Pizzaen Skrevet 25. september 2008 Del Skrevet 25. september 2008 Hei Tenkte jeg skulle ta en skjekk på laptoppen min etter virus, fikk den nettopp av min bror og det er sikkert endel virus innpå den fordi den er utrolig treg... MBAM Malwarebytes' Anti-Malware 1.28 Database versjon: 1204 Windows 5.1.2600 Service Pack 2 25.09.2008 18:41:40 mbam-log-2008-09-25 (18-41-40).txt Skanntype: Rask Skann Objekter skannet: 44774 Tid tilbakelagt: 3 minute(s), 12 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combofix: ComboFix 08-09-25.01 - Administrator 2008-09-25 18:46:10.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1455 [GMT 2:00] Running from: D:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-25 to 2008-09-25 ))))))))))))))))))))))))))))))) . 2008-09-25 18:37 . 2008-09-25 18:37 <DIR> d-------- D:\Programfiler\Malwarebytes' Anti-Malware 2008-09-25 18:37 . 2008-09-25 18:37 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-09-25 18:37 . 2008-09-25 18:37 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\Malwarebytes 2008-09-25 18:37 . 2008-09-10 00:04 38,528 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-25 18:37 . 2008-09-10 00:03 17,200 --a------ D:\WINDOWS\system32\drivers\mbam.sys 2008-09-24 13:33 . 2008-09-24 13:34 <DIR> d-------- D:\Programfiler\SystemRequirementsLab 2008-09-24 13:33 . 2008-09-24 13:33 <DIR> d-------- D:\Documents and Settings\Administrator\SystemRequirementsLab 2008-09-24 13:27 . 2008-09-24 13:27 <DIR> d-------- D:\Programfiler\Viewpoint 2008-09-24 13:27 . 2008-09-24 13:27 <DIR> d-------- D:\Programfiler\Fellesfiler\AOL 2008-09-24 13:27 . 2008-09-24 13:27 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Viewpoint 2008-09-24 13:27 . 2008-09-24 13:27 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\AOL OCP 2008-09-24 13:27 . 2008-09-24 13:27 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\AOL 2008-09-24 13:27 . 2008-09-24 13:27 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\acccore 2008-09-24 13:26 . 2008-09-24 13:27 <DIR> d-------- D:\Programfiler\AIM6 2008-09-24 13:26 . 2008-09-24 13:27 366 --ah----- D:\IPH.PH 2008-09-22 19:57 . 2008-09-22 19:57 <DIR> d-------- D:\Programfiler\TeamViewer3 2008-09-22 19:57 . 2008-09-22 19:57 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\TeamViewer 2008-09-22 19:56 . 2008-09-22 19:56 <DIR> d-------- D:\Documents and Settings\Administrator\temp 2008-09-22 17:52 . 2008-09-22 17:52 <DIR> d-------- D:\Programfiler\CodeStuff 2008-09-22 13:08 . 2008-09-22 13:08 268 --ah----- D:\sqmdata06.sqm 2008-09-22 13:08 . 2008-09-22 13:08 244 --ah----- D:\sqmnoopt06.sqm 2008-09-21 21:35 . 2008-09-21 21:35 268 --ah----- D:\sqmdata05.sqm 2008-09-21 21:35 . 2008-09-21 21:35 244 --ah----- D:\sqmnoopt05.sqm 2008-09-21 18:55 . 2008-09-21 18:55 268 --ah----- D:\sqmdata04.sqm 2008-09-21 18:55 . 2008-09-21 18:55 244 --ah----- D:\sqmnoopt04.sqm 2008-09-21 18:17 . 2008-09-21 18:17 268 --ah----- D:\sqmdata03.sqm 2008-09-21 18:17 . 2008-09-21 18:17 244 --ah----- D:\sqmnoopt03.sqm 2008-09-21 17:13 . 2008-09-21 17:13 268 --ah----- D:\sqmdata02.sqm 2008-09-21 17:13 . 2008-09-21 17:13 244 --ah----- D:\sqmnoopt02.sqm 2008-09-21 15:56 . 2008-09-21 15:56 268 --ah----- D:\sqmdata01.sqm 2008-09-21 15:56 . 2008-09-21 15:56 244 --ah----- D:\sqmnoopt01.sqm 2008-09-21 15:35 . 2008-09-21 15:35 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\vlc 2008-09-21 15:34 . 2008-09-21 15:34 <DIR> d-------- D:\Programfiler\VideoLAN 2008-09-21 14:58 . 2008-09-21 14:58 268 --ah----- D:\sqmdata00.sqm 2008-09-21 14:58 . 2008-09-21 14:58 244 --ah----- D:\sqmnoopt00.sqm 2008-09-02 00:04 . 2008-09-02 00:04 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\ESET 2008-09-02 00:01 . 2008-09-02 00:01 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\ESET 2008-08-31 19:25 . 2007-10-18 12:59 201,488 --------- D:\WINDOWS\system32\MACD32.DLL 2008-08-31 19:25 . 2007-10-18 12:59 144,144 --------- D:\WINDOWS\system32\MASE32.DLL 2008-08-31 19:25 . 2007-10-18 12:59 141,584 --------- D:\WINDOWS\system32\MAMC32.DLL 2008-08-31 19:25 . 2007-10-18 12:59 63,248 --------- D:\WINDOWS\system32\MASD32.DLL 2008-08-31 19:25 . 2007-10-18 12:59 33,040 --------- D:\WINDOWS\system32\MA32.DLL 2008-08-31 19:24 . 2008-08-31 19:24 <DIR> d-------- D:\Programfiler\Pinnacle 2008-08-31 19:24 . 2003-03-19 06:28 2,179,072 --------- D:\WINDOWS\system32\mfc71d.dll 2008-08-31 19:24 . 2003-03-19 05:04 765,952 --------- D:\WINDOWS\system32\msvcp71d.dll 2008-08-31 19:24 . 2002-01-05 21:16 737,280 --------- D:\WINDOWS\system32\msvcp70d.dll 2008-08-31 19:24 . 2006-12-01 23:54 626,688 --------- D:\WINDOWS\system32\msvcr80.dll 2008-08-31 19:24 . 2006-12-01 23:54 548,864 --------- D:\WINDOWS\system32\msvcp80.dll 2008-08-31 19:24 . 2003-03-19 05:03 544,768 --------- D:\WINDOWS\system32\msvcr71d.dll 2008-08-31 19:24 . 2002-01-05 13:40 487,424 --------- D:\WINDOWS\system32\MSVCP70.DLL 2008-08-31 19:24 . 2004-07-23 09:00 446,464 --------- D:\WINDOWS\system32\HHActiveX.dll 2008-08-31 19:24 . 2004-06-03 12:47 385,100 --------- D:\WINDOWS\system32\MSVCRTD.DLL 2008-08-31 19:24 . 2002-01-05 13:37 344,064 --------- D:\WINDOWS\system32\MSVCR70.DLL 2008-08-31 19:22 . 2008-08-31 19:29 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Pinnacle 2008-08-31 19:20 . 2008-08-31 19:20 <DIR> d-------- D:\Documents and Settings\Administrator\Pinnacle 2008-08-31 18:59 . 2008-08-31 18:59 <DIR> d-------- D:\WINDOWS\Sun 2008-08-31 18:59 . 2008-08-31 19:01 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\Download Manager 2008-08-31 12:32 . 2008-08-31 12:32 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\Apple Computer 2008-08-31 12:31 . 2008-08-31 12:31 <DIR> d-------- D:\Programfiler\iPod 2008-08-31 12:30 . 2008-08-31 12:32 <DIR> d-------- D:\Programfiler\iTunes 2008-08-31 12:25 . 2008-08-31 12:25 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Apple Computer 2008-08-31 12:24 . 2008-08-31 12:24 <DIR> d-------- D:\Programfiler\Apple Software Update 2008-08-31 12:22 . 2008-08-31 12:22 <DIR> d-------- D:\Programfiler\Fellesfiler\Apple 2008-08-31 12:22 . 2008-08-31 12:22 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Apple 2008-08-31 02:53 . 2008-08-31 02:53 <DIR> d-------- D:\Programfiler\Fellesfiler\Control Panels 2008-08-31 02:51 . 2008-08-31 02:51 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\ALM 2008-08-31 02:48 . 2008-08-31 02:48 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\FLEXnet 2008-08-31 02:40 . 2008-08-31 12:27 <DIR> d-------- D:\Programfiler\QuickTime 2008-08-31 02:32 . 2007-02-20 16:04 2,463,976 --a------ D:\WINDOWS\system32\NPSWF32.dll 2008-08-31 02:32 . 2007-02-20 16:04 190,696 --a------ D:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2008-08-31 02:29 . 2008-08-31 02:29 <DIR> d-------- D:\Programfiler\CoffeeCup Software 2008-08-31 02:29 . 1999-03-22 12:29 233,472 --a------ D:\WINDOWS\system32\Ilda32.dll 2008-08-31 02:29 . 1998-06-17 04:00 18,944 --a------ D:\WINDOWS\system32\BORLNDMM.DLL 2008-08-31 02:23 . 2008-08-31 12:28 <DIR> d-------- D:\Programfiler\Bonjour 2008-08-31 02:19 . 2008-08-31 02:19 <DIR> d-------- D:\Programfiler\Fellesfiler\Macrovision Shared 2008-08-31 02:12 . 2008-08-31 02:56 <DIR> d-------- D:\Programfiler\Fellesfiler\Adobe 2008-08-31 01:54 . 2006-10-26 19:56 32,592 --a------ D:\WINDOWS\system32\msonpmon.dll 2008-08-31 01:53 . 2008-08-31 01:53 <DIR> d-------- D:\Programfiler\Microsoft Works 2008-08-31 01:52 . 2008-08-31 01:52 <DIR> d-------- D:\Programfiler\Microsoft.NET 2008-08-31 01:49 . 2008-08-31 01:50 <DIR> d-------- D:\WINDOWS\SHELLNEW 2008-08-31 01:49 . 2008-08-31 01:49 <DIR> dr-h----- D:\MSOCache 2008-08-31 01:49 . 2008-08-31 01:54 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-08-31 00:56 . 2008-09-22 16:11 <DIR> d-------- D:\Documents and Settings\Administrator\Contacts 2008-08-30 23:17 . 2008-08-30 23:22 <DIR> d--hsc--- D:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-08-30 23:16 . 2008-08-30 23:22 <DIR> d-------- D:\Programfiler\Windows Live 2008-08-30 23:16 . 2008-08-30 23:16 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\WLInstaller 2008-08-30 23:13 . 2008-09-25 18:00 <DIR> d-------- D:\WINDOWS\system32\Lang 2008-08-30 23:13 . 2008-08-30 23:13 940,794 --a------ D:\WINDOWS\system32\LoopyMusic.wav 2008-08-30 23:13 . 2008-08-30 23:13 146,650 --a------ D:\WINDOWS\system32\BuzzingBee.wav 2008-08-30 23:07 . 2008-08-30 23:07 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\Windows Search 2008-08-30 23:07 . 2008-08-30 23:07 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\Windows Desktop Search 2008-08-30 23:06 . 2008-08-30 23:06 <DIR> d-------- D:\WINDOWS\system32\GroupPolicy 2008-08-30 23:06 . 2008-08-30 23:06 <DIR> d-------- D:\Programfiler\Windows Desktop Search 2008-08-30 23:06 . 2008-03-07 18:56 192,000 -----c--- D:\WINDOWS\system32\dllcache\offfilt.dll 2008-08-30 23:06 . 2008-03-07 18:56 98,304 -----c--- D:\WINDOWS\system32\dllcache\nlhtml.dll 2008-08-30 23:06 . 2008-03-07 18:56 29,696 -----c--- D:\WINDOWS\system32\dllcache\mimefilt.dll 2008-08-30 23:00 . 2008-08-30 23:00 <DIR> d-------- D:\Documents and Settings\Administrator\Programdata\Locktime 2008-08-30 22:59 . 2008-08-30 22:59 <DIR> d-------- D:\Programfiler\DirectVobSub 2008-08-30 22:58 . 2008-08-30 22:58 <DIR> d-------- D:\Programfiler\NetLimiter 2 Pro 2008-08-30 22:58 . 2008-08-30 22:58 <DIR> d-------- D:\Documents and Settings\All Users\Programdata\Locktime 2008-08-30 22:54 . 2004-08-04 01:03 130,048 --a------ D:\WINDOWS\system32\ksproxy.ax 2008-08-30 22:53 . 2004-08-04 01:03 74,240 --a------ D:\WINDOWS\system32\usbui.dll 2008-08-30 22:53 . 2004-08-04 01:03 74,240 --a--c--- D:\WINDOWS\system32\dllcache\usbui.dll 2008-08-30 22:53 . 2004-08-04 01:07 14,080 --a------ D:\WINDOWS\system32\drivers\CmBatt.sys 2008-08-30 22:53 . 2001-08-17 23:57 14,080 --a------ D:\WINDOWS\system32\drivers\battc.sys 2008-08-30 22:53 . 2001-08-17 23:58 9,344 --a------ D:\WINDOWS\system32\drivers\compbatt.sys 2008-08-30 22:52 . 2008-08-30 22:52 <DIR> dr------- D:\Documents and Settings\Default User\Start-meny 2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d--h----- D:\Documents and Settings\Default User\Skrivere 2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d-------- D:\Documents and Settings\Default User\Skrivebord 2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d--h----- D:\Documents and Settings\Default User\Siste 2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d-------- D:\Documents and Settings\Default User\Mine dokumenter 2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d--h----- D:\Documents and Settings\Default User\Maler 2008-08-30 22:52 . 2008-08-30 22:52 <DIR> dr-h----- D:\Documents and Settings\Default User\Lokale innstillinger 2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d-------- D:\Documents and Settings\Default User\Favoritter 2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d--h----- D:\Documents and Settings\Default User\AndrMask 2008-08-30 22:52 . 2008-08-30 21:19 <DIR> dr------- D:\Documents and Settings\All Users\Start-meny 2008-08-30 22:52 . 2008-09-25 18:37 <DIR> d-------- D:\Documents and Settings\All Users\Skrivebord 2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d--h----- D:\Documents and Settings\All Users\Maler 2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d-------- D:\Documents and Settings\All Users\Favoritter 2008-08-30 22:52 . 2008-08-31 19:26 <DIR> dr------- D:\Documents and Settings\All Users\Dokumenter 2008-08-30 22:51 . 2008-08-30 22:52 <DIR> dr-h----- D:\Documents and Settings\Default User\Programdata 2008-08-30 22:51 . 2008-09-24 21:58 <DIR> d--h----- D:\Documents and Settings\Default User 2008-08-30 22:51 . 2008-09-25 18:37 <DIR> dr-h----- D:\Documents and Settings\All Users\Programdata 2008-08-30 22:51 . 2008-08-30 20:59 <DIR> d-------- D:\Documents and Settings\All Users 2008-08-30 22:34 . 2008-08-30 22:34 <DIR> d-------- D:\Programfiler\uTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-21 13:07 --------- d-----w D:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-08-31 17:24 --------- d--h--w D:\Programfiler\InstallShield Installation Information 2008-08-31 00:58 --------- d-----w D:\Documents and Settings\Administrator\Programdata\Media Player Classic 2008-08-30 20:07 --------- d-----w D:\Programfiler\Intel 2008-08-30 19:59 --------- d-----w D:\Programfiler\Wireless Console 2 2008-08-30 19:59 --------- d-----w D:\Programfiler\Toshiba 2008-08-30 19:58 --------- d-----w D:\Programfiler\Synaptics 2008-08-30 19:57 --------- d-----w D:\Programfiler\Realtek 2008-08-30 19:56 --------- d-----w D:\Programfiler\Fellesfiler\InstallShield 2008-08-30 19:52 --------- d-----w D:\Programfiler\DAEMON Tools 2008-08-30 19:50 472,576 ----a-w D:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe 2008-08-30 19:50 --------- d-----w D:\Programfiler\Radeon Omega Drivers 2008-08-30 19:19 --------- d-----w D:\Programfiler\Spybot - Search & Destroy 2008-08-30 19:19 --------- d-----w D:\Programfiler\Settings2 2008-08-30 19:19 --------- d-----w D:\Programfiler\HighMAT CD Writing Wizard 2008-08-30 19:19 --------- d-----w D:\Programfiler\Clue 2008-08-30 19:18 --------- d-----w D:\Programfiler\Unlocker 2008-08-30 19:18 --------- d-----w D:\Programfiler\Java 2008-08-30 19:18 --------- d-----w D:\Programfiler\Alarm 2008-08-30 19:18 --------- d-----w D:\Programfiler\Ahead 2008-08-30 19:18 --------- d-----w D:\Documents and Settings\All Users\Programdata\Ahead 2008-08-30 19:17 --------- d-----w D:\Programfiler\Xvid 2008-08-30 19:17 --------- d-----w D:\Programfiler\Fellesfiler\Java 2008-08-30 19:17 --------- d-----w D:\Programfiler\Fellesfiler\Ahead 2008-08-30 19:17 --------- d-----w D:\Programfiler\AC3Filter 2008-08-30 19:16 --------- d-----w D:\Programfiler\MPC 2008-08-30 19:15 --------- d-----w D:\Programfiler\MSBuild 2008-08-30 19:12 --------- d-----w D:\Programfiler\Reference Assemblies 2008-08-30 19:04 --------- d-----w D:\Programfiler\WGA 2008-08-30 19:04 --------- d-----w D:\Programfiler\microsoft frontpage 2008-08-30 19:02 715,248 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2008-08-30 19:01 --------- d-----w D:\Programfiler\MSXML 6.0 2008-08-30 19:01 --------- d-----w D:\Programfiler\MSXML 4.0 2008-08-30 19:00 --------- d-----w D:\Programfiler\Windows Media Connect 2 2008-08-30 18:58 --------- d-----w D:\Programfiler\Fellesfiler\Tjenester 2008-08-30 18:58 --------- d-----w D:\Programfiler\Elektroniske tjenester 2008-07-16 23:02 633,856 ------w D:\WINDOWS\system32\gpprefcl.dll 2008-07-07 20:23 253,952 ----a-w D:\WINDOWS\system32\es.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-24_21.56.27.92 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-24 14:45:50 16,384 --sha-w D:\WINDOWS\Temp\Cookies\index.dat + 2008-09-25 16:00:14 16,384 --sha-w D:\WINDOWS\Temp\Cookies\index.dat - 2008-09-24 14:45:50 32,768 --sha-w D:\WINDOWS\Temp\History\History.IE5\index.dat + 2008-09-25 16:00:14 32,768 --sha-w D:\WINDOWS\Temp\History\History.IE5\index.dat + 2008-09-25 16:01:23 32,768 --sha-w D:\WINDOWS\Temp\History\History.IE5\MSHist012008092520080926\index.dat - 2008-09-24 14:45:50 32,768 --sha-w D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat + 2008-09-25 16:00:14 32,768 --sha-w D:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2008-02-15 15360] "DAEMON Tools"="D:\Programfiler\DAEMON Tools\daemon.exe" [2007-11-17 171464] "Core Temp"="C:\progs\coretemp\Core Temp.exe" [2008-07-10 260624] "StatBar"="C:\progs\StatBar\StatBar.exe" [2005-01-22 335872] "MsnMsgr"="D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-08-31 5724184] "PMCRemote"="D:\Programfiler\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-06-12 214288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648] "HControl"="D:\WINDOWS\ATK0100\HControl.exe" [2005-11-10 102400] "SynTPEnh"="D:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945] "Wireless Console 2"="D:\Programfiler\Wireless Console 2\wcourier.exe" [2005-10-17 987136] "IntelZeroConfig"="D:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="D:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "EOUApp"="D:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413] "Power_Gear"="D:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe" [2005-10-05 86016] "ASUS Live Update"="D:\Programfiler\ASUS\ASUS Live Update\ALU.exe" [2005-11-02 180224] "Acrobat Assistant 8.0"="D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248] "AppleSyncNotifier"="D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="D:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="D:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-30 289064] "AtiPTA"="atiptaxx.exe" [2006-02-22 D:\WINDOWS\system32\atiptaxx.exe] "Snarvei til egenskapsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 D:\WINDOWS\system32\HdAShCut.exe] "SMSERIAL"="sm56hlpr.exe" [2005-05-27 D:\WINDOWS\sm56hlpr.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-09-06 D:\WINDOWS\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-06-23 D:\WINDOWS\system32\advpack.dll] D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Bluetooth Manager.lnk - D:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152] Pinnacle Streaming Server.lnk - D:\Programfiler\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2008-03-25 603408] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "D:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk] path=D:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk backup=D:\WINDOWS\pss\Windows Search.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\Programfiler\\uTorrent\\uTorrent.exe"= "D:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "D:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "D:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "D:\\Programfiler\\iTunes\\iTunes.exe"= "D:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "D:\\Programfiler\\Fellesfiler\\AOL\\Loader\\aolload.exe"= "D:\\Programfiler\\AIM6\\aim6.exe"= R1 nltdi;nltdi;D:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 82200] R2 Viewpoint Manager Service;Viewpoint Manager Service;D:\Programfiler\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R3 ALSysIO;ALSysIO;D:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\ALSysIO.sys [ ] S3 USB28xxBGA;PCTV 330e/8x0e Device;D:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-08-08 476288] S3 USB28xxOEM;USB 28xx OEM Filter;D:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-08-08 38656] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - D:\Documents and Settings\Administrator\Programdata\Mozilla\Firefox\Profiles\n406five.default\ FF -: plugin - D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll FF -: plugin - D:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - D:\Programfiler\Mozilla Firefox\plugins\npViewpoint.dll FF -: plugin - D:\Programfiler\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-25 18:48:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-25 18:51:27 ComboFix-quarantined-files.txt 2008-09-25 16:50:28 ComboFix2.txt 2008-09-24 19:58:00 Pre-Run: 27 577 856 000 byte ledig Post-Run: 27,562,045,440 byte ledig 283 HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:52:59, on 25.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\Programfiler\Intel\Wireless\Bin\EvtEng.exe D:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe D:\WINDOWS\system32\spoolsv.exe D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Programfiler\Bonjour\mDNSResponder.exe D:\Programfiler\NetLimiter 2 Pro\nlsvc.exe D:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe D:\WINDOWS\system32\svchost.exe D:\Programfiler\Viewpoint\Common\ViewpointService.exe D:\WINDOWS\system32\SearchIndexer.exe D:\Programfiler\NetLimiter 2 Pro\NLClient.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\ATK0100\HControl.exe D:\WINDOWS\sm56hlpr.exe D:\WINDOWS\RTHDCPL.EXE D:\Programfiler\Synaptics\SynTP\SynTPEnh.exe D:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe D:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe D:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe D:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe D:\Programfiler\iTunes\iTunesHelper.exe D:\WINDOWS\system32\ctfmon.exe D:\Programfiler\DAEMON Tools\daemon.exe C:\progs\coretemp\Core Temp.exe D:\Programfiler\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe D:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe D:\Programfiler\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe D:\WINDOWS\ATK0100\ATKOSD.exe D:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe D:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe D:\Programfiler\iPod\bin\iPodService.exe D:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe D:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe D:\WINDOWS\System32\svchost.exe D:\Programfiler\Windows Live\Messenger\usnsvc.exe D:\Programfiler\iTunes\iTunes.exe D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\distnoted.exe D:\WINDOWS\system32\SearchProtocolHost.exe D:\WINDOWS\system32\NOTEPAD.EXE D:\WINDOWS\explorer.exe D:\WINDOWS\system32\notepad.exe D:\Programfiler\Mozilla Firefox\firefox.exe D:\Documents and Settings\Administrator\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/intl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [HControl] D:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [synTPEnh] D:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Wireless Console 2] D:\Programfiler\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [intelZeroConfig] "D:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "D:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "D:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [Power_Gear] D:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ASUS Live Update] D:\Programfiler\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Core Temp] C:\progs\coretemp\Core Temp.exe O4 - HKCU\..\Run: [statBar] C:\progs\StatBar\StatBar.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PMCRemote] D:\Programfiler\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Pinnacle Streaming Server.lnk = D:\Programfiler\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe O8 - Extra context menu item: Append to existing PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O23 - Service: Apple Mobile Device - Apple Inc. - D:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - D:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Programfiler\NetLimiter 2 Pro\nlsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Programfiler\Viewpoint\Common\ViewpointService.exe -- End of file - 10144 bytes Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå