Nokon sjå igjennom HJT logg?

[Fløffy]

Fryktar at det er noko rusk med maskina. Har scanna med AVG, Adaware og Spybot. Her kjem då HJT loggen.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:32:06, on 12.09.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

D:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\WINDOWS\system32\Rundll32.exe

D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe

D:\PROGRA~1\AVG\AVG8\avgtray.exe

D:\Programfiler\LogMeIn\x86\LMIGuardian.exe

D:\WINDOWS\system32\spoolsv.exe

D:\programfiler\powerstrip\pstrip.exe

D:\Programfiler\iTunes\iTunesHelper.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

D:\Programfiler\Steam\Steam.exe

D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe

D:\Programfiler\BitTorrent\bittorrent.exe

D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe

D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

D:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe

D:\Programfiler\Bonjour\mDNSResponder.exe

D:\FAH504-Console.exe

D:\Programfiler\LogMeIn\x86\RaMaint.exe

D:\Programfiler\LogMeIn\x86\LogMeIn.exe

D:\PROGRA~1\AVG\AVG8\avgrsx.exe

D:\Programfiler\LogMeIn\x86\LMIGuardian.exe

D:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\IoctlSvc.exe

D:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

D:\PROGRA~1\AVG\AVG8\avgemc.exe

D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

D:\Programfiler\iPod\bin\iPodService.exe

D:\WINDOWS\System32\svchost.exe

D:\Programfiler\iTunes\iTunes.exe

D:\Programfiler\Windows Live\Messenger\usnsvc.exe

D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\distnoted.exe

D:\Programfiler\LimeWire\LimeWire.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\system32\FahCore_82.exe

D:\Programfiler\Internet Explorer\iexplore.exe

D:\Programfiler\AVG\AVG8\aAvgApi.exe

D:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

D:\Programfiler\Mozilla Firefox\firefox.exe

D:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programfiler\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programfiler\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [CPU Power Monitor] "D:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NBKeyScan] "D:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [PowerStrip] d:\programfiler\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [steam] "D:\Programfiler\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [bitTorrent] "D:\Programfiler\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [EVEREST AutoStart] D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: BlueSoleil.lnk = D:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Programfiler\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programfiler\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - D:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FAH@D:+FAH504-Console.exe - Stanford University - D:\FAH504-Console.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Programfiler\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Programfiler\LogMeIn\x86\LogMeIn.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - D:\WINDOWS\system32\pr2ah4nb.exe

O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - D:\WINDOWS\system32\pr2ah4nc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 11609 bytes

 

 

Takkar for svar

[InsertNumLock]

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

[Fløffy]

Takkar for raskt svar.. noko anna som ikkje burde vere der?

[InsertNumLock]

Ser ok ut fra mitt syn. Noen andre må mer en gjerne rette på meg. Men alt virker å være ok.

Har du brukt nLite for å bygge din egen windows cd?

[r2d290]

Merker du noen problemer med maskina? Hvis du gjør, gjør du følgende:

 

Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet.

 

Kjør fila og installer programmet. Velg Norsk språkdrakt.

[*]Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig.

La programmet oppdatere seg og velg Utfør hurtig systemskann.

 

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

 

Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet.

 

Notis:

Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål.

Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen.

Hvis du blir spurt om å restarte maskinen, gjør du det med en gang.

 

Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies

 

 

 

Last ned Combofix (av sUBs), og legg det på Skrivebordet.

 

Kjør combofix.exe, og følg veiledningen. Du får et spørsmål om at "Roughly 1/100 machines failed to make it through the disinfection process!! Are you sure you want to do this??" - Svar Yes

Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser.

 

Post loggfilen fra Combofix (c:\combofix.txt) sammen med mbam-loggen

[Fløffy]

Ny logg frå HJT. Skal kjøyre combofix og MBAM seinare i kveld.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:34:35, on 24.09.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

D:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\WINDOWS\system32\Rundll32.exe

D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Programfiler\LogMeIn\x86\LMIGuardian.exe

D:\PROGRA~1\AVG\AVG8\avgtray.exe

D:\programfiler\powerstrip\pstrip.exe

D:\Programfiler\iTunes\iTunesHelper.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe

D:\Programfiler\BitTorrent\bittorrent.exe

D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

D:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe

D:\Programfiler\Bonjour\mDNSResponder.exe

D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe

D:\FAH504-Console.exe

D:\Programfiler\LogMeIn\x86\RaMaint.exe

D:\PROGRA~1\AVG\AVG8\avgrsx.exe

D:\Programfiler\LogMeIn\x86\LogMeIn.exe

D:\Programfiler\LogMeIn\x86\LMIGuardian.exe

D:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\IoctlSvc.exe

D:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

D:\PROGRA~1\AVG\AVG8\avgemc.exe

D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

D:\Programfiler\iPod\bin\iPodService.exe

D:\WINDOWS\System32\svchost.exe

D:\Programfiler\Windows Live\Messenger\usnsvc.exe

D:\Programfiler\iTunes\iTunes.exe

D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\distnoted.exe

D:\Programfiler\Mozilla Firefox\firefox.exe

D:\WINDOWS\system32\FahCore_82.exe

D:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programfiler\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programfiler\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [CPU Power Monitor] "D:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NBKeyScan] "D:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [PowerStrip] d:\programfiler\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [steam] "D:\Programfiler\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [bitTorrent] "D:\Programfiler\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [EVEREST AutoStart] D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: BlueSoleil.lnk = D:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Programfiler\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programfiler\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - D:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FAH@D:+FAH504-Console.exe - Stanford University - D:\FAH504-Console.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Programfiler\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Programfiler\LogMeIn\x86\LogMeIn.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - D:\WINDOWS\system32\pr2ah4nb.exe

O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - D:\WINDOWS\system32\pr2ah4nc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 11216 bytes

[Fløffy]

Logg frå combofix:

 

ComboFix 08-09-22.06 - Brukar 2008-09-24 18:45:49.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1454 [GMT 2:00]

Running from: D:\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))

.

 

2008-09-24 18:44 . 2008-09-24 18:44 2,856,103 -ra------ D:\ComboFix.exe

2008-09-23 21:36 . 2008-09-24 18:33 <DIR> dr-h----- D:\Documents and Settings\Brukar\Siste

2008-09-16 17:43 . 2008-09-16 17:44 1,316,436 --a------ D:\My_Account_Back_up_03_Aug._RA3_Chaitanya_WF.rar

2008-09-16 17:39 . 2008-09-16 17:39 458,451 --a------ D:\setup.zip

2008-09-16 14:13 . 2008-09-16 14:13 2,334,720 --a------ D:\WINDOWS\system32\FahCore_79.exe

2008-09-16 07:13 . 2008-09-16 07:13 <DIR> d-------- D:\Documents and Settings\Brukar\Programdata\Yahoo!

2008-09-15 22:46 . 2008-09-15 22:46 <DIR> d-------- D:\Programfiler\Recuva

2008-09-15 22:43 . 2008-09-15 22:43 2,304,392 --a------ D:\rcsetup118.exe

2008-09-14 22:13 . 2008-09-14 22:13 709,704 --a------ D:\jmt-MiniBF1942(2).rar

2008-09-14 12:27 . 2008-09-14 12:27 654,488 --a------ D:\rld-euts.7z

2008-09-14 12:24 . 2008-09-14 12:24 <DIR> d-------- D:\WINDOWS\Logs

2008-09-14 12:22 . 2008-09-14 12:22 <DIR> d-------- D:\Programfiler\Euro Truck Simulator

2008-09-14 01:17 . 2008-09-14 01:17 2,396,160 --a------ D:\WINDOWS\system32\FahCore_81.exe

2008-09-07 20:24 . 2008-09-07 20:24 1,683,456 --a------ D:\WINDOWS\system32\FahCore_82.exe

2008-09-06 22:45 . 2008-09-06 22:46 2,928,600 --a------ D:\ccsetup211.exe

2008-09-02 18:18 . 2008-09-03 16:55 <DIR> d-------- D:\Programfiler\EAGLE-5.2.0

2008-09-02 18:18 . 2008-09-02 18:18 <DIR> d-------- D:\Documents and Settings\Brukar\Programdata\CadSoft

2008-09-02 18:16 . 2008-09-02 18:17 25,620,480 --a------ D:\eagle-win-5.2.0.exe

2008-08-31 20:20 . 2008-08-31 20:20 <DIR> d-------- D:\Programfiler\Microsoft Works

2008-08-31 20:18 . 2008-09-10 08:03 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-08-31 20:17 . 2008-08-31 20:17 <DIR> dr-h----- D:\MSOCache

2008-08-29 23:39 . 2008-08-29 23:44 12,461,509 --a------ D:\MoFunZone.com--need_for_speed_underground_2_unlocker.zip

2008-08-25 22:50 . 2008-08-25 22:50 <DIR> d-------- D:\Programfiler\Apple Software Update

2008-08-25 22:49 . 2008-08-25 22:49 <DIR> d-------- D:\Programfiler\iPod

2008-08-25 16:18 . 2008-08-25 16:18 531,168 --a------ D:\CROCCLIP.EXE

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-24 16:46 --------- d-----w D:\Documents and Settings\Brukar\Programdata\BitTorrent

2008-09-24 14:37 --------- d-----w D:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-09-24 14:09 --------- d-----w D:\Programfiler\LogMeIn

2008-09-22 18:47 --------- d-----w D:\Programfiler\Steam

2008-09-17 19:00 --------- d-----w D:\Programfiler\World of Warcraft Trial

2008-09-16 15:35 107,888 ----a-w D:\WINDOWS\system32\CmdLineExt.dll

2008-09-16 05:13 --------- d-----w D:\Documents and Settings\All Users\Programdata\Yahoo! Companion

2008-09-16 05:04 --------- d-----w D:\Programfiler\EA GAMES

2008-09-15 12:03 --------- d-----w D:\Programfiler\BitTorrent

2008-09-14 14:52 --------- d---a-w D:\Documents and Settings\All Users\Programdata\TEMP

2008-09-13 18:08 --------- d--h--w D:\Programfiler\InstallShield Installation Information

2008-09-12 07:14 --------- d-----w D:\Documents and Settings\All Users\Programdata\avg8

2008-09-11 19:18 --------- d-----w D:\Documents and Settings\Brukar\Programdata\LimeWire

2008-09-07 14:26 --------- d-----w D:\Documents and Settings\All Users\Programdata\Autodesk

2008-09-03 19:16 --------- d-----w D:\Documents and Settings\Brukar\Programdata\AVGTOOLBAR

2008-08-31 18:35 --------- d-----w D:\Documents and Settings\Brukar\Programdata\DNA

2008-08-30 15:28 --------- d-----w D:\Programfiler\DNA

2008-08-27 11:33 --------- d-----w D:\Programfiler\Spybot - Search & Destroy

2008-08-25 20:49 --------- d-----w D:\Programfiler\iTunes

2008-08-17 14:00 --------- d-----w D:\Programfiler\Fellesfiler\DirectX

2008-08-11 13:42 109,566,160 ----a-w D:\adm-prg-2008-aug.zip

2008-08-10 22:10 --------- d-----w D:\Documents and Settings\Brukar\Programdata\Atari

2008-08-10 22:06 --------- d-----w D:\Documents and Settings\Brukar\Programdata\Leadertech

2008-08-09 18:49 --------- d-----w D:\Documents and Settings\Brukar\Programdata\mIRC

2008-08-09 18:39 --------- d-----w D:\Programfiler\mIRC

2008-08-09 18:38 1,750,952 ----a-w D:\mirc634.exe

2008-08-03 17:36 --------- d-----w D:\Programfiler\Windows Media Connect 2

2008-08-03 17:33 25,755,448 ----a-w D:\wmp11-windowsxp-x86-enu.exe

2008-08-03 14:19 --------- d-----w D:\Programfiler\Yahoo!

2008-08-03 14:18 2,922,072 ----a-w D:\ccsetup210.exe

2008-07-24 19:38 --------- d-----w D:\Programfiler\Sun

2008-07-24 19:38 --------- d-----w D:\Programfiler\Java

2008-07-18 20:10 94,920 ----a-w D:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w D:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w D:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w D:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w D:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w D:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w D:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w D:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 ----a-w D:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w D:\WINDOWS\system32\muweb.dll

2008-07-15 18:41 7,730,856 ----a-w D:\Google_Earth_CZXV.exe

2008-07-12 13:52 17,548,537 ----a-w D:\skyterampa.zip

2008-07-12 12:25 63,489,320 ----a-w D:\iTunesSetup(2).exe

2008-07-09 20:01 121,876 ----a-w D:\carbontrain13m-ch.zip

2008-07-09 20:01 121,876 ----a-w D:\carbontrain13m-ch(2).zip

2008-07-07 20:29 253,952 ----a-w D:\WINDOWS\system32\es.dll

2008-06-28 19:13 2,919,360 ----a-w D:\ccsetup209.exe

2008-06-25 19:26 1,060,256 ----a-w D:\FahMon-2.3.2b-Installer.exe

2008-06-25 19:23 253,952 ----a-w D:\FAH504-Console.exe

2008-06-24 16:46 74,240 ----a-w D:\WINDOWS\system32\mscms.dll

2008-06-24 16:12 295,936 ------w D:\WINDOWS\system32\wmpeffects.dll

2006-06-23 06:48 32,768 ----a-r D:\WINDOWS\inf\UpdateUSB.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"SpybotSD TeaTimer"="D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

"Steam"="D:\Programfiler\Steam\Steam.exe" [2008-04-06 1271032]

"DAEMON Tools Lite"="D:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

"AlcoholAutomount"="D:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"BitTorrent"="D:\Programfiler\BitTorrent\bittorrent.exe" [2008-03-25 587568]

"EVEREST AutoStart"="D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe" [2008-01-17 2057312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Ai Nap"="D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]

"CPU Power Monitor"="D:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]

"Cpu Level Up help"="D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]

"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-10-25 8527872]

"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 81920]

"SunJavaUpdateSched"="D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"LogMeIn GUI"="D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]

"Adobe Reader Speed Launcher"="D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"NBKeyScan"="D:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"NeroFilterCheck"="D:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]

"HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]

"AVG8_TRAY"="D:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-01-05 1177368]

"PowerStrip"="d:\programfiler\powerstrip\pstrip.exe" [2008-05-02 726776]

"AppleSyncNotifier"="D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]

"QuickTime Task"="D:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 413696]

"iTunesHelper"="D:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"nwiz"="nwiz.exe" [2007-10-25 D:\WINDOWS\system32\nwiz.exe]

"P17Helper"="P17.dll" [2005-05-03 D:\WINDOWS\system32\P17.dll]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

 

D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BlueSoleil.lnk - D:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 1200128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-05-28 12:32 87352 D:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.3iv2"= 3ivxVfWCodec.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

--a------ 2008-03-25 01:25 587568 D:\Programfiler\BitTorrent\bittorrent.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Programfiler\\DNA\\btdna.exe"=

"D:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"D:\\Programfiler\\LimeWire\\LimeWire.exe"=

"D:\\Programfiler\\Steam\\steamapps\\flatane\\condition zero\\hl.exe"=

"D:\\Programfiler\\Sierra Entertainment\\World in Conflict\\wic.exe"=

"D:\\Programfiler\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=

"D:\\Programfiler\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=

"D:\\Programfiler\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"D:\\Programfiler\\Codemasters\\DiRT\\DiRT.exe"=

"D:\\Programfiler\\DC++\\DCPlusPlus.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"D:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"D:\\Programfiler\\Fellesfiler\\Nero\\Nero Web\\SetupX.exe"=

"D:\\Programfiler\\Steam\\steamapps\\danielstolen\\condition zero\\hl.exe"=

"D:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"D:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"D:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"D:\\Programfiler\\Steam\\steamapps\\flatane\\counter-strike\\hl.exe"=

"D:\\Programfiler\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=

"D:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"D:\\Programfiler\\mIRC\\mirc.exe"=

"D:\\Programfiler\\iTunes\\iTunes.exe"=

"D:\\Programfiler\\EA GAMES\\Battlefield 1942\\BF1942_w32ded.exe"=

 

R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);D:\WINDOWS\system32\drivers\pe3ah4nb.sys [2007-06-11 64880]

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);D:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]

R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);D:\WINDOWS\system32\drivers\ps6ah4nb.sys [2007-06-11 55160]

R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);D:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]

R1 AvgLdx86;AVG AVI Loader Driver x86;D:\WINDOWS\system32\Drivers\avgldx86.sys [2008-01-05 96520]

R2 avg8emc;AVG8 E-mail Scanner;D:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-01-05 902424]

R2 avg8wd;AVG8 WatchDog;D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-01-05 282904]

R2 AvgTdiX;AVG8 Network Redirector;D:\WINDOWS\system32\Drivers\avgtdix.sys [2008-01-05 75272]

R2 FAH@D:+FAH504-Console.exe;FAH@D:+FAH504-Console.exe;D:\FAH504-Console.exe [2008-06-25 253952]

R2 LMIInfo;LogMeIn Kernel Information Provider;D:\Programfiler\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;D:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]

R2 PStrip;PStrip;D:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 27992]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt [2007-12-14 22640]

S2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [ ]

S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);D:\WINDOWS\system32\pr2ah4nb.exe svc [ ]

S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);D:\WINDOWS\system32\pr2ah4nc.exe svc [ ]

S3 cpuz129;cpuz129;D:\DOCUME~1\Brukar\LOKALE~1\Temp\cpuz_x32.sys [ ]

S3 cxbu0wdm;CardMan 3x21;D:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792]

 

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

 

HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - D:\Documents and Settings\Brukar\Programdata\Mozilla\Firefox\Profiles\165codnq.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://nn-NO.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nn-NO:official

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-24 18:48:19

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

"ImagePath"="\??\D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@D:+FAH504-Console.exe]

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt"

.

Completion time: 2008-09-24 18:49:05

ComboFix-quarantined-files.txt 2008-09-24 16:49:02

 

Pre-Run: 19 085 881 344 byte ledig

Post-Run: 19,072,946,176 byte ledig

 

213 --- E O F --- 2008-09-16 01:00:29

[Fløffy]

logg frå MBAM, kanskje litt unødvendigt sidan den fann ingen filer med virus.

men her kjem den.

 

Malwarebytes' Anti-Malware 1.28

Database versjon: 1202

Windows 5.1.2600 Service Pack 3

 

24.09.2008 19:56:50

mbam-log-2008-09-24 (19-56-50).txt

 

Skanntype: Full Skann (C:\|D:\|)

Objekter skannet: 185780

Tid tilbakelagt: 1 hour(s), 3 minute(s), 14 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

[norbat]

Ser ikke noe rusk i de loggene. Var det bare en sjekk eller har du mistanke om noe?

[Fløffy]

Har ein liten mistanke. Maskina har ein tendens til å svara treigt av og til og det hender at firefox stoppar heilt opp eit sekund eller to før den forsett der den slapp. Anar ikkje kva det kjem av.