media-tower Skrevet 7. januar 2009 Del Skrevet 7. januar 2009 Håppet noen kunne se om disse er ok. Fra mbam-log-2009-01-07 (02-03-24) Klikk for å se/fjerne innholdet nedenfor <Malwarebytes' Anti-Malware 1.32Databaseversjon: 1625 Windows 5.1.2600 07.01.2009 01:54:39 mbam-log-2009-01-07 (01-54-39).txt Skanntype: Rask Skann Objekter skannet: 46422 Tid tilbakelagt: 4 minute(s), 53 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) > Fra cambo fix Klikk for å se/fjerne innholdet nedenfor <ComboFix 09-01-05.05 - Dark 2009-01-07 2:09:55.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.1023.672 [GMT -8:00] Running from: c:\documents and settings\Dark\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\sfk.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ISODRIVE -------\Service_ISODrive ((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 ))))))))))))))))))))))))))))))) . 2009-01-07 02:13 . 2009-01-07 02:13 <DIR> d-------- c:\program files\microsoft frontpage 2009-01-07 01:47 . 2009-01-07 01:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-07 01:47 . 2009-01-07 01:47 <DIR> d-------- c:\documents and settings\Dark\Application Data\Malwarebytes 2009-01-07 01:47 . 2009-01-07 01:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-07 01:47 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-07 01:47 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-07 00:08 . 2009-01-07 00:08 <DIR> d-------- c:\windows\Profiles 2009-01-07 00:08 . 2009-01-07 00:08 <DIR> d-------- c:\documents and settings\Dark\Application Data\InterTrust 2009-01-06 04:10 . 2009-01-06 12:44 <DIR> d-------- c:\program files\EA GAMES 2009-01-05 23:43 . 2009-01-06 07:45 <DIR> d-------- c:\program files\Croteam 2009-01-05 21:02 . 2009-01-06 04:56 <DIR> d-------- c:\program files\CAPCOM 2009-01-05 20:43 . 2009-01-06 23:41 959 --a------ C:\rollback.ini 2009-01-04 20:23 . 2009-01-04 20:23 0 --a------ c:\windows\nsreg.dat 2009-01-04 09:57 . 2009-01-04 09:57 <DIR> d-------- c:\program files\Ubi Soft 2009-01-04 09:57 . 2002-12-18 08:31 140,488 --a------ c:\windows\system32\comdlg32.ocx 2009-01-04 09:57 . 2002-12-18 08:31 115,016 --a------ c:\windows\system32\MSINET.OCX 2009-01-04 09:57 . 2002-12-18 08:31 89,360 --a------ c:\windows\system32\VB5DB.DLL 2009-01-04 09:57 . 2002-12-18 08:31 69,632 --a------ c:\windows\system32\xmltok.dll 2009-01-04 09:57 . 2002-12-18 08:31 36,864 --a------ c:\windows\system32\xmlparse.dll 2009-01-04 09:57 . 2002-12-18 08:31 35,840 --a------ c:\windows\system32\comdlg32.oca 2009-01-04 09:57 . 2002-12-18 08:31 29,184 --a------ c:\windows\system32\MSINET.oca 2009-01-04 09:57 . 2002-12-18 08:31 26,088 --a------ c:\windows\system32\xmlinst.exe 2009-01-04 09:57 . 2002-12-18 08:31 24,576 --a------ c:\windows\system32\msxml3a.dll 2009-01-04 08:11 . 1999-12-17 10:13 86,016 --a------ c:\windows\unvise32.exe 2009-01-04 07:47 . 2009-01-04 07:49 <DIR> d-------- c:\windows\nview 2009-01-04 07:47 . 2009-01-04 07:47 <DIR> d-------- C:\NVIDIA 2009-01-04 07:47 . 2006-10-22 15:06 208,896 --a------ c:\windows\system32\NVUNINST.EXE 2009-01-04 07:47 . 2006-10-22 12:22 208,896 --a------ c:\windows\system32\nvudisp.exe 2009-01-04 07:47 . 2009-01-07 02:14 88,566 --a------ c:\windows\system32\nvapps.xml 2009-01-04 07:47 . 2006-10-22 12:22 17,056 --a------ c:\windows\system32\nvdisp.nvu 2009-01-04 07:31 . 2009-01-04 07:51 <DIR> d-------- c:\documents and settings\Dark\Application Data\AquaNox 2009-01-04 06:30 . 2009-01-04 06:30 2,560 --a------ c:\windows\_MSRSTRT.EXE 2009-01-04 04:54 . 2009-01-04 04:54 <DIR> d-------- c:\program files\Alcohol Soft 2009-01-04 04:52 . 2009-01-04 04:52 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-04 04:32 . 2009-01-07 00:08 <DIR> d-------- c:\program files\Common Files\Adobe 2009-01-04 04:13 . 2009-01-04 04:13 <DIR> d-------- c:\program files\UltraISO 2009-01-04 04:13 . 2009-01-04 04:13 <DIR> d-------- c:\program files\Common Files\EZB Systems 2009-01-03 07:54 . 2009-01-03 08:25 <DIR> d-------- c:\windows\lastCall 2009-01-03 06:24 . 2009-01-04 08:06 <DIR> d-------- C:\Games 2009-01-03 06:04 . 2009-01-03 06:04 <DIR> d-------- c:\windows\LogFiles 2009-01-03 03:58 . 2009-01-06 08:56 <DIR> d-------- c:\program files\GameSpy Arcade 2009-01-03 03:36 . 2009-01-03 03:50 46,661 --a------ c:\windows\AWARE40.MCH 2009-01-03 03:34 . 2009-01-03 03:50 <DIR> d-------- c:\windows\A4W_DATA 2009-01-03 03:33 . 2009-01-03 03:33 <DIR> d-------- c:\documents and settings\Dark\WINDOWS 2009-01-02 08:46 . 2009-01-02 08:46 <DIR> d-------- c:\program files\CCleaner 2009-01-02 01:40 . 2009-01-02 06:48 52 --a------ c:\windows\mafosav.INI 2009-01-02 01:38 . 2009-01-02 01:38 <DIR> d-------- c:\program files\Mario Forever 2009-01-01 06:57 . 2009-01-01 06:57 <DIR> d-------- C:\speedeBooks 2009-01-01 06:28 . 2009-01-01 06:28 <DIR> d--h----- c:\windows\system32\GroupPolicy 2008-12-31 19:42 . 2008-12-31 19:42 20,480 --a------ c:\windows\system32\jum.exe 2008-12-31 17:05 . 2008-12-31 17:05 <DIR> d-------- c:\program files\OpenAL 2008-12-31 17:05 . 2008-12-31 17:05 409,600 --a------ c:\windows\system32\wrap_oal.dll 2008-12-31 17:05 . 2008-12-31 17:05 114,688 --a------ c:\windows\system32\OpenAL32.dll 2008-12-31 16:05 . 2008-12-31 16:05 0 -ra------ c:\windows\system32\TFTP700 2008-12-31 15:14 . 2008-12-31 15:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia 2008-12-31 01:05 . 2001-08-23 07:00 75,264 ---h---t- c:\windows\system32\2342f810.dll 2008-12-30 23:22 . 2008-12-30 23:22 <DIR> d-------- c:\program files\VS Revo Group 2008-12-30 21:20 . 2008-12-30 21:20 0 -ra------ c:\windows\system32\TFTP204 2008-12-30 15:59 . 2008-12-30 15:59 0 -ra------ c:\windows\system32\TFTP508 2008-12-30 02:33 . 2008-12-30 02:33 0 -ra------ c:\windows\system32\TFTP2848 2008-12-29 23:19 . 2008-12-29 23:19 0 -ra------ c:\windows\system32\TFTP2004 2008-12-29 17:54 . 2008-12-29 17:54 0 -ra------ c:\windows\system32\TFTP644 2008-12-29 16:38 . 2008-12-29 17:55 173,036 --a------ c:\windows\system32\pzt.exe 2008-12-29 11:24 . 2008-12-29 11:24 0 -ra------ c:\windows\system32\TFTP200 2008-12-29 03:20 . 2008-12-29 03:20 <DIR> d-------- c:\documents and settings\Dark\Application Data\Cool Record Edit Pro 2008-12-29 01:55 . 2008-12-29 01:55 0 -ra------ c:\windows\system32\TFTP336 2008-12-29 00:33 . 2008-12-29 00:33 <DIR> d--h----- c:\windows\PIF 2008-12-28 21:28 . 2008-12-28 21:45 <DIR> d-------- C:\Mgame 2008-12-28 18:34 . 2008-12-28 18:34 <DIR> d-------- c:\documents and settings\Dark\Application Data\vlc 2008-12-28 18:11 . 2008-12-28 18:11 <DIR> d-------- c:\program files\Macromedia 2008-12-28 18:11 . 2009-01-06 12:44 <DIR> d--h----- c:\program files\InstallShield Installation Information 2008-12-28 18:11 . 2008-12-28 18:11 <DIR> d-------- c:\program files\Common Files\Vbox 2008-12-28 18:11 . 2008-12-28 18:11 <DIR> d-------- c:\program files\Common Files\Macromedia 2008-12-28 18:11 . 2009-01-04 07:47 <DIR> d-------- c:\program files\Common Files\InstallShield 2008-12-28 14:41 . 2008-12-28 14:41 <DIR> d---s---- c:\windows\system32\Microsoft 2008-12-28 14:25 . 2008-12-28 14:25 <DIR> d-------- c:\documents and settings\Dark\Application Data\MailFrontier 2008-12-28 14:24 . 2009-01-07 02:14 6,599,968 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-28 14:24 . 2009-01-07 02:12 443,424 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2008-12-28 14:24 . 2009-01-07 02:12 93,572 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-28 14:24 . 2009-01-07 02:12 45,752 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2008-12-28 14:23 . 2008-12-28 14:23 <DIR> d-------- c:\program files\ZoneAlarmSB 2008-12-28 14:22 . 2008-12-28 14:22 <DIR> d-------- c:\program files\Zone Labs 2008-12-28 14:22 . 2008-12-28 14:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier 2008-12-28 14:21 . 2009-01-06 22:55 <DIR> d-------- c:\windows\Internet Logs 2008-12-28 14:21 . 2008-12-28 14:21 <DIR> d-------- c:\program files\uTorrent 2008-12-28 14:21 . 2009-01-03 02:38 <DIR> d-------- c:\program files\Internet Download Manager 2008-12-28 14:21 . 2009-01-07 02:14 <DIR> d-------- c:\documents and settings\Dark\Application Data\uTorrent 2008-12-28 14:21 . 2008-12-29 04:59 <DIR> d-------- c:\documents and settings\Dark\Application Data\IDM 2008-12-28 14:21 . 2009-01-07 02:12 <DIR> d-------- c:\documents and settings\Dark\Application Data\DMCache 2008-12-28 14:21 . 2009-01-07 02:13 352,918 --a------ c:\windows\system32\vsconfig.xml 2008-12-28 14:20 . 2008-12-28 14:20 <DIR> d-------- c:\program files\VideoLAN 2008-12-28 14:20 . 2008-12-29 03:20 <DIR> d-------- c:\program files\Free Sound Recorder 2008-12-28 14:18 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll 2008-12-28 14:17 . 2001-08-17 14:00 159,232 --a------ c:\windows\system32\drivers\kmixer.sys 2008-12-28 14:16 . 2008-12-28 14:16 <DIR> d-------- c:\program files\PCI Audio Applications 2008-12-28 14:16 . 2008-12-28 14:16 <DIR> d-------- c:\program files\C-Media 2008-12-28 14:16 . 2002-03-03 19:02 1,454,080 --a------ c:\windows\mixer.exe 2008-12-28 14:03 . 2001-08-17 14:03 21,760 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2008-12-28 14:01 . 2009-01-04 11:49 <DIR> d--hs---- c:\windows\Installer 2008-12-28 14:00 . 2009-01-06 12:48 <DIR> d-------- c:\documents and settings\Dark 2008-12-28 07:51 . 2008-12-28 07:51 <DIR> d-------- c:\documents and settings\Dark\Application Data\Free Sound Recorder . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-06 19:44 1,670,144 ----a-w c:\windows\Internet Logs\xDB1C.tmp 2009-01-06 19:44 1,246,208 ----a-w c:\windows\Internet Logs\xDB1B.tmp 2009-01-06 16:24 3,239,424 ----a-w c:\windows\Internet Logs\xDB19.tmp 2009-01-06 16:24 1,672,704 ----a-w c:\windows\Internet Logs\xDB1A.tmp 2009-01-06 06:43 2,924,544 ----a-w c:\windows\Internet Logs\xDB17.tmp 2009-01-06 06:43 1,654,272 ----a-w c:\windows\Internet Logs\xDB18.tmp 2009-01-04 12:31 3,084,800 ----a-w c:\windows\Internet Logs\xDB15.tmp 2009-01-04 12:31 1,547,264 ----a-w c:\windows\Internet Logs\xDB16.tmp 2009-01-04 08:15 685,568 ----a-w c:\windows\system32\opengl32.dll 2009-01-03 10:27 68,096 ----a-w c:\windows\Internet Logs\xDB13.tmp 2009-01-03 10:27 1,497,088 ----a-w c:\windows\Internet Logs\xDB14.tmp 2009-01-03 10:24 120,320 ----a-w c:\windows\Internet Logs\xDB11.tmp 2009-01-03 10:24 1,497,088 ----a-w c:\windows\Internet Logs\xDB12.tmp 2009-01-03 10:19 3,140,096 ----a-w c:\windows\Internet Logs\xDBF.tmp 2009-01-03 10:19 1,496,576 ----a-w c:\windows\Internet Logs\xDB10.tmp 2009-01-02 09:31 1,471,488 ----a-w c:\windows\Internet Logs\xDBE.tmp 2009-01-02 09:26 2,961,920 ----a-w c:\windows\Internet Logs\xDBC.tmp 2009-01-02 09:25 1,474,048 ----a-w c:\windows\Internet Logs\xDBD.tmp 2009-01-01 14:24 3,131,392 ----a-w c:\windows\Internet Logs\xDBA.tmp 2009-01-01 14:24 1,461,760 ----a-w c:\windows\Internet Logs\xDBB.tmp 2009-01-01 03:55 132,608 ----a-w c:\windows\system32\sfc_os.dll 2008-12-31 22:54 3,043,328 ----a-w c:\windows\Internet Logs\xDB9.tmp 2008-12-29 07:42 31,744 ----a-w c:\windows\Internet Logs\xDB7.tmp 2008-12-29 07:42 1,387,520 ----a-w c:\windows\Internet Logs\xDB8.tmp 2008-12-29 07:38 20,992 ----a-w c:\windows\Internet Logs\xDB5.tmp 2008-12-29 07:38 1,385,984 ----a-w c:\windows\Internet Logs\xDB6.tmp 2008-12-29 07:33 303,104 ----a-w c:\windows\Internet Logs\xDB3.tmp 2008-12-29 07:33 1,385,984 ----a-w c:\windows\Internet Logs\xDB4.tmp 2008-12-29 06:47 2,892,288 ----a-w c:\windows\Internet Logs\xDB1.tmp 2008-12-29 06:47 1,384,448 ----a-w c:\windows\Internet Logs\xDB2.tmp 2008-12-28 22:16 4,608 ----a-w c:\windows\system32\w95inf32.dll 2008-12-28 22:16 2,272 ----a-w c:\windows\system32\w95inf16.dll 2008-12-06 06:18 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-12-06 06:18 348,160 ----a-w c:\windows\system32\msvcr71.dll 2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\audio3d.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2001-08-23 13312] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-22 203720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C-Media Echo Control"="c:\program files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 147456] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016] "C-Media Mixer"="Mixer.exe" [2002-03-03 c:\windows\mixer.exe] "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-08-23 13312] c:\documents and settings\Dark\Start Menu\Programs\Startup\ æTorrent.lnk - c:\program files\uTorrent\uTorrent.exe [2008-12-28 270128] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 S3 gttap1;GoTrusted TAP Adapter;c:\windows\System32\DRIVERS\gttap1.sys --> c:\windows\System32\DRIVERS\gttap1.sys [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - ALG *NewlyCreated* - IPNAT . - - - - ORPHANS REMOVED - - - - WebBrowser-{0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - (no file) WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKCU-Run-GoTrusted - c:\program files\GoTrusted.com\GoTrusted Secure Tunnel\GoTrusted Secure Tunnel.exe HKLM-Run-BearFlix - c:\program files\BearFlix\bearflix.exe HKLM-Run-SYSTMEM.EXE - c:\program files\\SYSTMEM.EXE . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.no/ uInternet Connection Wizard,ShellNext = iexplore IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-07 02:14:20 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\wbem\Repository\FS\OBJECTS.MAP.NEW 2980 bytes scan completed successfully hidden files: 1 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1887c395-fa60-471d-8ab4-309f5d4b2d06}] @Denied: (Full) (Everyone) "Model"=dword:00000006 "Therad"=dword:0000000b [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):e9,8b,e6,99,b0,be,7a,75,2d,e0,91,83,8e,d7,0f,e1,28,f2,65,8c,8c,\ f4,18,91,13,89,3c,c2,12,f0,41,54,f2,6f,71,bb,20,49,11,f4,00,00,00,00,00,00,\ 00,00,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(548) c:\windows\system32\ODBC32.dll - - - - - - - > 'lsass.exe'(604) c:\windows\System32\dssenh.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ZoneLabs\vsmon.exe c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe c:\windows\system32\nvsvc32.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe . ************************************************************************** . Completion time: 2009-01-07 2:16:02 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-07 10:15:58 Pre-Run: 2 844 008 448 bytes free Post-Run: 2,812,559,360 bytes free WinXP_EN_PRO_BF.EXE [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 250 > Fra HijackThis v2.0.2 Klikk for å se/fjerne innholdet nedenfor <Logfile of Trend Micro Scan saved at 02:19:45, on 07.01.2009 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Mixer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 3760 bytes > Lenke til kommentar
InsertNumLock Skrevet 7. januar 2009 Del Skrevet 7. januar 2009 Hijackthis og mbam loggene er cleane. Kan dog anbefale en update av internet explorer. Lenke til kommentar
media-tower Skrevet 7. januar 2009 Forfatter Del Skrevet 7. januar 2009 driver med oppdatering nå Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå