Fløffy Skrevet 12. september 2008 Del Skrevet 12. september 2008 Fryktar at det er noko rusk med maskina. Har scanna med AVG, Adaware og Spybot. Her kjem då HJT loggen. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:32:06, on 12.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe D:\WINDOWS\Explorer.EXE D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe D:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\system32\Rundll32.exe D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe D:\PROGRA~1\AVG\AVG8\avgtray.exe D:\Programfiler\LogMeIn\x86\LMIGuardian.exe D:\WINDOWS\system32\spoolsv.exe D:\programfiler\powerstrip\pstrip.exe D:\Programfiler\iTunes\iTunesHelper.exe D:\WINDOWS\system32\ctfmon.exe D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe D:\Programfiler\Steam\Steam.exe D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe D:\Programfiler\BitTorrent\bittorrent.exe D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe D:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe D:\Programfiler\Bonjour\mDNSResponder.exe D:\FAH504-Console.exe D:\Programfiler\LogMeIn\x86\RaMaint.exe D:\Programfiler\LogMeIn\x86\LogMeIn.exe D:\PROGRA~1\AVG\AVG8\avgrsx.exe D:\Programfiler\LogMeIn\x86\LMIGuardian.exe D:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\IoctlSvc.exe D:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe D:\PROGRA~1\AVG\AVG8\avgemc.exe D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe D:\Programfiler\iPod\bin\iPodService.exe D:\WINDOWS\System32\svchost.exe D:\Programfiler\iTunes\iTunes.exe D:\Programfiler\Windows Live\Messenger\usnsvc.exe D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\distnoted.exe D:\Programfiler\LimeWire\LimeWire.exe D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\system32\FahCore_82.exe D:\Programfiler\Internet Explorer\iexplore.exe D:\Programfiler\AVG\AVG8\aAvgApi.exe D:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\Programfiler\Mozilla Firefox\firefox.exe D:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programfiler\AVG\AVG8\avgtoolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programfiler\AVG\AVG8\avgtoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [CPU Power Monitor] "D:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" O4 - HKLM\..\Run: [Cpu Level Up help] D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBKeyScan] "D:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PowerStrip] d:\programfiler\powerstrip\pstrip.exe O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [steam] "D:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [bitTorrent] "D:\Programfiler\BitTorrent\bittorrent.exe" O4 - HKCU\..\Run: [EVEREST AutoStart] D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = D:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Programfiler\Yahoo!\Common\yinsthelper.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - D:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FAH@D:+FAH504-Console.exe - Stanford University - D:\FAH504-Console.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Programfiler\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Programfiler\LogMeIn\x86\LogMeIn.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - D:\WINDOWS\system32\pr2ah4nb.exe O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - D:\WINDOWS\system32\pr2ah4nc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 11609 bytes Takkar for svar Lenke til kommentar
InsertNumLock Skrevet 12. september 2008 Del Skrevet 12. september 2008 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Lenke til kommentar
Fløffy Skrevet 12. september 2008 Forfatter Del Skrevet 12. september 2008 Takkar for raskt svar.. noko anna som ikkje burde vere der? Lenke til kommentar
InsertNumLock Skrevet 12. september 2008 Del Skrevet 12. september 2008 Ser ok ut fra mitt syn. Noen andre må mer en gjerne rette på meg. Men alt virker å være ok. Har du brukt nLite for å bygge din egen windows cd? Lenke til kommentar
r2d290 Skrevet 12. september 2008 Del Skrevet 12. september 2008 Merker du noen problemer med maskina? Hvis du gjør, gjør du følgende: Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt. [*]Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig. La programmet oppdatere seg og velg Utfør hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Notis: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål. Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen. Hvis du blir spurt om å restarte maskinen, gjør du det med en gang. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies Last ned Combofix (av sUBs), og legg det på Skrivebordet. Kjør combofix.exe, og følg veiledningen. Du får et spørsmål om at "Roughly 1/100 machines failed to make it through the disinfection process!! Are you sure you want to do this??" - Svar Yes Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser. Post loggfilen fra Combofix (c:\combofix.txt) sammen med mbam-loggen Lenke til kommentar
Fløffy Skrevet 24. september 2008 Forfatter Del Skrevet 24. september 2008 Ny logg frå HJT. Skal kjøyre combofix og MBAM seinare i kveld. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:34:35, on 24.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe D:\WINDOWS\Explorer.EXE D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe D:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\system32\Rundll32.exe D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe D:\WINDOWS\system32\spoolsv.exe D:\Programfiler\LogMeIn\x86\LMIGuardian.exe D:\PROGRA~1\AVG\AVG8\avgtray.exe D:\programfiler\powerstrip\pstrip.exe D:\Programfiler\iTunes\iTunesHelper.exe D:\WINDOWS\system32\ctfmon.exe D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe D:\Programfiler\BitTorrent\bittorrent.exe D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe D:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe D:\Programfiler\Bonjour\mDNSResponder.exe D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe D:\FAH504-Console.exe D:\Programfiler\LogMeIn\x86\RaMaint.exe D:\PROGRA~1\AVG\AVG8\avgrsx.exe D:\Programfiler\LogMeIn\x86\LogMeIn.exe D:\Programfiler\LogMeIn\x86\LMIGuardian.exe D:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\IoctlSvc.exe D:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe D:\PROGRA~1\AVG\AVG8\avgemc.exe D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe D:\Programfiler\iPod\bin\iPodService.exe D:\WINDOWS\System32\svchost.exe D:\Programfiler\Windows Live\Messenger\usnsvc.exe D:\Programfiler\iTunes\iTunes.exe D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\distnoted.exe D:\Programfiler\Mozilla Firefox\firefox.exe D:\WINDOWS\system32\FahCore_82.exe D:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programfiler\AVG\AVG8\avgtoolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programfiler\AVG\AVG8\avgtoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programfiler\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [CPU Power Monitor] "D:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" O4 - HKLM\..\Run: [Cpu Level Up help] D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBKeyScan] "D:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PowerStrip] d:\programfiler\powerstrip\pstrip.exe O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [steam] "D:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [bitTorrent] "D:\Programfiler\BitTorrent\bittorrent.exe" O4 - HKCU\..\Run: [EVEREST AutoStart] D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = D:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Programfiler\Yahoo!\Common\yinsthelper.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - D:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FAH@D:+FAH504-Console.exe - Stanford University - D:\FAH504-Console.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Programfiler\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Programfiler\LogMeIn\x86\LogMeIn.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - D:\WINDOWS\system32\pr2ah4nb.exe O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - D:\WINDOWS\system32\pr2ah4nc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 11216 bytes Lenke til kommentar
Fløffy Skrevet 24. september 2008 Forfatter Del Skrevet 24. september 2008 Logg frå combofix: ComboFix 08-09-22.06 - Brukar 2008-09-24 18:45:49.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1454 [GMT 2:00] Running from: D:\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 ))))))))))))))))))))))))))))))) . 2008-09-24 18:44 . 2008-09-24 18:44 2,856,103 -ra------ D:\ComboFix.exe 2008-09-23 21:36 . 2008-09-24 18:33 <DIR> dr-h----- D:\Documents and Settings\Brukar\Siste 2008-09-16 17:43 . 2008-09-16 17:44 1,316,436 --a------ D:\My_Account_Back_up_03_Aug._RA3_Chaitanya_WF.rar 2008-09-16 17:39 . 2008-09-16 17:39 458,451 --a------ D:\setup.zip 2008-09-16 14:13 . 2008-09-16 14:13 2,334,720 --a------ D:\WINDOWS\system32\FahCore_79.exe 2008-09-16 07:13 . 2008-09-16 07:13 <DIR> d-------- D:\Documents and Settings\Brukar\Programdata\Yahoo! 2008-09-15 22:46 . 2008-09-15 22:46 <DIR> d-------- D:\Programfiler\Recuva 2008-09-15 22:43 . 2008-09-15 22:43 2,304,392 --a------ D:\rcsetup118.exe 2008-09-14 22:13 . 2008-09-14 22:13 709,704 --a------ D:\jmt-MiniBF1942(2).rar 2008-09-14 12:27 . 2008-09-14 12:27 654,488 --a------ D:\rld-euts.7z 2008-09-14 12:24 . 2008-09-14 12:24 <DIR> d-------- D:\WINDOWS\Logs 2008-09-14 12:22 . 2008-09-14 12:22 <DIR> d-------- D:\Programfiler\Euro Truck Simulator 2008-09-14 01:17 . 2008-09-14 01:17 2,396,160 --a------ D:\WINDOWS\system32\FahCore_81.exe 2008-09-07 20:24 . 2008-09-07 20:24 1,683,456 --a------ D:\WINDOWS\system32\FahCore_82.exe 2008-09-06 22:45 . 2008-09-06 22:46 2,928,600 --a------ D:\ccsetup211.exe 2008-09-02 18:18 . 2008-09-03 16:55 <DIR> d-------- D:\Programfiler\EAGLE-5.2.0 2008-09-02 18:18 . 2008-09-02 18:18 <DIR> d-------- D:\Documents and Settings\Brukar\Programdata\CadSoft 2008-09-02 18:16 . 2008-09-02 18:17 25,620,480 --a------ D:\eagle-win-5.2.0.exe 2008-08-31 20:20 . 2008-08-31 20:20 <DIR> d-------- D:\Programfiler\Microsoft Works 2008-08-31 20:18 . 2008-09-10 08:03 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-08-31 20:17 . 2008-08-31 20:17 <DIR> dr-h----- D:\MSOCache 2008-08-29 23:39 . 2008-08-29 23:44 12,461,509 --a------ D:\MoFunZone.com--need_for_speed_underground_2_unlocker.zip 2008-08-25 22:50 . 2008-08-25 22:50 <DIR> d-------- D:\Programfiler\Apple Software Update 2008-08-25 22:49 . 2008-08-25 22:49 <DIR> d-------- D:\Programfiler\iPod 2008-08-25 16:18 . 2008-08-25 16:18 531,168 --a------ D:\CROCCLIP.EXE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-24 16:46 --------- d-----w D:\Documents and Settings\Brukar\Programdata\BitTorrent 2008-09-24 14:37 --------- d-----w D:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-09-24 14:09 --------- d-----w D:\Programfiler\LogMeIn 2008-09-22 18:47 --------- d-----w D:\Programfiler\Steam 2008-09-17 19:00 --------- d-----w D:\Programfiler\World of Warcraft Trial 2008-09-16 15:35 107,888 ----a-w D:\WINDOWS\system32\CmdLineExt.dll 2008-09-16 05:13 --------- d-----w D:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-09-16 05:04 --------- d-----w D:\Programfiler\EA GAMES 2008-09-15 12:03 --------- d-----w D:\Programfiler\BitTorrent 2008-09-14 14:52 --------- d---a-w D:\Documents and Settings\All Users\Programdata\TEMP 2008-09-13 18:08 --------- d--h--w D:\Programfiler\InstallShield Installation Information 2008-09-12 07:14 --------- d-----w D:\Documents and Settings\All Users\Programdata\avg8 2008-09-11 19:18 --------- d-----w D:\Documents and Settings\Brukar\Programdata\LimeWire 2008-09-07 14:26 --------- d-----w D:\Documents and Settings\All Users\Programdata\Autodesk 2008-09-03 19:16 --------- d-----w D:\Documents and Settings\Brukar\Programdata\AVGTOOLBAR 2008-08-31 18:35 --------- d-----w D:\Documents and Settings\Brukar\Programdata\DNA 2008-08-30 15:28 --------- d-----w D:\Programfiler\DNA 2008-08-27 11:33 --------- d-----w D:\Programfiler\Spybot - Search & Destroy 2008-08-25 20:49 --------- d-----w D:\Programfiler\iTunes 2008-08-17 14:00 --------- d-----w D:\Programfiler\Fellesfiler\DirectX 2008-08-11 13:42 109,566,160 ----a-w D:\adm-prg-2008-aug.zip 2008-08-10 22:10 --------- d-----w D:\Documents and Settings\Brukar\Programdata\Atari 2008-08-10 22:06 --------- d-----w D:\Documents and Settings\Brukar\Programdata\Leadertech 2008-08-09 18:49 --------- d-----w D:\Documents and Settings\Brukar\Programdata\mIRC 2008-08-09 18:39 --------- d-----w D:\Programfiler\mIRC 2008-08-09 18:38 1,750,952 ----a-w D:\mirc634.exe 2008-08-03 17:36 --------- d-----w D:\Programfiler\Windows Media Connect 2 2008-08-03 17:33 25,755,448 ----a-w D:\wmp11-windowsxp-x86-enu.exe 2008-08-03 14:19 --------- d-----w D:\Programfiler\Yahoo! 2008-08-03 14:18 2,922,072 ----a-w D:\ccsetup210.exe 2008-07-24 19:38 --------- d-----w D:\Programfiler\Sun 2008-07-24 19:38 --------- d-----w D:\Programfiler\Java 2008-07-18 20:10 94,920 ----a-w D:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w D:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w D:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w D:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w D:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w D:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w D:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w D:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w D:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w D:\WINDOWS\system32\muweb.dll 2008-07-15 18:41 7,730,856 ----a-w D:\Google_Earth_CZXV.exe 2008-07-12 13:52 17,548,537 ----a-w D:\skyterampa.zip 2008-07-12 12:25 63,489,320 ----a-w D:\iTunesSetup(2).exe 2008-07-09 20:01 121,876 ----a-w D:\carbontrain13m-ch.zip 2008-07-09 20:01 121,876 ----a-w D:\carbontrain13m-ch(2).zip 2008-07-07 20:29 253,952 ----a-w D:\WINDOWS\system32\es.dll 2008-06-28 19:13 2,919,360 ----a-w D:\ccsetup209.exe 2008-06-25 19:26 1,060,256 ----a-w D:\FahMon-2.3.2b-Installer.exe 2008-06-25 19:23 253,952 ----a-w D:\FAH504-Console.exe 2008-06-24 16:46 74,240 ----a-w D:\WINDOWS\system32\mscms.dll 2008-06-24 16:12 295,936 ------w D:\WINDOWS\system32\wmpeffects.dll 2006-06-23 06:48 32,768 ----a-r D:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "SpybotSD TeaTimer"="D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272] "Steam"="D:\Programfiler\Steam\Steam.exe" [2008-04-06 1271032] "DAEMON Tools Lite"="D:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "AlcoholAutomount"="D:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "BitTorrent"="D:\Programfiler\BitTorrent\bittorrent.exe" [2008-03-25 587568] "EVEREST AutoStart"="D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe" [2008-01-17 2057312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ai Nap"="D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432] "CPU Power Monitor"="D:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688] "Cpu Level Up help"="D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640] "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-10-25 8527872] "NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 81920] "SunJavaUpdateSched"="D:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "LogMeIn GUI"="D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048] "Adobe Reader Speed Launcher"="D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NBKeyScan"="D:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "NeroFilterCheck"="D:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416] "AVG8_TRAY"="D:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-01-05 1177368] "PowerStrip"="d:\programfiler\powerstrip\pstrip.exe" [2008-05-02 726776] "AppleSyncNotifier"="D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "QuickTime Task"="D:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="D:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-30 289064] "nwiz"="nwiz.exe" [2007-10-25 D:\WINDOWS\system32\nwiz.exe] "P17Helper"="P17.dll" [2005-05-03 D:\WINDOWS\system32\P17.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BlueSoleil.lnk - D:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 1200128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 D:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] --a------ 2008-03-25 01:25 587568 D:\Programfiler\BitTorrent\bittorrent.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Programfiler\\DNA\\btdna.exe"= "D:\\Programfiler\\BitTorrent\\bittorrent.exe"= "D:\\Programfiler\\LimeWire\\LimeWire.exe"= "D:\\Programfiler\\Steam\\steamapps\\flatane\\condition zero\\hl.exe"= "D:\\Programfiler\\Sierra Entertainment\\World in Conflict\\wic.exe"= "D:\\Programfiler\\Sierra Entertainment\\World in Conflict\\wic_online.exe"= "D:\\Programfiler\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"= "D:\\Programfiler\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "D:\\Programfiler\\Codemasters\\DiRT\\DiRT.exe"= "D:\\Programfiler\\DC++\\DCPlusPlus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "D:\\Programfiler\\Fellesfiler\\Nero\\Nero Web\\SetupX.exe"= "D:\\Programfiler\\Steam\\steamapps\\danielstolen\\condition zero\\hl.exe"= "D:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "D:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "D:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "D:\\Programfiler\\Steam\\steamapps\\flatane\\counter-strike\\hl.exe"= "D:\\Programfiler\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"= "D:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "D:\\Programfiler\\mIRC\\mirc.exe"= "D:\\Programfiler\\iTunes\\iTunes.exe"= "D:\\Programfiler\\EA GAMES\\Battlefield 1942\\BF1942_w32ded.exe"= R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);D:\WINDOWS\system32\drivers\pe3ah4nb.sys [2007-06-11 64880] R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);D:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 64880] R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);D:\WINDOWS\system32\drivers\ps6ah4nb.sys [2007-06-11 55160] R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);D:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 55160] R1 AvgLdx86;AVG AVI Loader Driver x86;D:\WINDOWS\system32\Drivers\avgldx86.sys [2008-01-05 96520] R2 avg8emc;AVG8 E-mail Scanner;D:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-01-05 902424] R2 avg8wd;AVG8 WatchDog;D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-01-05 282904] R2 AvgTdiX;AVG8 Network Redirector;D:\WINDOWS\system32\Drivers\avgtdix.sys [2008-01-05 75272] R2 FAH@D:+FAH504-Console.exe;FAH@D:+FAH504-Console.exe;D:\FAH504-Console.exe [2008-06-25 253952] R2 LMIInfo;LogMeIn Kernel Information Provider;D:\Programfiler\LogMeIn\x86\RaInfo.sys [2008-02-28 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;D:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848] R2 PStrip;PStrip;D:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 27992] R3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt [2007-12-14 22640] S2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [ ] S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);D:\WINDOWS\system32\pr2ah4nb.exe svc [ ] S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);D:\WINDOWS\system32\pr2ah4nc.exe svc [ ] S3 cpuz129;cpuz129;D:\DOCUME~1\Brukar\LOKALE~1\Temp\cpuz_x32.sys [ ] S3 cxbu0wdm;CardMan 3x21;D:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll . ------- Supplementary Scan ------- . FireFox -: Profile - D:\Documents and Settings\Brukar\Programdata\Mozilla\Firefox\Profiles\165codnq.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://nn-NO.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nn-NO:official . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-24 18:48:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** "ImagePath"="\??\D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@D:+FAH504-Console.exe] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver] "ImagePath"="\??\D:\Programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt" . Completion time: 2008-09-24 18:49:05 ComboFix-quarantined-files.txt 2008-09-24 16:49:02 Pre-Run: 19 085 881 344 byte ledig Post-Run: 19,072,946,176 byte ledig 213 --- E O F --- 2008-09-16 01:00:29 Lenke til kommentar
Fløffy Skrevet 24. september 2008 Forfatter Del Skrevet 24. september 2008 logg frå MBAM, kanskje litt unødvendigt sidan den fann ingen filer med virus. men her kjem den. Malwarebytes' Anti-Malware 1.28 Database versjon: 1202 Windows 5.1.2600 Service Pack 3 24.09.2008 19:56:50 mbam-log-2008-09-24 (19-56-50).txt Skanntype: Full Skann (C:\|D:\|) Objekter skannet: 185780 Tid tilbakelagt: 1 hour(s), 3 minute(s), 14 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
norbat Skrevet 24. september 2008 Del Skrevet 24. september 2008 Ser ikke noe rusk i de loggene. Var det bare en sjekk eller har du mistanke om noe? Lenke til kommentar
Fløffy Skrevet 24. september 2008 Forfatter Del Skrevet 24. september 2008 Har ein liten mistanke. Maskina har ein tendens til å svara treigt av og til og det hender at firefox stoppar heilt opp eit sekund eller to før den forsett der den slapp. Anar ikkje kva det kjem av. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå