[Løst]Problem med treg pc, noen som kan ta en titt på loggene?:)

[LaviX]

Jeg har problemer med treg pc, etter at jeg fant ut at min bærbare pc hadde en trojaner søkte jeg gjennom denne pcn med Malwarebytes Anti-Malware,Combofix og HijackThis. Med MBAM tokk jeg et hurtig systemsøk og et fullstendig søk.

 

MBAM hurtig søk

 

Malwarebytes' Anti-Malware 1.31

Databaseversjon: 1471

Windows 5.1.2600 Service Pack 3

 

07.12.2008 18:33:46

mbam-log-2008-12-07 (18-33-46).txt

 

Skanntype: Rask Skann

Objekter skannet: 61945

Tid tilbakelagt: 10 minute(s), 22 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

Fullt søk

 

Malwarebytes' Anti-Malware 1.31

Databaseversjon: 1471

Windows 5.1.2600 Service Pack 3

 

07.12.2008 19:43:56

mbam-log-2008-12-07 (19-43-56).txt

 

Skanntype: Full Skann (C:\|)

Objekter skannet: 221900

Tid tilbakelagt: 1 hour(s), 9 minute(s), 23 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

ComboFix logg

 

ComboFix 08-12-06.06 - Lars Ivar 2008-12-07 19:47:44.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.622 [GMT 1:00]

Running from: c:\documents and settings\Lars Ivar\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\install.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))

.

 

2008-12-07 18:22 . 2008-12-07 18:22 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-12-07 18:22 . 2008-12-07 18:22 <DIR> d-------- c:\documents and settings\Lars Ivar\Programdata\Malwarebytes

2008-12-07 18:22 . 2008-12-07 18:22 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-12-07 18:22 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-07 18:22 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-07 00:18 . 2008-12-07 00:18 <DIR> d-------- c:\windows\Sun

2008-12-02 14:45 . 2008-12-02 14:45 <DIR> d-------- c:\programfiler\SEGA

2008-12-02 14:44 . 2008-12-02 14:44 <DIR> d-------- c:\documents and settings\Lars Ivar\Programdata\InstallShield

2008-12-02 13:48 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-02 13:48 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-12-02 13:47 . 2008-12-07 13:12 <DIR> d-------- c:\programfiler\Java

2008-12-02 12:37 . 2008-12-02 12:37 43,520 --a------ c:\windows\system32\CmdLineExt03.dll

2008-12-02 12:27 . 2008-12-02 12:27 <DIR> d-------- c:\programfiler\LucasArts

2008-11-24 21:11 . 2008-11-24 21:11 <DIR> d-------- c:\programfiler\Microsoft Works

2008-11-24 21:09 . 2008-11-24 21:09 <DIR> d-------- c:\programfiler\Microsoft.NET

2008-11-24 21:03 . 2008-11-24 21:05 <DIR> d-------- c:\windows\SHELLNEW

2008-11-24 21:02 . 2008-11-25 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\Microsoft Help

2008-11-24 21:01 . 2008-11-24 21:01 <DIR> dr-h----- C:\MSOCache

2008-11-22 15:43 . 2008-11-22 15:43 <DIR> d-------- c:\documents and settings\Lars Ivar\Programdata\Leadertech

2008-11-19 19:21 . 2008-11-19 19:21 <DIR> d-------- c:\documents and settings\All Users\Programdata\Fallout3

2008-11-19 19:20 . 2008-11-19 19:20 <DIR> d-------- c:\programfiler\Bethesda Softworks

2008-11-19 19:19 . 2008-11-19 19:19 <DIR> d-------- c:\programfiler\MSBuild

2008-11-19 19:16 . 2008-11-19 19:16 <DIR> d-------- c:\windows\system32\XPSViewer

2008-11-19 19:15 . 2008-11-19 19:15 <DIR> d-------- c:\programfiler\Reference Assemblies

2008-11-19 19:14 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2008-11-19 19:11 . 2008-11-19 19:11 <DIR> d-------- c:\windows\system32\xlive

2008-11-16 17:15 . 2008-11-16 17:15 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR

2008-11-16 17:11 . 2008-12-03 11:01 <DIR> d-------- c:\programfiler\NOS

2008-11-16 17:11 . 2008-12-03 11:01 <DIR> d-------- c:\documents and settings\All Users\Programdata\NOS

2008-11-12 21:41 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 21:41 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-10 22:36 . 2008-11-10 22:39 <DIR> d-------- c:\programfiler\GameShadow

2008-11-10 21:37 . 2008-11-10 21:37 <DIR> d-------- c:\programfiler\Eidos

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-07 18:53 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared

2008-12-07 18:17 --------- d-----w c:\documents and settings\All Users\Programdata\Symantec

2008-12-06 15:13 --------- d-----w c:\programfiler\World of Warcraft

2008-12-05 14:15 202,040 ----a-w c:\windows\system32\PnkBstrB.exe

2008-12-05 14:15 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-04 19:06 --------- d-----w c:\documents and settings\Lars Ivar\Programdata\Apple Computer

2008-12-04 14:50 --------- d-----w c:\documents and settings\Lars Ivar\Programdata\skypePM

2008-12-04 14:50 --------- d-----w c:\documents and settings\Lars Ivar\Programdata\Skype

2008-12-03 14:50 --------- d-----w c:\documents and settings\Lars Ivar\Programdata\uTorrent

2008-12-02 17:16 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-11-22 18:18 22,328 ----a-w c:\documents and settings\Lars Ivar\Programdata\PnkBstrK.sys

2008-11-22 18:17 682,280 ----a-w c:\windows\system32\pbsvc.exe

2008-11-22 18:17 66,872 ----a-w c:\windows\system32\PnkBstrA.exe

2008-11-22 14:34 --------- d-----w c:\programfiler\EA GAMES

2008-11-16 16:13 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-11-14 15:18 --------- d-----w c:\programfiler\Activision

2008-11-11 20:04 --------- d-----w c:\programfiler\Opera

2008-11-04 21:27 --------- d-----w c:\programfiler\7-Zip

2008-11-03 15:45 --------- d-----w c:\programfiler\YouTube Downloader

2008-11-03 15:45 --------- d-----w c:\programfiler\Windows Media Connect 2

2008-11-03 15:45 --------- d-----w c:\programfiler\AGEIA Technologies

2008-11-03 15:23 --------- d-----w c:\programfiler\Ubisoft

2008-11-03 15:23 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard

2008-11-02 12:23 --------- d-----w c:\documents and settings\Lars Ivar\Programdata\Turbine

2008-11-02 12:03 --------- d-----w c:\programfiler\Codemasters

2008-11-01 14:10 --------- d-----w c:\programfiler\Valve

2008-11-01 13:31 --------- d-----w c:\programfiler\Fellesfiler\InstallShield

2008-10-30 17:17 --------- d-----w c:\documents and settings\Lars Ivar\Programdata\Red Alert 3

2008-10-30 17:05 --------- d-----w c:\programfiler\Electronic Arts

2008-10-30 16:45 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet

2008-10-30 16:39 --------- d-----w c:\programfiler\Fellesfiler\Control Panels

2008-10-30 16:36 --------- d-----w c:\documents and settings\All Users\Programdata\ALM

2008-10-30 16:04 --------- d-----w c:\programfiler\Fellesfiler\Macrovision Shared

2008-10-27 17:40 --------- d-----w c:\programfiler\Game Cam V2

2008-10-26 21:16 --------- d-----w c:\programfiler\SystemRequirementsLab

2008-10-26 16:11 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-10-26 16:11 --------- d--h--r c:\documents and settings\Lars Ivar\Programdata\SecuROM

2008-10-26 15:44 --------- d-----w c:\programfiler\DAEMON Tools Lite

2008-10-26 15:42 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-10-26 15:42 --------- d-----w c:\documents and settings\Lars Ivar\Programdata\DAEMON Tools

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 18:10 --------- d-----w c:\programfiler\uTorrent

2008-10-23 15:10 --------- d-----w c:\programfiler\Blender Foundation

2008-10-23 15:10 --------- d-----w c:\documents and settings\Lars Ivar\Programdata\Blender Foundation

2008-10-22 15:53 --------- d-----w c:\documents and settings\Lars Ivar\Programdata\teamspeak2

2008-10-22 15:52 --------- d-----w c:\documents and settings\Lars Ivar\Programdata\Ventrilo

2008-10-22 15:51 --------- d-----w c:\programfiler\Ventrilo Mix

2008-10-17 16:04 --------- d-----w c:\documents and settings\All Users\Programdata\Blizzard

2008-10-16 20:10 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2008-10-16 20:10 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL

2008-10-16 20:10 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

2008-10-16 20:10 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2008-10-16 20:10 --------- d-----w c:\programfiler\Symantec

2008-10-16 16:41 --------- d-----w c:\documents and settings\Lars Ivar\Programdata\vlc

2008-10-16 13:30 --------- d-----w c:\programfiler\VideoLAN

2008-10-16 13:24 --------- d-----w c:\programfiler\Skype

2008-10-16 13:24 --------- d-----w c:\programfiler\Fellesfiler\Skype

2008-10-16 13:24 --------- d-----w c:\documents and settings\All Users\Programdata\Skype

2008-10-16 13:20 --------- d-----w c:\programfiler\Directx

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:10 --------- d-----w c:\programfiler\QuickTime

2008-10-16 13:10 --------- d-----w c:\programfiler\iTunes

2008-10-16 13:10 --------- d-----w c:\programfiler\iPod

2008-10-16 13:10 --------- d-----w c:\programfiler\Bonjour

2008-10-16 13:10 --------- d-----w c:\documents and settings\All Users\Programdata\Apple Computer

2008-10-16 13:10 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:09 --------- d-----w c:\programfiler\Fellesfiler\Apple

2008-10-16 13:09 --------- d-----w c:\programfiler\Apple Software Update

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 --------- d-----w c:\documents and settings\All Users\Programdata\Apple

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-16 12:57 --------- dcsh--w c:\programfiler\Fellesfiler\WindowsLiveInstaller

2008-10-16 12:57 --------- d-----w c:\programfiler\Windows Live

2008-10-16 12:50 --------- d-----w c:\documents and settings\All Users\Programdata\WLInstaller

2008-10-16 11:16 --------- d-----w c:\programfiler\Fellesfiler\Blizzard Entertainment

2008-10-16 10:31 --------- d-----w c:\programfiler\Norton Internet Security

2008-10-15 20:16 --------- d-----w c:\documents and settings\Lars Ivar\Programdata\Symantec

2008-10-15 20:15 --------- d-----w c:\programfiler\Windows Sidebar

2008-10-15 19:23 --------- d-----w c:\programfiler\microsoft frontpage

2008-10-15 19:21 --------- d-----w c:\programfiler\Fellesfiler\Tjenester

2008-10-15 19:21 --------- d-----w c:\programfiler\Elektroniske tjenester

2008-09-17 21:55 453,152 ----a-w c:\windows\system32\nvuninst.exe

2008-09-17 21:55 453,152 ----a-w c:\windows\system32\nvudisp.exe

2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"Steam"="c:\programfiler\Valve\Steam\Steam.exe" [2008-11-01 1410296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"osCheck"="c:\programfiler\Norton Internet Security\osCheck.exe" [2007-08-25 714608]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]

"Adobe_ID0EYTHM"="c:\progra~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\Programfiler\\Fellesfiler\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

"c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

 

R2 LiveUpdate Notice;LiveUpdate Notice;"c:\programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-25 149352]

R3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-15 99376]

 

*Newly Created Service* - COMHOST

*Newly Created Service* - JAVAQUICKSTARTERSERVICE

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

 

c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}

hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab

c:\windows\Downloaded Program Files\sysreqlab.osd

FireFox -: Profile - c:\documents and settings\Lars Ivar\Programdata\Mozilla\Firefox\Profiles\v8zw8m95.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.gamer.no/

FF -: plugin - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll

FF -: plugin - c:\programfiler\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\programfiler\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\programfiler\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\programfiler\Mozilla Firefox\plugins\np_gp.dll

FF -: plugin - c:\programfiler\Mozilla Firefox\plugins\npdeploytk.dll

FF -: plugin - c:\programfiler\Opera\program\plugins\np_gp.dll

FF -: plugin - c:\programfiler\Opera\program\plugins\NPOFF12.DLL

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-07 19:53:33

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-12-07 19:54:22

ComboFix-quarantined-files.txt 2008-12-07 18:54:07

 

Pre-Run: 84ÿ018ÿ225ÿ152 byte ledig

Post-Run: 87,497,519,104 byte ledig

 

254 --- E O F --- 2008-11-25 21:53:15

 

 

 

 

HijackThis logg

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:58:28, on 07.12.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

 

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programfiler\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FELLES~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [steam] "C:\Programfiler\Valve\Steam\Steam.exe" -silent

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Append to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1224166710656

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Programfiler\Fellesfiler\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 10183 bytes

 

 

 

er ikke sikker på om det ligger noe her, men hvis noen som har greie på dette hadde tatt en liten titt hadde det vært bra.

Hvis dette ikke er problemet, er det noen som har noen tips til hvordan jeg kan få pcn til å fungere litt bedre?

 

Takk på forhånd for svar!

[raWrz]

ser fint ut det

 

Combofix må avinstalleres.

 

Gå til Start > Kjør

Skriv følgende i boksen:

• ComboFix /u
  

PS: legg merke til mellomrommet mellom X og /u

 

Du skal nå ha noe som tilsvarer bildet nedenfor:

 

Trykk Enter.

 

Denne kommandoen vil:

• Fjerne følgende:
  • ComboFix og dets tilhørende filer og mapper.
    VundoFix backups, hvis de eksisterer.
    Mappen C:\Deckard, hvis den eksisterer
    Mappen C:\OtMoveIt, hvis den eksisterer
    

  [*] Nullstille klokke-instillingene.

   

  [*] Skjule filetternavn hvis det er nødvendig.

   

  [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

   

  [*] Nullstille systemgjennoprettingspunkter.

mbam kan du beholde

 

god jul

[LaviX]

ok tusen takk :!: