\wups.dll

2008-10-02 23:46 81,920 ----a-w e:\windows\system32\frapsvid.dll

2008-09-30 15:43 1,286,152 ----a-w e:\windows\system32\msxml4.dll

2008-09-24 03:09 3,331,072 ----a-w e:\windows\system32\drivers\ati2mtag.sys

2008-09-24 02:17 311,296 ----a-w e:\windows\system32\ati2dvag.dll

2008-09-24 02:09 10,772,480 ----a-w e:\windows\system32\atioglxx.dll

2008-09-24 02:07 188,416 ----a-w e:\windows\system32\atipdlxx.dll

2008-09-24 02:06 43,520 ----a-w e:\windows\system32\ati2edxx.dll

2008-09-24 02:06 26,112 ----a-w e:\windows\system32\Ati2mdxx.exe

2008-09-24 02:06 143,360 ----a-w e:\windows\system32\Oemdspif.dll

2008-09-24 02:06 143,360 ----a-w e:\windows\system32\ati2evxx.dll

2008-09-24 02:04 581,632 ----a-w e:\windows\system32\ati2evxx.exe

2008-09-24 02:03 53,248 ----a-w e:\windows\system32\ATIDDC.DLL

2008-09-24 01:54 4,008,864 ----a-w e:\windows\system32\ati3duag.dll

2008-09-24 01:38 2,399,744 ----a-w e:\windows\system32\ativvaxx.dll

2008-09-24 01:24 48,640 ----a-w e:\windows\system32\amdpcom32.dll

2008-09-24 01:20 380,928 ----a-w e:\windows\system32\atikvmag.dll

2008-09-24 01:19 39,424 ----a-w e:\windows\system32\atiadlxx.dll

2008-09-24 01:18 53,248 ----a-w e:\windows\system32\drivers\ati2erec.dll

2008-09-24 01:18 253,952 ----a-w e:\windows\system32\atiok3x2.dll

2008-09-24 01:18 17,408 ----a-w e:\windows\system32\atitvo32.dll

2008-09-24 01:12 573,440 ----a-w e:\windows\system32\ati2cqag.dll

2008-09-15 15:42 1,846,016 ----a-w e:\windows\system32\win32k.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "e:\programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-10-17 66912]

 

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2008-10-17 22:11 66912 --a------ e:\programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Steam"="e:\programfiler\Steam\Steam.exe" [2008-10-17 1410296]

"MsnMsgr"="e:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"DAEMON Tools Lite"="e:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"CTSyncU.exe"="e:\programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="e:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"QuickTime Task"="e:\programfiler\QuickTime\QTTask.exe" [2008-09-06 413696]

"CTCheck"="e:\programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]

"LWBMOUSE"="e:\programfiler\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [2001-11-20 356352]

"StartCCC"="e:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"ATICustomerCare"="e:\programfiler\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]

"avgnt"="e:\programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Adobe Reader Speed Launcher"="e:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Malwarebytes Anti-Malware (reboot)"="e:\programfiler\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 e:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

e:\documents and settings\Tommy Tommy\Start-meny\Programmer\Oppstart\

Adobe Gamma.lnk - e:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

Client Default.lnk - e:\programfiler\Samurize\Client.exe [2007-04-07 2010624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i420vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"e:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"e:\\Programfiler\\MSN Messenger\\livecall.exe"=

"e:\\Programfiler\\uTorrent\\uTorrent.exe"=

"e:\\Programfiler\\Steam\\steamapps\\nfkurple\\counter-strike source\\hl2.exe"=

"e:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"e:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"e:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"e:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"e:\\Programfiler\\Valve\\hl.exe"=

"e:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=

"e:\\Documents and Settings\\Tommy Tommy\\Mine dokumenter\\Instalasjon filer\\Flatout 2\\installert\\FlatOut2.exe"=

"e:\\Programfiler\\DC++\\DCPlusPlus.exe"=

"e:\\Programfiler\\Steam\\Steam.exe"=

"e:\\Programfiler\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

 

R3 MBAMSwissArmy;MBAMSwissArmy;\??\e:\windows\system32\drivers\mbamswissarmy.sys [2008-11-24 38496]

 

*Newly Created Service* - MBAMSWISSARMY

*Newly Created Service* - PROCEXP90

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - e:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe

HKCU-Run-LightScribe Control Panel - e:\programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe

HKLM-Run-NBKeyScan - e:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - e:\documents and settings\Tommy Tommy\Programdata\Mozilla\Firefox\Profiles\c2t26m88.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - nettavisen.no

FF -: plugin - e:\programfiler\Mozilla Firefox\plugins\np_gp.dll

FF -: plugin - e:\programfiler\Mozilla Firefox\plugins\NPAskSBr.dll

FF -: plugin - e:\programfiler\Opera\program\plugins\np_gp.dll

FF -: plugin - e:\programfiler\Yahoo!\Common\npyaxmpb.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-24 19:16:36

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(732)

e:\windows\system32\Ati2evxx.dll

e:\windows\system32\rsaenh.dll

 

- - - - - - - > 'lsass.exe'(788)

e:\windows\system32\msprivs.dll

e:\windows\system32\rsaenh.dll

.

Completion time: 2008-11-24 19:17:13

ComboFix-quarantined-files.txt 2008-11-24 18:17:03

 

Pre-Run: 109 396 946 944 byte ledig

Post-Run: 109,382,684,672 byte ledig

 

324 --- E O F --- 2008-11-13 11:54:12

 

 

 

 

Bruker

 

 

Gruppe: Medlemmer

Innlegg: 104

Ble medlem: 05/07-2008

Medlem nr.: 165725

 

Advarselsnivå: (0%) -----

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:20:31, on 24.11.08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\Ati2evxx.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\Ati2evxx.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

E:\WINDOWS\Explorer.EXE

E:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

E:\WINDOWS\RTHDCPL.EXE

E:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

E:\Programfiler\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

E:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

E:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Programfiler\Steam\Steam.exe

E:\Programfiler\MSN Messenger\MsnMsgr.Exe

E:\Programfiler\Samurize\Client.exe

E:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

E:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

E:\Programfiler\Bonjour\mDNSResponder.exe

E:\WINDOWS\system32\CTsvcCDA.exe

E:\WINDOWS\system32\svchost.exe

E:\Programfiler\MSN Messenger\usnsvc.exe

E:\WINDOWS\system32\wuauclt.exe

E:\Programfiler\Creative\Video Converter\CtConvU.exe

E:\PROGRA~1\Creative\SHARED~1\OpaQManU.exe

E:\Programfiler\Mozilla Firefox\firefox.exe

E:\WINDOWS\system32\NOTEPAD.EXE

E:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [NBKeyScan] "E:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [CTCheck] E:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

O4 - HKLM\..\Run: [LWBMOUSE] E:\Programfiler\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

O4 - HKLM\..\Run: [startCCC] "E:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "E:\Programfiler\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [avgnt] "E:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "E:\Programfiler\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [LightScribe Control Panel] E:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [CTSyncU.exe] "E:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Client Default.lnk = E:\Programfiler\Samurize\Client.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Programfiler\Yahoo!\Common\yinsthelper.dll

O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - E:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Programfiler\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Programfiler\Spyware Doctor\pctsSvc.exe

 

--

End of file - 7381 bytes

 

 

[raWrz]

kjlr Mbam igjen og krys av alle og klikk fix checked og gi meg ny combofix log etter det

[Svenni212000]

Du kan bruke HijackThis til å fjerne:

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

-og-

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

Du kan deaktivere følgende prosesser fra å starte med Windows:

E:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

E:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

[Alcmtr] ALCMTR.EXE

E:\Programfiler\QuickTime\QTTask.exe -atboottime

E:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

E:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe

E:\Programfiler\Steam\Steam.exe -silent

E:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe

E:\Programfiler\DAEMON Tools Lite\daemon.exe -autorun

E:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe

E:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

Dette vil frigjør systemressurser, slik at du får bedre ytelse til andre oppgaver.

Du kan benytte MSCONFIG kommandoen i "Kjør" feltet, elelr du kan benytte en såkalt Startup Manager som til eksempelvis; StartUp Tuner

 

Kjør en runde til med MBAM. OG denne gangen lukker du nettleserene (Firefox, IE o.l.) før du starter.

Kan også anbefale en SmartScan med a-squared Free

PS: Husk å se etter oppdatering før du starter spyware/virus søk

 

Send så nye logger når dette er gjort.

[B4stian]

Et par innlegg er flyttet hit fra en liknende tråd.