Sjekke logger - Internettproblem

KolonP · 1. november 2008

Internettet slutter å virke av og til. Mistanke om malware.

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:56, on 2008-11-01

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\regx32.exe

C:\Windows\system32\CF2792.exe

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Program Files\Opera\opera.exe

C:\Windows\system32\SearchFilterHost.exe

C:\ComboFix\Catchme.tmp

C:\Users\leif gunnar\Desktop\HiJackThis.exe

C:\ComboFix\pv.cfexe

C:\ComboFix\sed.cfexe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [TrialReset] C:\Windows\regx32.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe

--

End of file - 5374 bytes

Combofix:

ComboFix 08-10-31.02 - leif gunnar 2008-11-01 14:52:35.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1342 [GMT 1:00]

Running from: C:\Users\leif gunnar\AppData\Local\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

* Created a new restore point

* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))

.

2008-11-01 14:44 . 2008-11-01 14:44 <DIR> d-------- C:\Program Files\Trend Micro

2008-10-29 16:12 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll

2008-10-29 16:12 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll

2008-10-29 16:12 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll

2008-10-27 16:04 . 2008-10-27 16:04 <DIR> d-------- C:\Program Files\Java

2008-10-27 16:04 . 2008-10-27 16:04 410,976 --a------ C:\Windows\System32\deploytk.dll

2008-10-26 14:45 . 2008-10-26 14:45 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-10-25 22:17 . 2008-10-25 22:17 <DIR> d-------- C:\Users\leif gunnar\AppData\Roaming\Sony

2008-10-25 22:17 . 2008-10-25 22:17 <DIR> d-------- C:\Users\leif gunnar\AppData\Roaming\Publish Providers

2008-10-25 22:17 . 2008-10-25 22:17 <DIR> d-------- C:\Users\All Users\TEMP

2008-10-25 22:17 . 2008-10-25 22:17 <DIR> d-------- C:\ProgramData\TEMP

2008-10-25 22:13 . 2008-10-25 22:13 <DIR> d-------- C:\Users\All Users\Sony

2008-10-25 22:13 . 2008-10-25 22:13 <DIR> d-------- C:\ProgramData\Sony

2008-10-25 22:13 . 2008-10-25 22:13 <DIR> d-------- C:\Program Files\Vstplugins

2008-10-25 21:45 . 2008-10-25 21:45 <DIR> d-------- C:\Program Files\Sony

2008-10-25 21:41 . 2008-10-25 21:41 <DIR> d-------- C:\Program Files\Sony Setup

2008-10-25 21:21 . 2008-10-25 21:21 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2008-10-25 19:11 . 2008-10-25 19:11 <DIR> d-------- C:\Users\All Users\VIZ_MPS

2008-10-25 19:11 . 2008-10-25 19:11 <DIR> d-------- C:\ProgramData\VIZ_MPS

2008-10-25 19:11 . 2008-10-25 19:11 <DIR> d-------- C:\Program Files\Vizky

2008-10-23 21:22 . 2008-10-23 21:22 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-10-23 21:21 . 2008-10-23 21:21 <DIR> d-------- C:\Users\All Users\Apple Computer

2008-10-23 21:21 . 2008-10-23 21:21 <DIR> d-------- C:\Users\All Users\Apple

2008-10-23 21:21 . 2008-10-23 21:21 <DIR> d-------- C:\ProgramData\Apple Computer

2008-10-23 21:21 . 2008-10-23 21:21 <DIR> d-------- C:\ProgramData\Apple

2008-10-23 21:21 . 2008-10-23 21:22 <DIR> d-------- C:\Program Files\QuickTime

2008-10-23 21:21 . 2008-10-23 21:21 <DIR> d-------- C:\Program Files\Apple Software Update

2008-10-23 20:08 . 2008-10-23 20:14 220 --a------ C:\Windows\Lexstat.ini

2008-10-23 20:06 . 2008-10-23 20:08 <DIR> d-------- C:\Program Files\Lexmark Z500-Z600 Series

2008-10-23 20:05 . 2008-10-23 20:05 <DIR> d-------- C:\drivers

2008-10-18 19:13 . 2006-10-26 18:56 32,592 --a------ C:\Windows\System32\msonpmon.dll

2008-10-18 19:10 . 2008-10-18 19:10 <DIR> d-------- C:\Program Files\Microsoft Works

2008-10-18 19:08 . 2008-10-18 19:08 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-10-18 19:05 . 2008-10-18 19:05 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8

2008-10-18 19:04 . 2008-10-24 14:58 <DIR> d-------- C:\Users\All Users\Microsoft Help

2008-10-18 19:04 . 2008-10-24 14:58 <DIR> d-------- C:\ProgramData\Microsoft Help

2008-10-18 19:00 . 2008-10-18 19:00 <DIR> dr-h----- C:\MSOCache

2008-10-18 13:15 . 2008-10-18 13:15 <DIR> d-------- C:\PerfLogs

2008-10-18 11:20 . 2008-08-05 10:49 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-10-18 11:20 . 2008-08-05 10:49 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-10-18 11:20 . 2008-08-05 10:48 217,088 --a------ C:\Windows\System32\psisrndr.ax

2008-10-18 11:20 . 2008-08-05 10:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax

2008-10-18 11:20 . 2008-08-05 10:48 80,896 --a------ C:\Windows\System32\MSNP.ax

2008-10-17 20:42 . 2008-11-01 14:24 12 --a------ C:\Windows\bthservsdp.dat

2008-10-17 17:16 . 2008-10-17 17:16 159,610 --a------ C:\Windows\Marsu-Fix 2.5 Uninstaller.exe

2008-10-17 17:14 . 2008-10-17 17:14 <DIR> d-------- C:\Users\All Users\ESET

2008-10-17 17:14 . 2008-10-17 17:14 <DIR> d-------- C:\ProgramData\ESET

2008-10-17 17:14 . 2008-10-17 17:14 <DIR> d-------- C:\Program Files\ESET

2008-10-16 14:51 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-10-16 14:51 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-10-16 14:51 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys

2008-10-16 14:51 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys

2008-10-16 14:50 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-10-16 14:50 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll

2008-10-13 19:07 . 2008-10-13 19:07 <DIR> d-------- C:\Program Files\Google

2008-10-12 14:24 . 2008-10-12 14:24 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter

2008-10-11 13:46 . 2008-10-12 12:27 <DIR> d-------- C:\Users\All Users\Trend Micro

2008-10-11 13:46 . 2008-10-12 12:27 <DIR> d-------- C:\ProgramData\Trend Micro

2008-10-10 19:11 . 2008-10-10 19:11 <DIR> d-------- C:\Users\leif gunnar\AppData\Roaming\JLC's Software

2008-10-10 19:10 . 2008-10-10 19:10 <DIR> d-------- C:\Program Files\JLC's Software

2008-10-10 18:26 . 2008-10-10 18:26 <DIR> d-------- C:\Users\leif gunnar\AppData\Roaming\vlc

2008-10-10 17:09 . 2008-10-10 17:09 <DIR> d-------- C:\Program Files\Microsoft ActiveSync

2008-10-10 17:08 . 2008-10-19 20:48 <DIR> d--h----- C:\Program Files\InstallShield Installation Information

2008-10-10 17:08 . 2008-10-19 20:41 <DIR> d-------- C:\Program Files\Common Files\InstallShield

2008-10-10 15:53 . 2008-11-01 14:28 <DIR> d-------- C:\Users\leif gunnar\AppData\Roaming\uTorrent

2008-10-10 15:53 . 2008-10-10 15:53 <DIR> d-------- C:\Program Files\uTorrent

2008-10-10 15:26 . 2008-10-10 15:28 <DIR> d-------- C:\Users\leif gunnar\AppData\Roaming\Winamp

2008-10-10 15:26 . 2008-10-10 15:27 <DIR> d-------- C:\Program Files\Winamp

2008-10-10 15:26 . 2007-03-08 00:51 129,784 --------- C:\Windows\System32\pxafs.dll

2008-10-10 14:55 . 2008-11-01 11:55 <DIR> d-------- C:\Program Files\Opera

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-18 18:10 --------- d-----w C:\Program Files\MSBuild

2008-10-18 12:29 --------- d-----w C:\Program Files\MSN Messenger

2008-10-18 12:26 174 --sha-w C:\Program Files\desktop.ini

2008-10-18 12:18 --------- d-----w C:\Program Files\Windows Sidebar

2008-10-18 12:18 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-10-18 12:18 --------- d-----w C:\Program Files\Windows Mail

2008-10-18 12:18 --------- d-----w C:\Program Files\Windows Journal

2008-10-18 12:18 --------- d-----w C:\Program Files\Windows Defender

2008-10-18 12:18 --------- d-----w C:\Program Files\Windows Collaboration

2008-10-18 12:18 --------- d-----w C:\Program Files\Windows Calendar

2008-10-18 11:59 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-10-18 11:59 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-10-11 13:13 --------- d-----w C:\Users\leif gunnar\AppData\Roaming\Yahoo!

2008-10-11 13:13 --------- d-----w C:\ProgramData\Yahoo!

2008-10-06 15:12 --------- d-----w C:\ProgramData\Skype

2008-09-25 15:08 --------- d-----w C:\Users\leif gunnar\AppData\Roaming\mIRC

2008-09-04 17:06 --------- d-----w C:\Users\leif gunnar\AppData\Roaming\ICAClient

2008-09-04 17:05 --------- d-----w C:\Program Files\Citrix

2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll

2008-02-05 19:35 32 ----a-w C:\Users\All Users\ezsid.dat

2008-02-05 19:35 32 ----a-w C:\ProgramData\ezsid.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]

"TrialReset"="C:\Windows\regx32.exe" [2008-07-03 285327]

"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{7326D1B5-5106-40F3-8289-96171716EB04}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{4B5A2D3E-63EC-44BC-A2D6-B06A7B88378C}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{38E424D8-227A-4921-B4DE-B96085C426D0}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{90FDACAD-0E31-42D8-A060-09547120919E}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"TCP Query User{190C6C42-B84D-42D6-8023-D4F39B18F678}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC

"UDP Query User{3D78ACF2-400C-49A0-96E7-0A71D2FE0A9A}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

"TCP Query User{12547B34-B818-4E35-ABD0-E01F135F4C2C}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{B00AD2C4-6E01-4626-ABC9-2DC5457FC365}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{9CB16831-D52B-4155-9BBA-250CEDF4D02B}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{347D7FF3-51DA-4679-83AA-5AD016D2670E}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"TCP Query User{B9F1781F-7585-47C2-A713-09302AAE9FA6}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{50B094E9-848F-40E8-AACC-1EA9225943BA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"{F5026374-34EF-440E-99C6-7BC3810AABC5}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{E5CF86D0-8DB1-4055-8CBE-57618F606E68}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger

"UDP Query User{CA54958B-67C4-45CE-ACAC-9DB162F88C7A}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger

"{A09DACD2-05DA-40CC-8544-869B4D2D3362}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{3A8D04EC-895F-4240-9DF2-88F1A493ACF7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{9CC5302D-D61A-40FB-8168-89BB57A63C8F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{D12D7125-86AA-4CC5-82D6-2CB6F5510FD5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{16801CD9-5135-47EE-8650-87073E82FCF5}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV

"UDP Query User{75182DF5-BCAA-437D-A43B-32108C54CC5B}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV

"{1570E4FD-2823-4464-B9B7-7D1FFD69716B}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{5CFC659E-886F-44B9-A6F0-7D3A81E90D23}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{F5A45C4F-F26D-44BD-A68D-8240C1117539}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{5EACAE3A-0E21-4A0B-9CE4-FA327A9FF508}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{169A664F-602D-47E3-99E7-3FB627C6ACFA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{7DCC86CC-C035-4719-8954-35136F64105C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{873CBDE0-FE71-4B0F-83E4-A5417C0CC46C}"= UDP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System

"{A1EEDF7D-D5C4-430D-B38D-0AD14A2227E7}"= TCP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System

"{E2EFC359-28C2-432F-93AE-BF47AF02BD1D}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window

"{970B737D-3E72-49BA-8863-EB7B274FC3D6}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]

R2 lxbc_device;lxbc_device;C:\Windows\system32\lxbccoms.exe [2007-03-16 537520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\leif gunnar\AppData\Roaming\Mozilla\Firefox\Profiles\la8qp6zg.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.startsiden.no/

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-01 14:55:53

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-11-01 14:57:26

ComboFix-quarantined-files.txt 2008-11-01 13:57:21

Pre-Run: 16 005 042 176 byte ledig

Post-Run: 16,013,529,088 byte ledig

187 --- E O F --- 2008-10-30 15:09:19

norbat · 1. november 2008

Kan ikke se noe spesielt i loggene dine.

Hva gjør du for å få internett til å virke når problemet oppstår?

KolonP · 1. november 2008

Venter til det virker igjen.

Hva med regx32.exe? Har googla navnet og ser ut som det er malware elns. Men tror det er den som gjør at trial versjonen av nod32 ikke går ut ... :hmm:

norbat · 1. november 2008

Er du i tvil om regx32.exe, så kan du lastet den opp på f.eks. virustotal for sjekk

Hvordan er nettoppkoblingen din satt opp (modem - trådløs ruter......)?

KolonP · 1. november 2008

http://www.virustotal.com/analisis/f066081...ebfba492ef21e9e

Tror ikke det er noe galt med nettoppkoblingen, siden det funker helt fint på andre pc-er i huset.

norbat · 1. november 2008

Fila virket grei, men om du bruker en crack? for å 'bruke NOD32' ut over prøveperioden, så anbefaler jeg deg å avinstallere hele programmet og eller betale evt. finne et alt. sikkerhetsprog. Kan jo være at problemet ditt er knyttet til denne virksomheten?

KolonP · 1. november 2008

Ja, brukte vel en crack, eller en "fix".

Tror jeg venter en dag og ser om det blir bedre og hvis det ikke blir det, så gjør jeg som du sier og finner noe annet.

Logg inn

Sjekke logger - Internettproblem

Anbefalte innlegg

KolonP

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

KolonP

Lenke til kommentar

norbat

Lenke til kommentar

KolonP

Lenke til kommentar

norbat

Lenke til kommentar

KolonP

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Elbil-tråden 1 2 3 4 1102

Hvem er aktive 0 medlemmer