Logger fra HJT, MBAM og Combofix

[ElskHunMest]

Vil sjekke om jeg har en infisert datamaskin.

 

Håper noen kan hjelpe meg:)

 

Combofix

 

 

ComboFix 08-09-20.05 - Gard 2008-09-23 17:32:23.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1008 [GMT 2:00]

Running from: C:\Users\Gard\Nedlastninger\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))

.

 

2008-09-23 17:39 . 2008-09-23 17:40 242,698,400 --a------ C:\Windows\MEMORY.DMP

2008-09-23 16:58 . 2008-09-23 16:58 <DIR> d-------- C:\Users\Gard\AppData\Roaming\Malwarebytes

2008-09-23 16:58 . 2008-09-23 16:58 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-09-23 16:58 . 2008-09-23 16:58 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-09-23 16:58 . 2008-09-23 16:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-23 16:58 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-09-23 16:58 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-09-23 16:40 . 2008-09-23 16:40 <DIR> d-------- C:\Users\All Users\webex

2008-09-23 16:40 . 2008-09-23 16:40 <DIR> d-------- C:\ProgramData\webex

2008-09-23 16:39 . 2008-09-23 16:41 <DIR> d-------- C:\Users\All Users\Linksys

2008-09-23 16:39 . 2008-09-23 16:41 <DIR> d-------- C:\ProgramData\Linksys

2008-09-23 16:38 . 2008-09-23 16:38 <DIR> d----c--- C:\Windows\System32\DRVSTORE

2008-09-23 16:38 . 2008-09-23 16:38 <DIR> d-------- C:\Windows\LastGood.Tmp

2008-09-23 16:38 . 2008-09-23 16:38 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared

2008-09-23 16:38 . 2008-05-16 06:10 26,424 --a------ C:\Windows\System32\drivers\purendis.sys

2008-09-23 16:38 . 2008-05-16 06:10 24,888 --a------ C:\Windows\System32\drivers\pnarp.sys

2008-09-23 16:37 . 2008-09-23 16:38 <DIR> d-------- C:\Users\All Users\Pure Networks

2008-09-23 16:37 . 2008-09-23 16:38 <DIR> d-------- C:\ProgramData\Pure Networks

2008-09-23 16:36 . 2008-09-23 16:37 <DIR> d-------- C:\Program Files\Linksys

2008-09-23 14:13 . 2008-09-23 14:13 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-09-23 14:13 . 2008-09-23 14:13 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-09-23 14:12 . 2008-09-23 14:12 <DIR> d-------- C:\Users\Gard\AppData\Roaming\SUPERAntiSpyware.com

2008-09-23 14:12 . 2008-09-23 14:12 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-09-20 19:52 . 2008-09-20 19:52 27 --a------ C:\Windows\SmAudio.INI

2008-09-17 21:19 . 2008-09-17 21:39 <DIR> d-------- C:\Users\Gard\AppData\Roaming\vlc

2008-09-13 20:04 . 2008-09-13 20:04 249,856 --------- C:\Windows\Setup1.exe

2008-09-10 12:03 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-10 12:03 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-10 12:02 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-10 12:01 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-10 12:01 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-10 12:01 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-10 12:01 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-10 12:01 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-10 12:01 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-05 12:17 . 2008-09-05 12:19 510 --a------ C:\Windows\WORDPAD.INI

2008-09-05 08:26 . 2008-09-05 08:26 <DIR> d-------- C:\Users\Gard\AppData\Roaming\Template

2008-09-05 08:25 . 2008-09-05 08:25 0 --a------ C:\Users\Gard\AppData\Roaming\wklnhst.dat

2008-09-03 17:08 . 2008-09-03 17:08 <DIR> d-------- C:\Program Files\Defraggler

2008-08-26 09:12 . 2008-09-01 19:56 <DIR> d-------- C:\Westwood

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-23 15:39 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment

2008-09-23 14:37 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-23 12:20 --------- d-----w C:\ProgramData\avg7

2008-09-23 12:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-09-23 12:10 --------- d-----w C:\Program Files\Lavasoft

2008-09-23 12:10 --------- d-----w C:\Program Files\Cheat Engine

2008-09-23 12:09 --------- d-----w C:\Program Files\BearShare

2008-09-23 11:59 --------- d-----w C:\Users\Gard\AppData\Roaming\uTorrent

2008-09-23 11:57 --------- d-----w C:\Program Files\KellySoftware

2008-09-23 11:56 --------- d-----w C:\Program Files\Ubisoft

2008-09-23 11:32 --------- d-----w C:\Program Files\World of Warcraft

2008-09-23 06:31 82,120 ----a-w C:\Users\Gard\AppData\Roaming\nvModes.dat

2008-09-22 11:07 --------- d-----w C:\Users\Gard\AppData\Roaming\OpenOffice.org2

2008-09-22 07:54 --------- d-----w C:\Users\Gard\AppData\Roaming\AVG7

2008-09-13 18:04 73,216 ----a-w C:\Windows\ST6UNST.EXE

2008-09-12 20:19 --------- d-----w C:\Program Files\HP

2008-09-10 10:06 --------- d-----w C:\Program Files\Microsoft Works

2008-09-03 15:12 --------- d-----w C:\Program Files\Ultimate Stunts

2008-09-03 15:12 --------- d-----w C:\Program Files\Call of Duty

2008-08-20 10:20 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-14 01:10 --------- d-----w C:\Program Files\Windows Mail

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-29 15:27 --------- d-----w C:\Program Files\OpenAL

2008-05-26 17:58 174 --sha-w C:\Program Files\desktop.ini

2007-11-01 09:31 2,625,536 ----a-w C:\Users\Gard\FX9960G.exe

2007-11-28 07:49 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-11-28 07:49 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-11-28 07:49 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]

"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 579584]

"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 176128]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-02-01 468264]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 8534560]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 81920]

"LELA"="C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-09-04 159744]

"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-04 219136]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

2007-12-04 18:56 9216 C:\Windows\System32\avgwlntf.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=APSHook.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ASWLNPkg

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-629873595-3371684559-1288852250-1000]

"EnableNotificationsRef"=dword:00000002

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{8E91A1DF-932D-4E39-8789-A3C767595E68}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{DE4EC72F-1218-4D91-988A-8B80FDD11E57}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare

"UDP Query User{7611BFD0-1885-4D21-AE3C-20D826C67F59}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare

"TCP Query User{9CCCA30D-5417-4C85-AB7F-5D53041AFEBB}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{C1B9D7D5-ECCD-4857-8ECC-1F1D800C731C}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{A347B1E0-BDE3-49FA-AE50-42C6162E3A2A}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes

"UDP Query User{EF8EFB80-6F3C-4536-8060-3C78BE92EED6}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes

"TCP Query User{D6CE4A1F-4269-4A22-A58A-C1B43E3782B9}C:\\users\\gard\\saved games\\bf 1942\\bf1942.exe"= UDP:C:\users\gard\saved games\bf 1942\bf1942.exe:bf1942.exe

"UDP Query User{A438B7A5-6054-4CC6-A234-2D12841172BB}C:\\users\\gard\\saved games\\bf 1942\\bf1942.exe"= TCP:C:\users\gard\saved games\bf 1942\bf1942.exe:bf1942.exe

"TCP Query User{33612048-A321-4005-B418-DAC83ACD90D8}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= UDP:C:\program files\ea games\battlefield 2\bf2.exe:BF2

"UDP Query User{53D6EF13-C88E-4452-B564-4523A7F1DFDD}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= TCP:C:\program files\ea games\battlefield 2\bf2.exe:BF2

"TCP Query User{FE51EE7E-1472-4F9A-B3F0-C9748BCB0836}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{9B00BD78-1BE5-4822-9C67-225BA74ED262}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{27075AC2-50C3-4484-9F3B-C8FE02718569}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare

"UDP Query User{B6E52900-7A6B-480A-971A-504438A3442E}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare

"TCP Query User{BA51D1A8-980B-408F-8EB2-94FC9815E406}C:\\cs1.6 pod-bot\\hl.exe"= UDP:C:\cs1.6 pod-bot\hl.exe:Half-Life Launcher

"UDP Query User{0E715DA0-5C09-47C0-BB2A-9E1B98AD4891}C:\\cs1.6 pod-bot\\hl.exe"= TCP:C:\cs1.6 pod-bot\hl.exe:Half-Life Launcher

"{0180EEAE-29CE-41CA-8E0E-CA0A6B836F42}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{AE9CAE5F-ED0B-4410-9A48-72B8262E7BE6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"TCP Query User{E7D5A128-2B93-4BB3-B605-9BE79687F114}C:\\program files\\omron\\cx-server\\cxsdi_portman.exe"= UDP:C:\program files\omron\cx-server\cxsdi_portman.exe:PortMan Module

"UDP Query User{A1CDA181-6337-42E3-A0F3-2A2F4DC3E320}C:\\program files\\omron\\cx-server\\cxsdi_portman.exe"= TCP:C:\program files\omron\cx-server\cxsdi_portman.exe:PortMan Module

"TCP Query User{E3EA46D1-B6E6-4152-9122-2393C545EF2D}C:\\cs1.6 pod-bot\\hl.exe"= UDP:C:\cs1.6 pod-bot\hl.exe:Half-Life Launcher

"UDP Query User{CFD514CE-DAD0-478E-8525-0B4314D12037}C:\\cs1.6 pod-bot\\hl.exe"= TCP:C:\cs1.6 pod-bot\hl.exe:Half-Life Launcher

"TCP Query User{2EB2AA01-6F10-4298-A25E-710D4035C9BF}C:\\program files\\your freedom\\freedom.exe"= UDP:C:\program files\your freedom\freedom.exe:freedom

"UDP Query User{D26C692F-DAAE-42FE-AD1F-00C488F1694E}C:\\program files\\your freedom\\freedom.exe"= TCP:C:\program files\your freedom\freedom.exe:freedom

"{8926CE45-C561-4A96-93EC-69768F06FF2C}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play

"{A86FCECA-63F7-4B2F-9BF2-68269FACCBAA}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{1738F31D-939D-4032-9C2A-A0CA4E849889}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{6E2D688D-7E60-4A87-A3C7-F6EC04773BAD}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{F2818705-24A7-460A-868B-1AEA582CD12A}C:\\program files\\ea games\\command & conquer the first decade\\command & conquer renegade\\renegade\\game.exe"= UDP:C:\program files\ea games\command & conquer the first decade\command & conquer renegade\renegade\game.exe:Renegade

"UDP Query User{EC7A6456-1310-4ACE-9D9E-87387423156D}C:\\program files\\ea games\\command & conquer the first decade\\command & conquer renegade\\renegade\\game.exe"= TCP:C:\program files\ea games\command & conquer the first decade\command & conquer renegade\renegade\game.exe:Renegade

"TCP Query User{FA22F0DF-B1A4-49B4-86D5-8A8FBAA58AE4}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited

"UDP Query User{D5F96100-6BC6-425A-B7EF-75CB3C29A841}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited

"TCP Query User{3B73A0ED-516E-4F69-8A9B-8B40FA21AAF8}C:\\bmw m3 challenge\\bmw.exe"= UDP:C:\bmw m3 challenge\bmw.exe:BMW M3 Challenge

"UDP Query User{595FA20E-AC0B-4BD7-B2F0-7CB562E3235A}C:\\bmw m3 challenge\\bmw.exe"= TCP:C:\bmw m3 challenge\bmw.exe:BMW M3 Challenge

"TCP Query User{13B2B7DC-B665-447E-A389-A4086E2F2EE0}C:\\users\\gard\\desktop\\warcraft 3\\war3.exe"= UDP:C:\users\gard\desktop\warcraft 3\war3.exe:war3.exe

"UDP Query User{60B88F73-A5BE-4752-AB2E-EE7E2131F1B4}C:\\users\\gard\\desktop\\warcraft 3\\war3.exe"= TCP:C:\users\gard\desktop\warcraft 3\war3.exe:war3.exe

"TCP Query User{01722A6E-D92D-40CE-8C64-836E9602069D}C:\\users\\gard\\desktop\\warcraft 3\\war3.exe"= UDP:C:\users\gard\desktop\warcraft 3\war3.exe:Warcraft III

"UDP Query User{FB048813-4DAA-4F75-BC0B-E787EF9BBEBC}C:\\users\\gard\\desktop\\warcraft 3\\war3.exe"= TCP:C:\users\gard\desktop\warcraft 3\war3.exe:Warcraft III

"{668D9B4D-6475-45CD-B406-A7B2D112D68E}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{F8E57D70-B2E8-4E60-949F-3200766294F7}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"TCP Query User{81F8FED4-49D9-492B-A3FA-5E950DCFA105}C:\\users\\gard\\warcraft 3\\war3.exe"= UDP:C:\users\gard\warcraft 3\war3.exe:war3.exe

"UDP Query User{4F611042-E4DA-4D24-ABB5-D99771573613}C:\\users\\gard\\warcraft 3\\war3.exe"= TCP:C:\users\gard\warcraft 3\war3.exe:war3.exe

"TCP Query User{D5E3418C-D138-4C00-A14A-41DBB804A07D}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{C049B2A7-8A35-4556-9F87-46D10533636A}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"TCP Query User{561CAD6C-A2AC-4632-B24D-95422143D5C1}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{D96F8A2C-1513-4F4D-A444-6107DD34400A}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"TCP Query User{F8D67181-1E54-4591-A96D-ADDF210170AB}C:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= UDP:C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader

"UDP Query User{2A9DF190-EF77-40B1-AB54-152A887EBAF5}C:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= TCP:C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader

"TCP Query User{C6430D7D-3327-4FDC-9BD6-163DFA5AC4CE}C:\\users\\gard\\desktop\\ny mappe\\rollcage\\rollcage\\direct3d\\rollcage.exe"= UDP:C:\users\gard\desktop\ny mappe\rollcage\rollcage\direct3d\rollcage.exe:rollcage.exe

"UDP Query User{49862E5B-5CC2-4F8C-AD88-47F18A15CF5F}C:\\users\\gard\\desktop\\ny mappe\\rollcage\\rollcage\\direct3d\\rollcage.exe"= TCP:C:\users\gard\desktop\ny mappe\rollcage\rollcage\direct3d\rollcage.exe:rollcage.exe

"TCP Query User{3A35761A-931A-4AF9-B2D2-1D57C5660B06}C:\\program files\\your freedom\\freedom.exe"= UDP:C:\program files\your freedom\freedom.exe:freedom

"UDP Query User{0A0C6E64-CC6A-419B-A2E5-65A85F91721B}C:\\program files\\your freedom\\freedom.exe"= TCP:C:\program files\your freedom\freedom.exe:freedom

"TCP Query User{AE64C1D7-F229-4921-A99B-90AF0CD0F1EE}C:\\users\\gard\\desktop\\ny mappe\\age of empires 2\\empires2.exe"= UDP:C:\users\gard\desktop\ny mappe\age of empires 2\empires2.exe:empires2.exe

"UDP Query User{EAF4C0A6-344A-47BB-A3DF-0FDAA21C4A11}C:\\users\\gard\\desktop\\ny mappe\\age of empires 2\\empires2.exe"= TCP:C:\users\gard\desktop\ny mappe\age of empires 2\empires2.exe:empires2.exe

"{0BDEFE42-DD7B-4149-B4BF-069DF6BE64CE}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{D9208CB1-81EB-4348-B8DD-F134BCC32144}C:\\program files\\rockstar games\\gta2\\gta2.exe"= UDP:C:\program files\rockstar games\gta2\gta2.exe:GTA2 main executable

"UDP Query User{64F7A59F-0BD0-4269-ADA6-1A6DABC75BE8}C:\\program files\\rockstar games\\gta2\\gta2.exe"= TCP:C:\program files\rockstar games\gta2\gta2.exe:GTA2 main executable

"TCP Query User{42B7C303-36CA-4383-A83F-314285DAEC53}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"UDP Query User{300BDF9E-D774-40D9-B93F-852355F1E455}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"TCP Query User{F148FF58-DB91-4574-B4A5-652CF06DD258}C:\\program files\\bearflix\\bearflix.exe"= UDP:C:\program files\bearflix\bearflix.exe:BearFlix

"UDP Query User{BB7C39C8-F826-4C22-8025-E71BFD5B16E8}C:\\program files\\bearflix\\bearflix.exe"= TCP:C:\program files\bearflix\bearflix.exe:BearFlix

"TCP Query User{24E68290-F959-4C20-9668-14CA85CD5165}C:\\users\\gard\\desktop\\ny mappe\\age of empires 2\\empires2.exe"= UDP:C:\users\gard\desktop\ny mappe\age of empires 2\empires2.exe:empires2.exe

"UDP Query User{CD3CA6EC-D835-4B36-A55D-5936A875F90F}C:\\users\\gard\\desktop\\ny mappe\\age of empires 2\\empires2.exe"= TCP:C:\users\gard\desktop\ny mappe\age of empires 2\empires2.exe:empires2.exe

"{57EA2164-017D-4CCA-BB97-227144CB4444}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{5A6128AD-3C7E-4B78-B5D8-B4718AB7A944}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{A24529E5-9E5A-45C6-A43C-AE9FCFE1AA51}C:\\program files\\call of duty\\codmp.exe"= UDP:C:\program files\call of duty\codmp.exe:CoDMP

"UDP Query User{42967B3D-4D94-4A26-96F6-FBE6E9924B44}C:\\program files\\call of duty\\codmp.exe"= TCP:C:\program files\call of duty\codmp.exe:CoDMP

"TCP Query User{312382BD-AB3F-4A77-9E11-0C5424C23E79}C:\\program files\\nsr_stage_1\\bin\\nsr_s1.exe"= UDP:C:\program files\nsr_stage_1\bin\nsr_s1.exe:Nitro Stunt Racing Stage 1

"UDP Query User{822628FD-1289-407E-90EF-105098BA69AD}C:\\program files\\nsr_stage_1\\bin\\nsr_s1.exe"= TCP:C:\program files\nsr_stage_1\bin\nsr_s1.exe:Nitro Stunt Racing Stage 1

"TCP Query User{1D554EFF-4738-4306-8221-EB54E1A5865A}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager

"UDP Query User{E3BC5049-3B2A-444F-999A-484DDFE33EAE}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager

"TCP Query User{5A182EBE-715C-4269-994B-4BC67186D29E}C:\\westwood\\ra2\\game.exe"= UDP:C:\westwood\ra2\game.exe:Main executable for Red Alert 2

"UDP Query User{6E2B4BCE-47B3-4D0F-8320-EDDED18C6EC0}C:\\westwood\\ra2\\game.exe"= TCP:C:\westwood\ra2\game.exe:Main executable for Red Alert 2

"{EDCBC345-2050-4E86-AB9E-FFC4D9CE3A4B}"= UDP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

"{6781405D-4F4F-4B8E-B9A5-6CCD67D609EF}"= TCP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

"{B6EBC58D-48B6-419A-83B9-A7E5D3BF1851}"= TCP:67:0.0.0.0:DHCP Discovery Service

"{BF95B637-F2CF-465C-8129-A73085697085}"= UDP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

"{A673C2ED-DA72-4464-90CD-A08CB4475475}"= TCP:C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

"{DB565C58-E10B-4A7B-A0FB-79A6C36B6148}"= TCP:67:DHCP Discovery Service

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]

R2 LinksysUpdater;Linksys Updater;C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-06-26 204800]

R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-02-01 271760]

R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-02-01 112016]

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-14 53768]

R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-04-18 79664]

R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-18 81200]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-18 16432]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]

S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\Windows\system32\DRIVERS\se44bus.sys [2006-11-30 61536]

S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]

S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]

S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\se44obex.sys [2006-11-30 86432]

S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\Windows\system32\DRIVERS\se44unic.sys [2006-11-30 90800]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

Cognizance REG_MULTI_SZ ASBroker ASChannel

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{186eac32-98cb-11dc-8fb6-001a6bbaccc8}]

\shell\AutoRun\command - H:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7accea3e-5fba-11dd-845b-001b248171c2}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80fceb37-cf05-11dc-a451-001a6bbaccc8}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96628b99-72d5-11dc-a7e1-806e6f6e6963}]

\shell\AutoRun\command - E:\Setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Gard\AppData\Roaming\Mozilla\Firefox\Profiles\1mls6p6y.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.sol.no

FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-23 17:41:45

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\conime.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Windows\System32\java.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

C:\Windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2008-09-23 17:52:30 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-23 15:52:23

 

Pre-Run: 108 647 116 800 byte ledig

Post-Run: 108,303,716,352 byte ledig

 

313 --- E O F --- 2008-09-10 10:08:18

 

 

 

 

MBAM

 

 

Malwarebytes' Anti-Malware 1.28

Database versjon: 1199

Windows 6.0.6001 Service Pack 1

 

2008-09-23 17:30:30

mbam-log-2008-09-23 (17-30-30).txt

 

Skanntype: Rask Skann

Objekter skannet: 47389

Tid tilbakelagt: 3 minute(s), 59 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

 

HJT

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:01:04, on 23.09.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\Hitest\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O20 - AppInit_DLLs: APSHook.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 10557 bytes

 

 

 

[norbat]

Nei, det er ikke noe tegn på malware i de loggene.

 

Du kan godt avinstallere LiveUpdate.

[ElskHunMest]

Det skal jeg gjøre

 

Tusen takk for at du hjalp meg.

[r2d290]

Du bør oppdatere Java

Det er viktig å bruke den seneste versjonen av Java, siden tidligere versjoner kan inneholde sikkerhetshull som vil øke sansynligheten for at du

blir infisert igjen. Det ser ut til at din verjson av Java er utdatert

 

Oppdatere Java:

• Trykk på følgende link, og last ned nyeste versjon av Java:http://java.com/en/download/index.jsp
  

[*]Gå til Start > Kontrollpanel > Legg til/fjern programmer.

[*]Søk i listen over alle tidligere versjoner av Java (JRE, J2SE Runtime, J2RE osv.... )

Alle disse versjonene bør ha dette bildet foran:

Velg alle du finner, og trykk på Fjern

[*]Deretter installerer du den Java-versjonen som du lastet ned i starten.

Fortell hvordan det gikk med oppdateringen, da problemer med oppdatering kan indikere flere malware på systemet ditt.

 

 

 

 

 

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du:

[LØST]

foran emnetittelen din.

 

Eks: [LØST] Har fått virus på maskinen

 

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

 

-Surf trygt-