Gjest Slettet-1ZSK0pUMX2 Skrevet 14. desember 2008 Del Skrevet 14. desember 2008 (endret) Hei, trenger noen av dere til og se over loggen for og finne ut om jeg trenger å gjøre noe mer. ComboFix loggen ComboFix 08-12-14.01 - Acer 2008-12-14 18:58:51.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.3062.1710 [GMT 1:00] Kjører fra: c:\users\Acer\Desktop\ComboFix.exe * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Internet Explorer\msimg32.dll c:\users\Acer\AppData\Roaming\.# c:\windows\system32\x64 c:\windows\system32\x64\csnp2uvc.dll c:\windows\system32\x64\rsnpvc64.dll c:\windows\system32\x64\sncduvc.sys c:\windows\system32\x64\snp2uvc.sys c:\windows\system32\x64\vsnpvc64.dll c:\windows\Temp\log.txt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-14 til 2008-12-14 ))))))))))))))))))))))))))))))))) . 2008-12-14 18:41 . 2008-12-14 18:41 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-12-14 18:41 . 2008-12-14 18:41 <DIR> d-------- c:\users\Acer\AppData\Roaming\Malwarebytes 2008-12-14 18:41 . 2008-12-14 18:41 <DIR> d-------- c:\programdata\Malwarebytes 2008-12-14 18:41 . 2008-12-14 18:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-14 18:41 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-14 18:41 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-12 17:58 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-12 01:07 . 2008-12-12 01:07 2,560 --a------ c:\windows\_MSRSTRT.EXE 2008-12-11 21:39 . 2008-12-11 21:39 <DIR> d-------- c:\users\All Users\Stardock 2008-12-11 21:39 . 2008-12-11 21:39 <DIR> d-------- c:\programdata\Stardock 2008-12-11 21:39 . 2008-12-11 21:39 <DIR> d-------- c:\program files\Stardock 2008-12-11 21:23 . 2008-12-11 21:23 <DIR> d--h-c--- c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-12-11 21:23 . 2008-12-11 21:23 <DIR> d--h-c--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-12-11 19:45 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-12-11 19:44 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-12-11 19:44 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-12-11 19:44 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-12-11 19:44 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-12-11 19:44 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-12-11 19:44 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-12-11 19:44 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-12-11 19:44 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-16 18:48 . 2008-11-16 18:56 <DIR> d-------- C:\My Documents . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-14 17:26 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-14 17:26 --------- d-----w c:\program files\Norman 2008-12-12 17:02 --------- d-----w c:\programdata\Microsoft Help 2008-12-12 17:02 --------- d-----w c:\program files\Windows Mail 2008-11-06 12:27 --------- d-----w c:\users\Gjest\AppData\Roaming\Teleca 2008-11-06 12:26 --------- d-----w c:\users\Gjest\AppData\Roaming\Sony Ericsson 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-23 17:47 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll 2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll 2008-10-14 19:09 --------- d-----w c:\program files\QuickTime 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-08 842248] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-11-21 c:\windows\SkyTel.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-08-28 739880] Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-04-22 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{5B8B6FFF-BADC-4184-80DC-D9D932B00E31}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{4CCC67E9-F22F-4CF8-B1B6-BD5033C8211B}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{7A320716-14D0-46D5-B98F-F5F870BDFCEE}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{02BC5A85-8759-4321-B418-681B140C9BD0}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{02CAD250-5DE5-4806-9CAF-7C12EC0562C6}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{8D71F6F9-947B-4D0D-9F42-195C923166E9}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{B40DD1E0-7F19-4660-B9F9-904206554EDA}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{887B82A5-B8CC-4454-89AE-31921DEEE956}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{7B015DE1-7A7C-409E-A62A-24788087A7AB}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{531BDA5E-A90F-4071-97A9-98A98D5B3667}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{7DB7ECDD-6C90-46E8-A8A6-F445068370E3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9A0E789C-278B-4164-9EE8-FE1CDB23D369}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4A0E6B8A-E063-443F-8748-68BEA49B04CE}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{098F8A63-CC67-413C-ABA3-DE5173C746DE}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{32675DC3-D81F-4288-BB20-30F906A3C1FA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 ALE_NF;Norman Firewall ALE driver;\??\c:\windows\system32\drivers\ale_nf.sys [2008-08-27 42552] R1 NPROSEC;Norman Security driver;\??\c:\program files\Norman\Ngs\bin\nprosec.sys [2008-08-27 53816] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-08-13 17:28:52 41456] R2 Ndiskio;Ndiskio;\??\c:\program files\Norman\Nse\bin\NDISKIO.SYS [2008-08-27 20448] R2 NPFSvc32;Norman Personal Firewall Service;"c:\program files\Norman\npf\bin\npfsvc32.exe" [2008-09-19 597104] R2 NPROSECSVC;Norman Security service;"c:\program files\Norman\Ngs\bin\NPROSEC.EXE" [2008-08-27 121912] R2 NVOY;Norman's Very Own supplY of resources;"c:\program files\Norman\npm\bin\nvoy.exe" [2008-08-27 121912] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-08-14 180736] R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-14 38496] R3 nsesvc;Norman Scanner Engine Service;"c:\program files\Norman\nse\bin\NSESVC.EXE" -daemon [2008-08-27 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2008-09-04 19512] R3 nvcoas;Norman Virus Control on-access component;"c:\program files\Norman\Nvc\bin\nvcoas.exe" [2008-08-27 191544] R3 NVCScheduler;Norman Virus Control Scheduler;"c:\program files\Norman\Npm\bin\NVCSCHED.EXE" [2008-08-27 154680] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-08-13 28464] S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2008-08-19 83336] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [2008-08-19 15112] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [2008-08-19 108680] S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s125mgmt.sys [2008-08-19 100488] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s125obex.sys [2008-08-19 98696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ *Newly Created Service* - CATCHME *Newly Created Service* - MBAMSWISSARMY *Newly Created Service* - PROCEXP90 . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-NPCTray - c:\program files\Norman\npc\bin\npc_tray.exe HKLM-Run-eRecoveryService - (no file) ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-14 19:04:28 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2008-12-14 19:09:56 ComboFix-quarantined-files.txt 2008-12-14 18:09:51 Pre-Run: 105 694 212 096 byte ledig Post-Run: 105,958,334,464 byte ledig 178 --- E O F --- 2008-12-12 17:02:36 Hijack This loggen Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:14:05, on 14.12.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\Elogsvc.exe C:\Program Files\Norman\Ngs\bin\NPROSEC.EXE C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\npf\bin\npfsvc32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Windows\system32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Windows\system32\svchost.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE C:\Program Files\Norman\Npm\bin\NJEEVES.EXE C:\Program Files\Norman\nse\bin\NSESVC.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Launch Manager\LManager.exe C:\Windows\system32\igfxext.exe C:\Windows\PLFSetL.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Norman\Nvc\Bin\Nip.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Norman\npf\bin\npfuser.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskeng.exe C:\Program Files\eatthisshitanddie\pukingatyou.cum\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: InternetExplorer Class - {D1E45498-D865-4E91-A579-D0AAD8D3B5A4} - C:\Program Files\Clue\Clue Add-in 7.0\Clue Addin.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Orion.lnk = C:\Convesoft\Orion\Messenger.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 10974 bytes MBAM logg Malwarebytes' Anti-Malware 1.31 Databaseversjon: 1500 Windows 6.0.6001 Service Pack 1 14.12.2008 18:53:28 mbam-log-2008-12-14 (18-53-28).txt Skanntype: Rask Skann Objekter skannet: 89888 Tid tilbakelagt: 8 minute(s), 49 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 7 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 3 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. Filer infisert: (Ingen mistenkelige filer funnet) Ser alt ok ut nå? Skanner såklart med antivirus i tillegg. Endret 15. desember 2008 av Slettet-1ZSK0pUMX2 Lenke til kommentar
norbat Skrevet 14. desember 2008 Del Skrevet 14. desember 2008 Loggene ser greie ut. Var det bare en sjekk eller har du mistanke om noe? Oppdager Java og Flash Player Lenke til kommentar
raWrz Skrevet 14. desember 2008 Del Skrevet 14. desember 2008 kan du oppdatere Mbam til nyeste verson under update taben ? også kjøre ny skann og post en ny combofix logg ? Lenke til kommentar
Tosha0007 Skrevet 14. desember 2008 Del Skrevet 14. desember 2008 submit: trur ikkje det er nødvendig. Tråden er dobbelposta og norbat godkjende den her Lenke til kommentar
raWrz Skrevet 14. desember 2008 Del Skrevet 14. desember 2008 aha det så jeg ikke Lenke til kommentar
Gjest Slettet-1ZSK0pUMX2 Skrevet 14. desember 2008 Del Skrevet 14. desember 2008 Hjertlig takk, var redd for om det var noe der. :> Lenke til kommentar
r2d290 Skrevet 14. desember 2008 Del Skrevet 14. desember 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på -knappen i førsteposten din. Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå