[Løst]Hjelp logg (HJT, MBAM og Combofix)

[Niern]

Trenger hjelp til å tyde loggene Har fulgt Norbat's guide til punkt å prikke.

 

Edit: Skult tekst fikset!

 

 

HJT

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:32:42, on 14.12.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

C:\Programfiler\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\test\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.catchgamer.no/?module=news

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [RegTool] C:\Programfiler\RegTool\RegTool.exe -boot

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

 

--

End of file - 5819 bytes

 

MBAM

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.31

Databaseversjon: 1499

Windows 5.1.2600 Service Pack 3

 

14.12.2008 15:09:43

mbam-log-2008-12-14 (15-09-43).txt

 

Skanntype: Rask Skann

Objekter skannet: 47273

Tid tilbakelagt: 1 minute(s), 37 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 3

Registerverdier infisert: 0

Registerfiler infisert: 1

Mapper infisert: 2

Filer infisert: 7

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

 

Mapper infisert:

C:\Programfiler\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Programfiler\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\Programfiler\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Programfiler\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Programfiler\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Programfiler\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Programfiler\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Programfiler\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Programfiler\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

 

Combofix

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-12-13.03 - 2008-12-14 15:25:28.1 - NTFSx86

Microsoft Windows XP Home Edition [GMT 1:00]

Kjører fra: c:\documents and settings\enem\Skrivebord\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-14 til 2008-12-14 )))))))))))))))))))))))))))))))))

.

 

2008-12-14 15:06 . 2008-12-14 15:06 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-12-14 15:06 . 2008-12-14 15:06 <DIR> d-------- c:\documents and settings\enem\Programdata\Malwarebytes

2008-12-14 15:06 . 2008-12-14 15:06 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-12-14 15:06 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-14 15:06 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-14 14:57 . 2008-12-14 14:57 <DIR> d-------- c:\programfiler\RegTool

2008-12-14 14:57 . 2008-12-14 14:57 <DIR> d-------- c:\documents and settings\enem\Programdata\RegTool

2008-12-14 14:53 . 2004-02-23 01:00 1,386,496 --a------ c:\windows\system32\MSVBVM60.DLL

2008-12-14 13:59 . 2008-12-14 13:59 200 --a------ C:\sqmnoopt11.sqm

2008-12-14 13:59 . 2008-12-14 13:59 200 --a------ C:\sqmdata11.sqm

2008-12-13 17:16 . 2008-12-13 17:16 657 --a------ c:\windows\wininit.ini

2008-12-13 17:01 . 2008-12-14 14:03 <DIR> d-------- c:\programfiler\Browser Hijack Recover

2008-12-13 17:01 . 2008-12-13 17:01 0 --a------ c:\windows\system32\8104297.jun

2008-12-13 16:57 . 2008-12-14 05:10 <DIR> d-------- c:\programfiler\Spybot - Search & Destroy

2008-12-13 16:57 . 2008-12-14 05:43 <DIR> d-------- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy

2008-12-13 16:31 . 2008-12-13 16:44 <DIR> d-------- c:\documents and settings\enem\Programdata\Juce VST Host

2008-12-12 15:56 . 2008-12-12 15:56 54,156 --ah----- c:\windows\QTFont.qfn

2008-12-12 15:56 . 2008-12-12 15:56 1,409 --a------ c:\windows\QTFont.for

2008-12-11 14:48 . 2008-09-26 09:52 10,384 --a------ c:\windows\system32\drivers\LBeepKE.sys

2008-12-11 14:47 . 2008-11-07 16:37 301,656 --a------ c:\windows\system32\BtCoreIf.dll

2008-12-11 14:47 . 2008-11-07 16:38 170,512 --a------ c:\windows\system32\kemutb.dll

2008-12-11 14:47 . 2008-11-07 16:38 145,936 --a------ c:\windows\system32\KemUtil.dll

2008-12-11 14:47 . 2008-11-07 16:38 117,264 --a------ c:\windows\system32\KemWnd.dll

2008-12-11 14:47 . 2008-11-07 16:38 84,496 --a------ c:\windows\system32\KemXML.dll

2008-12-11 14:46 . 2008-12-11 14:46 <DIR> d-------- c:\documents and settings\All Users\Programdata\Logitech

2008-12-10 23:34 . 2008-12-10 23:34 1,393 --a------ c:\windows\imsins.BAK

2008-12-09 17:01 . 2008-12-14 15:10 <DIR> dr-h----- c:\documents and settings\enem\Siste

2008-12-09 16:58 . 2008-12-13 15:54 <DIR> d-------- c:\programfiler\Yahoo!

2008-12-09 16:58 . 2008-12-09 16:58 <DIR> d-------- c:\programfiler\CCleaner

2008-12-08 16:46 . 2008-12-08 16:46 <DIR> d-------- c:\programfiler\ASIO4ALL v2

2008-12-06 15:43 . 2008-12-06 15:43 <DIR> d-------- c:\documents and settings\enem\Programdata\Songbird2

2008-12-06 15:43 . 2008-12-06 15:43 <DIR> d-------- c:\documents and settings\All Users\Programdata\SongbirdVLC

2008-12-06 15:42 . 2008-12-07 15:05 <DIR> d-------- c:\programfiler\Songbird

2008-11-28 23:51 . 2008-11-28 23:51 200 --a------ C:\sqmnoopt10.sqm

2008-11-28 23:51 . 2008-11-28 23:51 200 --a------ C:\sqmdata10.sqm

2008-11-28 23:46 . 2004-08-03 23:08 142,976 --a--c--- c:\windows\system32\dllcache\usbport.sys

2008-11-28 23:44 . 2008-02-23 09:20 <DIR> dr------- c:\documents and settings\Administrator\Start-meny

2008-11-28 23:44 . 2008-02-23 09:20 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere

2008-11-28 23:44 . 2008-02-23 09:20 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord

2008-11-28 23:44 . 2008-02-23 09:20 <DIR> d--h----- c:\documents and settings\Administrator\Siste

2008-11-28 23:44 . 2008-02-23 09:20 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata

2008-11-28 23:44 . 2008-02-23 09:20 <DIR> d-------- c:\documents and settings\Administrator\Mine dokumenter

2008-11-28 23:44 . 2008-02-23 01:36 <DIR> d--h----- c:\documents and settings\Administrator\Maler

2008-11-28 23:44 . 2008-12-14 15:26 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger

2008-11-28 23:44 . 2008-02-23 09:20 <DIR> d-------- c:\documents and settings\Administrator\Favoritter

2008-11-28 23:44 . 2008-02-23 09:20 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask

2008-11-28 23:44 . 2008-11-28 23:44 <DIR> d-------- c:\documents and settings\Administrator

2008-11-26 16:28 . 2008-11-26 16:28 <DIR> d-------- c:\windows\system32\no

2008-11-26 16:28 . 2008-11-26 16:28 <DIR> d-------- c:\windows\system32\nb-no

2008-11-26 16:28 . 2008-11-26 16:28 <DIR> d-------- c:\windows\system32\bits

2008-11-26 16:28 . 2008-11-26 16:28 <DIR> d-------- c:\windows\l2schemas

2008-11-26 16:26 . 2008-11-26 16:26 <DIR> d-------- c:\windows\ServicePackFiles

2008-11-26 16:21 . 2008-11-26 16:21 <DIR> d-------- c:\windows\EHome

2008-11-23 16:50 . 2008-08-14 14:27 2,190,976 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-11-23 16:50 . 2008-08-14 14:27 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-11-23 16:50 . 2008-08-14 14:27 2,067,840 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-11-23 16:50 . 2008-08-14 14:27 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-11-23 16:50 . 2008-09-15 16:29 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

2008-11-23 16:50 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-11-23 16:49 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-23 16:49 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-11-20 23:03 . 2008-11-20 23:03 <DIR> d-------- c:\windows\system32\Adobe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-14 14:12 --------- d-----w c:\programfiler\Steam

2008-12-14 13:14 --------- d-----w c:\documents and settings\enem\Programdata\Azureus

2008-12-13 15:25 --------- d-----w c:\programfiler\RivaTuner v2.06

2008-12-13 14:53 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-12-13 01:09 --------- d-----w c:\documents and settings\enem\Programdata\mIRC

2008-12-12 18:46 --------- d-----w c:\programfiler\mIRC

2008-12-11 21:50 --------- d-----w c:\programfiler\Azureus

2008-12-11 21:06 201,352 ----a-w c:\windows\system32\PnkBstrB.exe

2008-12-11 21:06 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-11 13:47 --------- d-----w c:\programfiler\Fellesfiler\Logishrd

2008-12-11 13:46 --------- d-----w c:\programfiler\Logitech

2008-12-09 17:19 413,696 ----a-w c:\windows\system32\wrap_oal.dll

2008-12-09 17:19 110,592 ----a-w c:\windows\system32\OpenAL32.dll

2008-12-08 15:49 --------- d-----w c:\programfiler\Image-Line

2008-12-08 15:43 --------- d-----w c:\programfiler\Vstplugins

2008-11-18 22:10 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP

2008-11-13 22:53 --------- d-----w c:\programfiler\DivX

2008-11-13 22:52 --------- d-----w c:\documents and settings\enem\Programdata\AVGTOOLBAR

2008-11-06 12:19 --------- d-----w c:\programfiler\NOS

2008-11-06 12:19 --------- d-----w c:\documents and settings\All Users\Programdata\NOS

2008-11-05 18:19 --------- d-----w c:\programfiler\Fellesfiler\Adobe AIR

2008-11-05 18:19 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2008-11-04 20:55 --------- d-----w c:\programfiler\VideoLAN

2008-11-04 15:44 --------- d-----w c:\programfiler\World of Warcraft

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-20 15:35 --------- d-----w c:\programfiler\id Software

2008-10-18 17:10 --------- d-----w c:\programfiler\OpenAL

2008-10-18 01:59 --------- d-----w c:\programfiler\MAXBrowse

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-16 01:02 665,600 ----a-w c:\windows\system32\wininet.dll

2008-10-15 18:51 --------- d-----w c:\programfiler\Fellesfiler\Blizzard Entertainment

2008-10-15 18:35 --------- d-----w c:\documents and settings\All Users\Programdata\Blizzard

2008-10-10 13:46 69,632 ----a-w c:\windows\KHALMNPR.Exe

2008-10-07 21:34 10,520 ----a-w c:\windows\system32\avgrsstx.dll

2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-09-16 19:27 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344]

"Steam"="c:\programfiler\steam\steam.exe" [2008-10-07 1410296]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

"SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"RegTool"="c:\programfiler\RegTool\RegTool.exe" [2008-12-10 30106888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-12-11 809488]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-11-07 16:41 72208 c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Color Calibration.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Color Calibration.lnk

backup=c:\windows\pss\Color Calibration.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Highlight Agent.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Highlight Agent.lnk

backup=c:\windows\pss\Highlight Agent.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^MagicTune 3.5.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\MagicTune 3.5.lnk

backup=c:\windows\pss\MagicTune 3.5.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^NaturalColorLoad.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\NaturalColorLoad.lnk

backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^enem^Start-meny^Programmer^Oppstart^PowerReg Scheduler V3.exe]

path=c:\documents and settings\enem\Start-meny\Programmer\Oppstart\PowerReg Scheduler V3.exe

backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^enem^Start-meny^Programmer^Oppstart^Steamstart.bat.txt]

path=c:\documents and settings\enem\Start-meny\Programmer\Oppstart\Steamstart.bat.txt

backup=c:\windows\pss\Steamstart.bat.txtStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABIT uGuruIII]

--a------ 2007-02-01 15:18 421888 c:\programfiler\U-ABIT\abitEQ\abiteq.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2007-03-09 10:09 63712 c:\programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\programfiler\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

--a------ 2008-11-27 13:27 1261336 c:\progra~1\AVG\AVG8\avgtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2008-04-14 17:22 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 17:23 1695232 c:\programfiler\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-09-17 08:55 13574144 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-09-17 08:55 86016 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-10-19 19:16 286720 c:\programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

--------- 2008-02-20 17:20 356352 c:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 03:25 144784 c:\programfiler\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

--a------ 2008-10-10 14:46 69632 c:\windows\KHALMNPR.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-09-17 08:55 1657376 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-01-30 11:54 16116224 c:\windows\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Steam\\steamapps\\nemmela_70\\counter-strike\\hl.exe"=

"c:\\Programfiler\\mIRC\\mirc.exe"=

"c:\\Programfiler\\U-ABIT\\FlashMenu\\flashmenu.exe"=

"c:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Programfiler\\Steam\\steamapps\\nemmela_70\\dedicated server\\hltv.exe"=

"c:\\Programfiler\\Azureus\\Azureus.exe"=

"c:\\Programfiler\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"c:\\Programfiler\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"c:\\Documents and Settings\\enem\\Mine dokumenter\\Azureus Downloads\\q3a\\Quake3\\quake3.exe"=

"c:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\Steam\\Steam.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\id Software\\Quake 4\\Quake4.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:Blizzard Downloader:

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"27020:TCP"= 27020:TCP:Cs

"27015:TCP"= 27015:TCP:cs2

"27016:TCP"= 27016:TCP:cs3

"27017:TCP"= 27017:TCP:cs4

"1200:UDP"= 1200:UDP:cs5

"27015:UDP"= 27015:UDP:cs6

"27016:UDP"= 27016:UDP:cs7

"27017:UDP"= 27017:UDP:cs8

"27018:UDP"= 27018:UDP:cs9

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-07 97928]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-07 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-07 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-07 76040]

R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-09-22 56344]

R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2008-12-11 10384]

S3 ABIT-IO;ABIT-IO;\??\c:\programfiler\U-ABIT\abitEQ\ABIT-IO.sys [2008-02-23 4608]

S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\DRIVERS\fantom.sys [2007-05-30 39424]

S3 fsssvc;Windows Live Tryggere for familien;"c:\programfiler\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536]

S3 Memctl;Memctl;\??\c:\programfiler\U-ABIT\FlashMenu\Memctl.sys [2008-02-23 4047]

S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2008-06-27 83880]

S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2008-06-27 15016]

S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2008-06-27 110632]

S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2008-06-27 104616]

S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2008-06-27 25512]

S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2008-06-27 100648]

S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2008-06-27 110120]

 

*Newly Created Service* - PROCEXP90

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2008-12-14 c:\windows\Tasks\RegTool Scan.job

- c:\programfiler\RegTool\RegTool.exe [2008-12-10 09:39]

 

2008-12-14 c:\windows\Tasks\RegTool Scan.job

- c:\programfiler\RegTool [2008-12-14 14:57]

.

- - - - TOMME PEKERE FJERNET - - - -

 

BHO-{B0DCCBDF-772F-4F5F-94B7-3C8496D248FD} - (no file)

WebBrowser-{B0DCCBDE-772F-4F5F-94B7-3C8496D248FD} - (no file)

MSConfigStartUp-amd_dc_opt - c:\programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe

MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.catchgamer.no/?module=news

FF - ProfilePath - c:\documents and settings\enem\Programdata\Mozilla\Firefox\Profiles\r29h8pmi.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.catchgamer.no/?module=news

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np_gp.dll

FF - plugin: c:\programfiler\Yahoo!\Common\npyaxmpb.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-14 15:26:52

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(828)

c:\windows\system32\avgrsstx.dll

c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll

c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll

 

- - - - - - - > 'lsass.exe'(932)

c:\windows\system32\avgrsstx.dll

.

Tidspunkt ferdig: 2008-12-14 15:27:37

ComboFix-quarantined-files.txt 2008-12-14 14:27:25

 

Pre-Run: 153 429 118 976 byte ledig

Post-Run: 153,426,104,320 byte ledig

 

295 --- E O F --- 2008-12-11 13:36:21

Endret 14. desember 2008 av Niern

[norbat]

Loggene ser greie ut.

 

Du bør imidlertid sjekke oppdateringer for div.

 

Windows Update (start->alle programmer->windows update)

Java

Flash player

[Niern]

Loggene ser greie ut.

 

Du bør imidlertid sjekke oppdateringer for div.

 

Windows Update (start->alle programmer->windows update)

Java

Flash player

 

Takk Norbat ; )

[r2d290]

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på -knappen i førsteposten din.

 

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

 

-Surf trygt-

[Niern]

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på -knappen i førsteposten din.

 

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

 

-Surf trygt-

 

Oh glemte meg