Mulig virus, men avast 4.7 home finner det ikke

[hakonvl]

Hei!

 

Maksinen min (windows vista business 32-bit)har en lei tendens til og kjøre treigt. Prossesorloggen viser at den ligger og stanger på 60 til 100%. Kjører som sagt Avast 4.8 home. Lurer på om det er noen sjang for og finne viruset vis jeg bruker et annet program. Noen som har noen tips? Vil helst ikke bruke noe penger på det, men vist det finnes noen demoer så kan jeg også bruke det.

[ungkar1]

hei. om du mistenker virus kan de kjøre gjennom denne veiledningen her: https://www.diskusjon.no/index.php?showtopic=691246

så poster du loggene i egen post. så kommer det noen eksperter og ser på loggene.

[hakonvl]

hei. om du mistenker virus kan de kjøre gjennom denne veiledningen her: https://www.diskusjon.no/index.php?showtopic=691246

så poster du loggene i egen post. så kommer det noen eksperter og ser på loggene.

 

Den holder på. Fant et virus med en gang. Skal poste de loggene senere nåt jeg har kjørt alle programmene.

 

Her er loggene mine:

 

Malwarebyte antimaleware:

 

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.28

Database version: 1134

Windows 6.0.6000

 

26.09.2008 22:18:46

mbam-log-2008-09-26 (22-17-47).txt

 

Scan type: Quick Scan

Objects scanned: 63066

Time elapsed: 38 minute(s), 51 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

ComboFix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-09-26.01 - Ingrid 26.09.2008 22:55:07.1 - NTFSx86

Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1044.18.1252 [GMT 2:00]

Running from: C:\Users\Håkon\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\Downloaded Program Files\setup.inf

I:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-26 20:55 3,670,016 --sha-w C:\Users\Håkon\ntuser.dat

2008-09-26 20:55 3,670,016 --sha-w C:\Users\Håkon\ntuser.dat

2008-09-26 19:51 --------- d-----w C:\Users\Håkon\AppData\Roaming\Skype

2008-09-26 19:22 --------- d-----w C:\Users\Håkon\AppData\Roaming\Malwarebytes

2008-09-26 19:20 --------- d-----w C:\Users\Ingrid\AppData\Roaming\Malwarebytes

2008-09-26 19:20 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2008-09-26 19:19 --------- d-----w C:\ProgramData\Malwarebytes

2008-09-26 19:18 --------- d-----w C:\Program Files\CCleaner

2008-09-26 19:11 41,335 ----a-w C:\Users\Håkon\AppData\Roaming\nvModes.dat

2008-09-26 17:54 --------- d-----w C:\Program Files\Google

2008-09-26 16:46 --------- d-s---w C:\Users\Håkon\AppData\Roaming\Microsoft

2008-09-26 16:42 --------- d-----w C:\Program Files\Microsoft Virtual PC

2008-09-26 16:13 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-26 16:07 --------- d-----w C:\Program Files\Common Files\KnifeEdge

2008-09-26 14:45 41,478 ----a-w C:\Users\Ingrid\AppData\Roaming\nvModes.dat

2008-09-24 18:47 41,335 ----a-w C:\Users\Magne\AppData\Roaming\nvModes.dat

2008-09-18 19:12 --------- d-----w C:\Program Files\Common Files\Adobe

2008-09-17 20:05 --------- d-----w C:\Users\Ingrid\AppData\Roaming\Skype

2008-09-13 21:23 --------- d-----w C:\Users\Håkon\AppData\Roaming\LEGO Company

2008-09-13 19:36 --------- d-----w C:\Program Files\7-Zip

2008-09-13 19:09 --------- d-----w C:\ProgramData\TrackMania United

2008-09-13 14:34 --------- d-----w C:\Users\Ingrid\AppData\Roaming\LEGO Company

2008-09-13 14:34 --------- d-----w C:\Program Files\LEGO Company

2008-09-12 22:00 --------- d-----w C:\Program Files\Telio Backup Manager

2008-09-12 18:15 --------- d-----w C:\Program Files\Common Files\Control Panels

2008-09-12 15:50 --------- d-----w C:\ProgramData\ALM

2008-09-12 15:35 --------- d-----w C:\Users\Ingrid\AppData\Roaming\Download Manager

2008-09-12 14:00 95,888 ----a-w C:\Windows\system32\drivers\VBoxDrv.sys

2008-09-12 14:00 41,680 ----a-w C:\Windows\system32\drivers\VBoxUSBMon.sys

2008-09-11 14:13 --------- d-----w C:\ProgramData\Microsoft Help

2008-09-11 14:04 --------- d-----w C:\Program Files\Microsoft Works

2008-09-10 14:00 --------- d-----w C:\Program Files\TmNationsForever

2008-09-10 12:59 --------- d-----w C:\ProgramData\Roxio

2008-09-10 11:33 --------- d-----w C:\Program Files\Sun

2008-09-10 09:49 --------- d-----w C:\Program Files\Java

2008-09-10 09:18 --------- d-----w C:\Users\Ingrid\AppData\Roaming\ZoomBrowser EX

2008-09-10 09:17 --------- d-----w C:\ProgramData\ZoomBrowser

2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys

2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys

2008-08-31 20:04 --------- d-----w C:\ProgramData\SongbirdVLC

2008-08-31 19:30 --------- d-----w C:\Users\Håkon\AppData\Roaming\Songbird2

2008-08-31 19:30 --------- d-----w C:\Users\Håkon\AppData\Roaming\Mozilla

2008-08-31 13:55 --------- d-----w C:\Users\Ingrid\AppData\Roaming\Roxio

2008-08-31 13:39 --------- d-----w C:\Users\Ingrid\AppData\Roaming\Songbird2

2008-08-31 13:39 --------- d-----w C:\Program Files\Songbird

2008-08-30 16:15 --------- d-----w C:\Program Files\DarwinBotsII

2008-08-29 14:27 --------- d-----w C:\Users\Håkon\AppData\Roaming\gtk-2.0

2008-08-23 12:46 --------- d-----w C:\Program Files\Ubisoft

2008-08-19 10:42 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-17 21:39 --------- d-----w C:\Users\Ingrid\AppData\Roaming\gtk-2.0

2008-08-16 13:27 --------- d-----w C:\Program Files\TrackMania United

2008-08-16 08:47 --------- d-----w C:\Program Files\Rockstar Games

2008-08-14 14:02 --------- d-----w C:\Program Files\Windows Mail

2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-07-28 20:51 --------- d-----w C:\Program Files\wild metal

2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe

2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll

2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll

2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll

2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll

2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll

2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll

2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll

2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe

2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-07-10 08:56 174 --sha-w C:\Program Files\desktop.ini

2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll

2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll

2007-10-24 13:43 167,064 ----a-w C:\Program Files\custom.dat

2002-04-29 13:05 176,950 ------w C:\Program Files\readme.rtf

2001-05-14 14:32 3,088,384 ------w C:\Program Files\wwp.exe

2001-03-16 13:45 98,304 ------w C:\Program Files\wwpdll32.dll

2001-03-15 15:01 995 ------w C:\Program Files\Nomouse.pif

2001-03-15 15:01 20,592 ------w C:\Program Files\Nomouse.sp

2001-03-15 15:01 20,480 ------w C:\Program Files\Nomouse.com

2000-11-27 11:32 4,710 ------w C:\Program Files\Wwp.ICO

2000-10-03 14:06 401,462 ----a-w C:\Program Files\MSVCP60.DLL

2000-08-16 19:15 122,880 ------w C:\Program Files\Landgen.exe

2000-06-08 15:00 290,869 ----a-w C:\Program Files\MSVCRT.DLL

2000-02-14 12:56 90,056 ------w C:\Program Files\LLload.bmp

1999-04-26 22:00 995,383 ------w C:\Program Files\MFC42.DLL

1999-03-29 11:48 34,304 ------w C:\Program Files\lfbmp10N.dll

1999-03-29 11:48 31,744 ------w C:\Program Files\lflmb10N.dll

1999-03-29 11:48 297,984 ------w C:\Program Files\ltkrn10N.dll

1999-03-29 11:48 27,648 ------w C:\Program Files\lftga10N.dll

1999-03-29 11:48 269,312 ------w C:\Program Files\LFCMP10N.DLL

1999-03-29 11:48 105,472 ------w C:\Program Files\ltfil10N.DLL

1998-09-06 23:03 12,208 ------w C:\Program Files\CDIO16.DLL

1998-09-06 22:55 32,768 ------w C:\Program Files\CDIO32.DLL

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]

@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"

[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]

2008-05-16 23:07 495616 --a------ C:\Program Files\Telio Backup Manager\VaultClientMenu.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon2]

@="{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}"

[HKEY_CLASSES_ROOT\CLSID\{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}]

2008-05-16 23:07 491520 --a------ C:\Program Files\Telio Backup Manager\VaultClientIcon.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]

"SeaMonkey Quick Launch"="C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" [2008-03-13 106496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"snpstd"="C:\Windows\vsnpstd.exe" [2005-10-11 339968]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016]

"TrayStartup"="C:\Program Files\Telio Backup Manager\VaultClientTray.exe" [2008-05-16 224304]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 C:\Windows\KHALMNPR.Exe]

 

C:\Users\Magne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

 

C:\Users\Ingrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

 

C:\Users\H†kon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-18 110592]

Canon LBP2900 Statusvindu.lnk - C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2007-11-22 50848]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-10-13 50688]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-13 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= Pvmjpg30.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{56D541F6-770C-407F-B7EA-C77986BE42FA}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema

"{6AA5DBC5-3FE3-4440-BCED-CD60B23CDE52}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{DE7B7BD6-6ACB-4277-A61C-21E339FB829D}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{A8FADC6E-1D67-4223-9C3C-FC279F374E74}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{EE9057E0-8D75-4828-9844-6F3D73BCF84A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{90F12E42-3822-4C15-B0E5-D0537766EC18}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{AF713D53-FF7A-48FA-BF77-91942B6A6D17}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{C799949A-A3A2-4E75-B318-976249D916D2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1D685090-B2A5-4620-886B-EF3160A89253}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{19AEE7BF-4967-4DFE-BC3B-FA6C0C90DC68}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager

"{7F43F8B1-DBE4-42F9-875E-36AB1997C82D}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager

"{5143D5AE-3289-4EC6-BB38-5533E196A6B5}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio

"{237BC40E-17ED-45B9-AE9A-1F2A58A0B174}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio

"{25F2628A-0C10-4B1C-A8FD-17ACF9B64683}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile

"{1087A48B-947D-49C6-853E-FB372412E9B7}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile

"{DC13B10E-DF64-4B2B-98C2-0D600DA474DC}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi

"{0970B445-3F86-493B-83C8-8AAEB24B61D8}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi

"TCP Query User{29DD76C2-9E91-4D4D-8ADE-F2FB86049FE9}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{E132A39D-A1DE-49C9-88D0-086D7872450C}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"TCP Query User{7E62582A-13D8-480C-AB0D-610F0E4CA441}C:\\program files\\chami\\html-kit\\bin\\htmlkit.exe"= Disabled:UDP:C:\program files\chami\html-kit\bin\htmlkit.exe:HTML-Kit

"UDP Query User{CDBC078E-EC4F-481E-88AD-9EB5CDAC0FA5}C:\\program files\\chami\\html-kit\\bin\\htmlkit.exe"= Disabled:TCP:C:\program files\chami\html-kit\bin\htmlkit.exe:HTML-Kit

"{3623234D-0382-483A-943F-023F2DC9C8E5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{D479CC39-DA96-4007-90FE-E4384B9C4D51}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{57F11785-5289-47BE-87E6-F21C0903D0E1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{285C6329-F0FE-49FD-B714-BC7BE8C29537}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{E7D2E8C7-24CC-4152-9F9F-D41F8D454F47}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"{D9D71F2A-D205-4F3B-BC25-75E6274DDD3A}"= Disabled:UDP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process

"{66BFD197-9A2D-4425-8B0D-09EA1EE99DF4}"= Disabled:TCP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process

"{4E37BC9A-B052-494D-8256-5AE2C0900F94}"= UDP:C:\Users\Ingrid\AppData\Local\Temp\SIT26933.tmp\setup.exe:setup

"{278E87D3-8B90-44E8-AC8F-4279840B7274}"= TCP:C:\Users\Ingrid\AppData\Local\Temp\SIT26933.tmp\setup.exe:setup

"{86486FE6-45F3-437B-86EC-E80E7D4931A4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{963CBA10-B7F6-4C42-B09F-E559CEBEB6D2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{EE663751-CD7D-4BBF-A635-4863AB6A258A}F:\\old timer tennis 2\\ott2.exe"= UDP:F:\old timer tennis 2\ott2.exe:OTT2

"UDP Query User{498552E6-F497-4AA0-BA5C-99FC542A8F6C}F:\\old timer tennis 2\\ott2.exe"= TCP:F:\old timer tennis 2\ott2.exe:OTT2

"TCP Query User{33014E3D-D00F-419C-BAF9-5F416F5745D5}C:\\program files\\trackmania united\\tmunited.exe"= UDP:C:\program files\trackmania united\tmunited.exe:TmUnited

"UDP Query User{A49E2272-6C0F-410A-BBCF-F316C254306D}C:\\program files\\trackmania united\\tmunited.exe"= TCP:C:\program files\trackmania united\tmunited.exe:TmUnited

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]

R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys [2008-09-12 95888]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]

R2 VaultClientSRV;Telio Backup Manager Service;C:\Program Files\Telio Backup Manager\VaultClientSRV.exe [2008-05-16 982064]

R2 VaultClientUpgrade;Backup Manager Upgrade Service;C:\Program Files\Telio Backup Manager\VaultClientUpgrade.exe [2008-05-16 56368]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fae6f29e-eecf-11dc-b771-001c23984931}]

\shell\AutoRun\command - StartPortableApps.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fae6f2a3-eecf-11dc-b771-001c23984931}]

\shell\AutoRun\command - H:\LaunchU3.exe -a

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\md6qdln6.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://mail.google.com/mail/?auth=DQAAAHEAAAA2mIClVido9FazkyrVEfrlHlwPbysSW-xbmxOrvaaqyQ-oJbZ-8ZR56pcyL3wxEPL3uY_yzpLSRUzvlm9ntb-lpWS4aRMVbaMpbjo4c3Lb8EpG6h4vU0lX5tdftmTL5h43dwPKK2_f_SR2C_qrlFCKLhntz0o648O1FnuiSNUoYA&gausr=iviksmo%40gmail.com&shva=1

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-26 23:01:08

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

**************************************************************************

.

Completion time: 2008-09-26 23:04:08

ComboFix-quarantined-files.txt 2008-09-26 21:03:04

 

Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Post-Run: 34,104,885,248 byte ledig

 

245 --- E O F --- 2008-09-26 12:39:57

 

Hijackthis

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:53:47, on 27.09.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Telio Backup Manager\VaultClientTray.exe

C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe

C:\Users\Ingrid\Desktop\test\test.exe

C:\Windows\system32\Taskmgr.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?auth=DQAAAHEA....com&shva=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [TrayStartup] C:\Program Files\Telio Backup Manager\VaultClientTray.exe

O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe

O4 - HKCU\..\Run: [seaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Canon LBP2900 Statusvindu.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...indows-i586.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Telio Backup Manager Service (VaultClientSRV) - TELIO - C:\Program Files\Telio Backup Manager\VaultClientSRV.exe

O23 - Service: Backup Manager Upgrade Service (VaultClientUpgrade) - TELIO - C:\Program Files\Telio Backup Manager\VaultClientUpgrade.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 10210 bytes

Endret 27. september 2008 av Rockie

[r2d290]

En tråd som har gått i glemmeboken...

 

Hvordan går det med maskinen?

[hakonvl]

En tråd som har gått i glemmeboken...

 

Hvordan går det med maskinen?

Treig nok. Fant ut at det ene programmet er noe med Roxio og gjøre. Kan være at det er infiltrert for har ikke opplevd at det bruker så mye ressurser.