Gavekort Skrevet 11. januar 2009 Del Skrevet 11. januar 2009 (endret) Hei, dette er loggen på min maskin som har vært veldig utsatt for virus og har ikke vært formatert på nokkon år, så eg vil bolde ut det eg tror er galt, så kan dykk sei kva eg har gjort. Eg har kjørt Mbam og Combofix. Tusen takk om dykk vil hjelpa meg. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:27:56, on 11.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\Documents and Settings\Fredrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\DC++\DCPlusPlus.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.20\RivaTuner.exe" /S O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fredrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 12119 bytes Endret 11. januar 2009 av Blomsterbob Lenke til kommentar
Bruker-158599 Skrevet 11. januar 2009 Del Skrevet 11. januar 2009 Hei, dette er loggen på min maskin som har vært veldig utsatt for virus og har ikke vært formatert på nokkon år, så eg vil bolde ut det eg tror er galt, så kan dykk sei kva eg har gjort. Eg har kjørt Mbam og Combofix. Tusen takk om dykk vil hjelpa meg. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:27:56, on 11.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\Documents and Settings\Fredrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\DC++\DCPlusPlus.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.20\RivaTuner.exe" /S O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fredrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 12119 bytes Siden du har kjørt combofix så kan du poste loggen. Lenke til kommentar
Gavekort Skrevet 11. januar 2009 Forfatter Del Skrevet 11. januar 2009 Combofix-logg? Ayay... ComboFix 09-01-05.05 - Fredrik 2009-01-07 22:20:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1221 [GMT 1:00] Running from: c:\documents and settings\Fredrik\Desktop\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Updated) FW: Norton 360 *enabled* . ADS - system32: deleted 12 bytes in 1 streams. ((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 ))))))))))))))))))))))))))))))) . 2009-01-06 16:09 . 2009-01-06 16:09 d-------- c:\program files\Malwarebytes' Anti-Malware2009-01-06 16:09 . 2009-01-06 16:09 d-------- c:\documents and settings\Fredrik\Application Data\Malwarebytes2009-01-06 16:09 . 2009-01-06 16:09 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes2009-01-06 16:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-06 16:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-06 16:06 . 2009-01-06 16:06 d-------- c:\program files\Trend Micro2009-01-05 19:37 . 2009-01-05 19:38 d-------- c:\windows\system32\Adobe2009-01-05 17:55 . 2009-01-07 22:17 d-------- c:\program files\Life of D. Duck II2009-01-04 19:53 . 2009-01-04 19:53 d-------- C:\$WINDOWS.~BT2009-01-04 19:51 . 2009-01-04 19:51 2,188 --a------ c:\windows\diagwrn.xml 2009-01-04 19:51 . 2009-01-04 19:51 1,890 --a------ c:\windows\diagerr.xml 2008-12-30 17:19 . 2008-12-30 17:19 d-------- c:\program files\7-Zip2008-12-30 16:16 . 2008-12-30 16:16 d-------- c:\documents and settings\Fredrik\Application Data\gtk-2.02008-12-30 15:48 . 2008-12-30 16:36 d-------- c:\documents and settings\Fredrik\Application Data\Wireshark2008-12-30 15:45 . 2009-01-05 17:16 d-------- c:\documents and settings\Fredrik\Application Data\Hamachi2008-12-30 15:43 . 2008-12-30 15:45 d-------- c:\program files\Wireshark2008-12-30 15:43 . 2008-12-30 15:44 d-------- c:\program files\WinPcap2008-12-30 15:43 . 2008-12-30 15:45 d-------- c:\program files\Hamachi2008-12-30 15:43 . 2008-12-30 15:43 25,280 --a------ c:\windows\system32\drivers\hamachi.sys 2008-12-29 15:18 . 2008-12-29 15:27 d-------- c:\program files\GTR22008-12-24 22:36 . 2008-12-24 22:36 d-------- c:\program files\Capcom2008-12-24 22:34 . 2008-12-24 22:34 d-------- c:\program files\ZIO Interactive2008-12-24 00:26 . 2008-12-24 00:26 d-------- c:\program files\Undead2008-12-24 00:25 . 2008-12-24 00:25 d-------- c:\program files\AIM Productions2008-12-21 20:31 . 2008-12-21 20:34 d-------- c:\program files\Red Alert 2 Yuri's Revenge2008-12-21 19:47 . 2008-12-21 19:47 d-------- c:\program files\Empire Interactive2008-12-20 19:15 . 2008-12-20 19:15 d-------- c:\windows\Sun2008-12-20 19:15 . 2008-12-20 19:16 d-------- c:\program files\SystemRequirementsLab2008-12-20 19:15 . 2008-12-20 19:15 d-------- c:\documents and settings\Fredrik\Application Data\SystemRequirementsLab2008-12-19 17:59 . 2008-12-19 17:59 d-------- c:\program files\Left.4.Dead.Full-Rip.Skullptura2008-12-16 18:14 . 2008-12-16 18:14 d-------- c:\documents and settings\All Users\Application Data\2DBoy2008-12-16 18:13 . 2008-12-16 18:14 d-------- c:\program files\WorldOfGoo2008-12-13 18:41 . 2008-12-13 18:41 d-------- c:\program files\iPod2008-12-13 18:41 . 2008-12-13 18:41 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-07 21:30 --------- d-----w c:\program files\SpeedFan 2009-01-07 21:29 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-06 22:47 --------- d-----w c:\program files\DC++ 2009-01-06 17:09 --------- d-----w c:\program files\World of Warcraft 2009-01-05 16:27 --------- d-----w c:\documents and settings\Fredrik\Application Data\MiniLyrics 2009-01-04 18:53 --------- d-----w c:\program files\Microsoft ActiveSync 2008-12-31 14:55 --------- d-----w c:\documents and settings\All Users\Application Data\Test Drive Unlimited 2008-12-30 17:52 --------- d-----w c:\documents and settings\Fredrik\Application Data\Azureus 2008-12-30 15:35 --------- d-----w c:\documents and settings\Fredrik\Application Data\SiteAdvisor 2008-12-24 21:34 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-23 19:51 --------- d-----w c:\documents and settings\Fredrik\Application Data\FileZilla 2008-12-23 19:37 --------- d-----w c:\documents and settings\Fredrik\Application Data\foobar2000 2008-12-21 19:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-12-21 18:30 --------- d-----w c:\program files\Steam 2008-12-21 17:23 --------- d-----w c:\program files\QuickTime 2008-12-13 17:41 --------- d-----w c:\program files\iTunes 2008-12-13 17:41 --------- d-----w c:\program files\Common Files\Apple 2008-12-06 17:26 --------- d-----w c:\program files\Bullfrog 2008-12-06 16:13 --------- d-----w c:\program files\Lionhead Studios 2008-12-05 22:05 --------- d-----w c:\program files\DeepSilver 2008-12-04 16:45 --------- d-----w c:\program files\RivaTuner v2.20 2008-11-30 20:43 --------- d-----w c:\documents and settings\Fredrik\Application Data\dvdcss 2008-11-24 20:38 --------- d-s---w c:\program files\Xfire 2008-11-24 19:24 --------- d-----w c:\program files\Common Files\INCA Shared 2008-11-24 19:21 --------- d-----w c:\documents and settings\Fredrik\Application Data\Xfire 2008-11-24 18:44 --------- d-----w c:\program files\Games-Masters.com 2008-11-22 16:20 --------- d-----w c:\program files\AOE2 2008-11-22 15:13 --------- d-----w c:\program files\EA GAMES 2008-11-21 13:08 --------- d-----w c:\program files\Vuze 2008-11-19 20:40 --------- d-----w c:\program files\Westwood 2008-11-16 16:17 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-11-12 14:27 --------- d-----w c:\program files\Norton 360 2008-11-11 15:32 --------- d-----w c:\program files\Lavasoft 2008-11-11 15:31 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-09 14:33 --------- d-----w c:\program files\Gothic III 2008-11-09 14:25 271,360 ----a-w c:\windows\system32\drivers\atksgt.sys 2008-11-09 14:25 18,048 ----a-w c:\windows\system32\drivers\lirsgt.sys 2008-11-08 17:20 --------- d-----w c:\program files\GPS Tuner 2008-11-08 14:12 --------- d-----w c:\program files\AGEIA Technologies 2008-11-08 13:57 --------- d-----w c:\program files\Reality Pump 2008-06-30 11:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2008-09-30 23:53 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100120081002\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] @="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Google Update"="c:\documents and settings\Fredrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.20\RivaTuner.exe" [2008-11-19 2727936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe] "nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Fredrik\Start Menu\Programs\Startup\ SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2008-04-22 3287552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-02 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^Fredrik^Start Menu^Programs^Startup^PC Probe II V1.04.19.lnk] path=c:\documents and settings\Fredrik\Start Menu\Programs\Startup\PC Probe II V1.04.19.lnk backup=c:\windows\pss\PC Probe II V1.04.19.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster] --a------ 2004-12-10 16:30 3503616 c:\program files\ASUS\Ai Booster\OverClk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-11-22 14:09 1410296 c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"= "c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= "c:\\Documents and Settings\\Fredrik\\Desktop\\gmod\\hl2.exe"= "c:\\Program Files\\Steam\\SteamApps\\bob_mafia1992\\source dedicated server\\srcds.exe"= "c:\\Program Files\\Steam\\SteamApps\\bob_mafia1992\\counter-strike source\\hl2.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\AOE2\\age2_x1.exe"= "c:\\Program Files\\Left.4.Dead.Full-Rip.Skullptura\\Left 4 Dead\\left4dead.exe"= "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Red Alert 2 Yuri's Revenge\\gamemd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2008-07-02 1275584] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-28 99376] R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352] R4 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064] S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2008-09-02 4224] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-13 23888] S3 cpuz;cpuz;\??\c:\docume~1\Fredrik\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Fredrik\LOCALS~1\Temp\cpuz.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-01-06 38496] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b85ff80-66ce-11dd-ac30-0013468a5c07}] \Shell\AutoRun\command - G:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dab4355c-59af-11dd-ac1e-0013468a5c07}] \Shell\AutoRun\command - setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1177238915-725345543-1003.job - c:\documents and settings\Fredrik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 12:09] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl . ------- Supplementary Scan ------- . uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Fredrik\Application Data\Mozilla\Firefox\Profiles\nb86iz9n.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.tek.no/ FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll FF - plugin: c:\documents and settings\Fredrik\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll ATTENTION: FIREFOX POLICES IS IN FORCE c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-07 22:32:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-515967899-1177238915-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\S*NULL*P*NULL*O*NULL*R*NULL*E*NULL*"!] "Order"=hex:08,00,00,00,02,00,00,00,fc,01,00,00,01,00,00,00,04,00,00,00,8e,00,\ 00,00,00,00,00,00,80,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6e,00,32,\ 00,d3,07,00,00,28,39,11,7b,20,00,41,56,49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,\ 44,00,03,00,04,00,ef,be,28,39,11,7b,53,39,e7,50,14,00,00,00,41,00,76,00,69,\ 00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,53,00,50,00,4f,00,\ 52,00,45,00,22,21,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\ be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,7a,00,00,00,01,00,00,00,6c,00,\ 00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5a,00,32,00,46,08,00,00,28,39,11,\ 7b,20,00,45,41,2d,68,6a,65,6c,70,2e,6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,\ 28,39,11,7b,53,39,e7,50,14,00,00,00,45,00,41,00,2d,00,68,00,6a,00,65,00,6c,\ 00,70,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\ 00,00,1c,00,00,00,00,00,00,00,00,00,74,00,00,00,02,00,00,00,66,00,00,00,41,\ 75,67,4d,02,00,00,00,01,00,00,00,54,00,32,00,be,05,00,00,28,39,11,7b,20,00,\ 4c,65,73,4d,65,67,2e,6c,6e,6b,00,00,2c,00,03,00,04,00,ef,be,28,39,11,7b,53,\ 39,e7,50,14,00,00,00,4c,00,65,00,73,00,4d,00,65,00,67,00,2e,00,6c,00,6e,00,\ 6b,00,00,00,1a,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1a,00,00,00,00,00,00,\ 00,00,00,74,00,00,00,03,00,00,00,66,00,00,00,41,75,67,4d,02,00,00,00,01,00,\ 00,00,54,00,32,00,58,07,00,00,28,39,11,7b,20,00,53,50,4f,52,45,7e,31,2e,4c,\ 4e,4b,00,2c,00,03,00,04,00,ef,be,28,39,11,7b,53,39,e7,50,14,00,00,00,53,00,\ 50,00,4f,00,52,00,45,00,22,21,2e,00,6c,00,6e,00,6b,00,00,00,1a,00,0e,00,00,\ 00,0a,00,ef,be,00,00,00,00,1a,00,00,00,00,00,00,00,00,00 [HKEY_USERS\S-1-5-21-515967899-1177238915-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*] "??"=hex:50,f2,84,f6,80,61,70,f5,5c,c9,55,6d,10,86,aa,99,a5,f6,32,c5,fc,97,13,\ 6a,60,6b,ce,ad,73,e1,2f,b5,04,ca,fa,81,9d,bb,87,c4,12,3b,32,4b,3f,f1,32,77,\ 33,2f,b6,24,6c,62,5e,0b,93,68,1b,58,9e,5c,c7,a0,56,50,47,67,75,81,ce,5c,89,\ 7c,b5,6a,df,a2,f7,de,1b,42,40,01,12,13,65,e2,1e,9f,6c,9c,a0,39,74,9f,39,29,\ 6a,c5,60,44,80,05,b1,d5,30,99,1f,fe,07,f5,74,06,08,75,c3,db,b7,d4,06,5a,e0,\ 3c,d7,3f,9c,9d,eb,6c,bd,48,b8,13,03,c0,a1,3b,fa,cc,9b,ac,d2,58,3f,ff,9c,4f,\ 86,c2,64,f3,32,3a,03,9a,b9,6e,20,4e,d6,ff,59,1b,b8,72,d0,b0,b9,b9,62,c0,b6,\ 1e,8a,2a,ba,49,78,a0,cc,85,39,33,08,66,72,4b,3b,ee,fb,14,ea,30,34,e6,2f,29,\ d0,a5,a5,53,1c,7f,39,c7,71,3c,43,2b,46,c3,e3,a0,30,04,2b,4a,f9,41,21,b9,92,\ e3,35,00,c3,8d,ce,5b,ac,01,4e,d9,85,9e,14,d1,51,5c,63,9a,c5,74,fd,cb,5a,fb,\ a0,a9,a2,c3,85,8f,19,44,e0,ee,95,ad,46,fd,93,4c,3b,e8,48,e6,b3,33,aa,03,d8,\ 76,a8,08,7f,87,44,2f,46,99,3d,69,9c,71,db,17,37,a0,bd,08,20,50,50,3f,7d,8e,\ 68,d1,0b,28,26,2e,5e,5e,d5,0c,71,b6,e6,69,d3,e0,78,d2,6f,6d,f5,56,9d,c6,cd,\ 56,f3,10,54,62,4d,6c,bb,94,73,be,b8,1e,ed,5f,cd,9c,c6,52,7f,ca,c8,e8,8d,15,\ 86,02,3b,ee,34,95,1b,db,d1,be,1c,44,f9,40,1b,aa,40,c0,24,db,ac,4a,e0,3f,62,\ 5c,10,a2,18,5c,b0,59,de,b1,30,b7,b9,cf,46,a5,b6,73,17,77,e3,67,06,09,16,15,\ 1c,d2,a4,3e,7d,3b,11,88,aa,c3,35,bd,51,4b,2e,87,21,8f,e8,21,12,f2,e6,37,18,\ a7,cd,f9,c8,29,42,06,1d,62,25,88,da,08,44,8b,b8,62,0d,78,da,e2,53,d8,3d,08,\ fb,8d,4b,f7,72,58,5c,85,54,1f,eb,67,ac,c3,de,97,8b,49,3f,0d,54,dd,e9,e5,3c,\ e9,62,2b,15,ad,f0,ec,14,f3,86,48,d2,56,98,3a,bb,ad,33,de,2a,4f,50,7f,6f,07,\ 53,83,d6,f3,e3,34,36,67,cc,87,bf,bc,a5,a0,55,1a,f9,0e,60,ca,7c,60,ed,8a,7e,\ 88,66,4b,cc,a5,cc,16,71,ec,84,20,38,e4,f9,0b,e3,34,25,6e,9b,98,75,14,d2,98,\ 37,2b,fe,67,ee,12,d8,2d,16,c5,90,e3,44,d5,00,27,a1,24,a3,5f,c5,78,67,4e,36,\ a4,3a,71,04,64,35,c4,e1,24,12,ae,87,5c,fa,b5,49,28,20,cb,f5,85,b6,09,a3,bd,\ eb,ae,17,0d,32,34,13,31,ca,c0,72,ac,9d,62,01,8a,70,b8,a3,28,d3,29,a2,47,ef,\ 4e,9e,4a,94,58,89,e3,b7,8a,44,ae,64,44,4d,d5,d8,27,6f,e9,4b,34,32,8d,25,58,\ 75,27,df,64,3a,58,9f,c7,fa,d6,76,36,86,8d,84,2f,2b,aa,3f,7a,5f,29,ec,e8,e6,\ 32,a1,76,77,b4,67,e9,eb,6d,a4,72,83,24,49,e9,aa,80,f4,44,60,c1,90,b2,d3,ff,\ 69,51,01,36,fe,92,c8,17,05,b6,cb,3b,ee,01,0c,02,c3,29,34,c0,59,9f,d0,5e,87,\ de,63,9a,94,ff,d0,69,98,47,d0,4d,89,80,d5,82,a4,08,68,14,be,88,31,86,67,10,\ 84,db,98,2b,6d,f2,3c,e8,f5,52,e6,e1,61,bc,c8,0f,3c,73,06,8c,29,75,4b,62,e8,\ 87,47,1d,82,d5,79,b1,3d,7d,1c,c7,af,e8,e1,78,14,a7,1f,f4,40,d4,3e,da,45,4b,\ 37,62,e2,4d,24,0d,df,39,60,27,f9,76,f7,8e,76,f7,06,1b,16,e4,75,e1,ec,a2,00,\ d3,af,5e,8d,fa,30,ec,bd,06,2c,75,ef,5d,99,e6,0e,6b,0e,7e,75,59,57,62,9a,4b,\ 0d,57,34,d2,9d,aa,88,16,13,9a,5b,97,c3,e0,eb,e0,94,24,83,89,25,27,67,8a,4e,\ 20,9a,9a,1c,1f,13,88,70,a3,19,8e,5f,e2,53,0b,63,f8,2f,4a,01,2d,08,b4,ae,67,\ 94,9d,2b,39,f2,1e,3d,3e,90,eb,88,a6,bc,d1,1c,7f,d3,05,a6,08,ae,e1,be,d2,35,\ aa,13,52,aa,27,4a,c6,c3,8d,8b,c7,bc,28,c7,7b,89,b9,93,24,3f,bf,b5,14,9b,f6,\ c0,eb,af,6f,a5,08,02,88,b6,ef,30,ce,2e,dd,eb,48,64,b6,df,35,0e,ad,10,67,82,\ 95,e7,e0,ef,5b,79,11,24,7d,07,9b,91,8a,44,3d,26,6e,be,52,0d,c8,52,aa,7c,e2,\ 69,97,fb,3a,a7,de,e7,64,90,ec,8d,ab,22,e3,f3,d8,c3,6d,7b,93,18,13,da,b7,5a,\ 8b,41,63,4e,9f,d5,f6,9d,63,64,6c,d5,79,74,d9,73,b0,b6,b2,7f,1e,f0,77,3f,39,\ 21,38,a4,ce,fa,d8,2c,21,fc,0b,63,87,96,da,af,d4,17,78,c8,c6,d8,32,02,9b,b3,\ eb,bc,3c,f1,96,81,d1,69,d4,b4,a1,c8,02,f3,55,fa,6c,4a,87,bd,0c,b8,3a,72,6a,\ 87,5b,f8,ee,ee,26,3a,8a,9a,18,0e,3a,ba,e1,bd,47,a8,a1,31,88,10,11,df,e2,e2,\ 2a,95,f9,17,b7,c7,3f,c5,80,f6,3e,84,6b,16,e4,c0,dc,3c,c8,65,2e,e2,95,2a,8b,\ 61,38,8c,ff,1d,05,84,de,e1,f6,1f,e3,44,ac,44,96,12,f2,d8,a9,fc,17,3f,dc,89,\ 66,19,ac,14,1e,0b,17,67,e1,a3,6a,11,78,32,70,09,7f,a2,e4,4c,dc,37,10,ba,7a,\ e8,3b,9a,0a,c7,e8,73,a4,6b,03,25,01,98,08,11,69,10,b6,58,d2,7d,9a,9a,cf,47,\ 2c,0d,a1,f7,e9,2e,42,7c,58,af,18,9a,2c,65,14,d1,17,6d,45,ba,ca,34,2e,7a,4f,\ dd,92,94,2e,b8,73,f0,50,b0,80,5e,98,d7,11,77,24,4a,88,8e,07,7b,b1,ba,40,34,\ c1,92,48,ec,84,74,80,1d,f3,77,dd,a5,18,ae,87,41,4c,f1,74,b9,05,dd,1e,fb,72,\ 19,9f,c6,68,2b,93,9b,3f,df,de,35,c2,f5,58,2c,e6,9e,21,fd,7a,3f,58,d5,38,7d,\ cf,61,e4,42,6a,b7,d4,be,94,11,12,bd,e6,20,59,2c,da,40,f4,17,a8,91,e0,be,c2,\ 92,2c,0c,2a,6b,a3,27,07,98,46,86,c9,d9,45,37,fa,86,9f,09,74,e6,09,0a,5d,26,\ 73,d4,77,0c,b7,1c,83,68,37,b6,ba,db,28,ae,e9,87,8d,31,9c,df,46,c9,0f,12,f7,\ ed,ac,49,42,58,7a,1e,dc,0f,47,67,d1,b0,39,8b,fa,23,3d,9c,ed,f4,2f,d7,aa,ad,\ 6d,3f,5c,65,5e,e2,2e,c6,dd,fd,9a,a1,71,bb,f2,61,3f,c4,68,4e,a7,79,7f,ba,02,\ 07,66,c2,58,7b,1f,04,ff,58,a7,e9,30,dd,e4,5e,4a,a6,33,74,de,1b,31,ab,a4,c9,\ b8,b6,4f,97,09,b5,8f,e8,a9,b0,79,f4,12,24,71,57,64,c1,cc,2b,d2,c2,3c,8d,f4,\ c3,c7,8a,ad,2e,5c,80,ae,8e,d1,b8,f3,5c,ea,7d,0d,fa,e0,d3,d3,b8,cd,18,0f,c6,\ 64,61,16,86,fa,2c,f1,5a,97,4f,a9,e8,07,4f,66,ba,12,34,6c,81,f5,2d,f8,63,88,\ 96,70,7c,8f,e3,79,26,7e,a5,87,a4,1c,0b,1c,22,67,d6,73,76,a4,cf,3d,01,56,94,\ c2,08,7d,e0,23,25,4a,17,fb,19,61,4a,b8,12,33,01,4f,af,40,8e,54,46,7a,65,ac,\ f2,41,e7,47,b7,79,d6,39,8b,af,7f,f3,d0,d5,28,11,12,2e,d0,1c,37,d4,88,23,d0,\ 9c,e4,ca,56,b1,3c,4d,db,0a,6f,a6,7e,76,36,fa,2c,44,ec,3f,f3,7c,15,45,6a,60,\ 98,36,6c,37,3a,99,f3,2d,2d,80,72,6a,03,da,78,83,92,90,ba,91,26,ef,c2,cb,1b,\ ac,f5,9f,6c,9b,7d,a7,a9,8d,90,e1,fd,1e,e7,07,94,a1,a7,84,f3,30,4f,4d,eb,d6,\ ef,a6,f4,52,33,7a,39,04,7f,a7,34,8e,02,de,bc,58,c4,cc,51,d6,e8,cc,04,ce,58,\ ea,56,9d,bb,b7,5d,28,11,1b,ab,2f,01,f2,f3,4f,89,15,10,fb,f9,4c,46,89,db,7f,\ f6,dd,74,9a,7f,b9,e5,cc,e1,cf,fd,13,5e,f6,bf,a0,cc,77,33,0f,ee,b5,ec,a1,49,\ cd,c9,56,10,9e,78,7b,88,e8,6d,07,0c,e8,eb,10,99,ef,44,38,91,b4,61,91,a4,99,\ 4a,c8,0e,ac,0d,e0,19,3c,24,d3,4a,7b,15,61,62,22,a9,34,af,c0,07,ef,aa,7e,11,\ 55,5a,bf,78,fb,d3,6a,55,db,54,60,5b,54,b5,cc,00,15,1b,ca,37,69,75,65,06,a6,\ 7a,51,e1,74,95,e4,59,cd,a7,29,a8,55,11,bc,1b,54,be,44,ab,60,22,bb,32,72,3b,\ 2d,76,a9,7c,80,a4,da,60,cd,dd,41,fe,86,7a,f5,57,68,f3,51,69,48,05,01,6b,c8,\ fb,e6,25,0d,a6,d4,5b,9c,49,b4,9c,67,32,ae,36,53,0d,fb,e9,1b,f1,cf,fa,14,81,\ 35,4d,03,eb,aa,d2,76,ed,bf,88,68,a7,80,b9,3c,45,c9,e2,ef,3d,96,9e,cd,ea,93,\ c7,ce,b0,82,ca,9b,bd,cd,48,ec,71,2a,24,76,84,a9,9f,f3,65,d3,f2,b1,65,ec,78,\ 85,16,b2,2c,ad,30,bb,d2,8f,bf,23,ca,62,1a,98,3e,bd,b1,84,14,4c,57,ab,05,8e,\ 53,f8,83,7f,6d,df,d9,c3,28,97,6f,97,18,a1,9e,24,37,dd,90,f4,26,73,29,78,66,\ 88,8b,e7,4b,a4,14,d0,6c,a6,b7,eb,e3,1c,93,7c,52,63,75,71,8e,50,06,ce,13,b1,\ f7,f8,e5,cf,0b,52,4a,fc,58,80,bf,a8,da,4b,d2,f6,14,1e,d1,35,f4,19,b1,1f,43,\ 83,4b,73,aa,66,34,ff,90,a7,1a,f5,8c,fc,43,e4,59,25,01,ec,78,9d,3b,84,f9,97,\ 1b,79,ce,45,ff,0c,49,4b,5d,19,df,c9,f3,b6,5e,5d,21,5e,69,1c,95,d6,56,42,c3,\ ce,86,87,7f,13,ee,92,0e,cd,f1,e1,81,9e,48,bd,3f,33,f3,44,ff,b0,5b,1f,ab,a5,\ f9,c3,d4,a5,90,4f,87,12,d2,c9,5c,8b,3c,10,82,5e,f7,d2,51,8f,41,c8,14,d1,ae,\ 80,7f,2b,60,78,3f,a8,c6,23,8a,f1,0e,af,e7,17,fc,d2,99,02,49,8d,53,c0,f2,85,\ 33,ef,31,6e,fe,96,db,4a,a9,a2,dd,9b,75,d2,e2,64,31,fc,ef,37,2f,16,42,62,34,\ ff,82,46,71,a2,11,62,f1,f9,b0,88,dd,38,ec,86,0f,4c,09,f0,c6,10,d5,d5,2c,bc,\ 08,43,a1,12,5b,db,07,d8,8f,e4,43,73,8f,64,e1,68,9b,03,52,70,ba,e7,3b,40,98,\ 34,c8,d1,18,89,fe,95,ca,e1,da,1e,69,9f,2d,90,1d,01,1c,f2,53,e1,c3,d3,b0,29,\ 22,c5,09,3e,ef,c9,6c,34,d8,d4,2c,54,8b,73,e1,3e,32,5e,76,6e,d6,ea,f7,3e,41,\ 3a,74,ab,c3,8f,76,de,a4,c0,20,42,d9,f5,c2,ec,bf,fe,cf,ca,ff,b8,33,76,27,c1,\ 6d,6a,01,49,c6,41,e9,57,db,b5,30,0c,6f,c5,3f,22,e8,9b,e3,c7,19,6a,f4,c4,39,\ bc,b9,3e,25,48,c6,b3,d6,53,f8,f5,0d,46,01,61,14,f1,c1,71,a3,57,d9,1f,a3,85,\ 54,db,82,63,70,b5,03,f0,b0,6a,80,8a,39,72,23,f2,77,d2,81,2e,e1,63,81 "??"=hex:b7,8b,21,1d,23,96,5d,99,62,fc,fa,91,49,16,81,bd [HKEY_USERS\S-1-5-21-515967899-1177238915-725345543-1003\Software\SecuROM\License information*NULL*] "datasecu"=hex:0c,8d,44,30,a6,21,e9,6e,3b,af,d3,6e,c5,c4,45,49,5e,e3,cc,4e,73,\ f7,1b,92,17,62,52,d3,d5,91,56,77,20,74,0a,a2,68,d2,1d,07,aa,da,7d,33,4a,6f,\ 5f,51,fb,0b,53,30,96,c0,7a,07,03,f6,7f,31,5a,6a,5e,4e,56,3d,83,37,bf,9a,1c,\ ae,24,93,de,1f,04,f3,5d,c8,6f,c3,d4,3e,6a,a2,1a,a8,fa,97,4e,b1,2e,73,9c,96,\ 26,62,19,51,8f,b1,d0,b5,00,bc,83,99,c2,d7,f6,4c,7e,23,8b,3a,ab,01,77,0e,2c,\ 9d,d0,39,d3,15,09,8a,55,bb,75,ce,18,f3,0c,90,fe,39,39,c3,0e,1d,ab,78,d9,24,\ 08,2f,a0,a8,e4,20,31,2d,1f,d6,e1,a4,0e,af,d4,98,d9,ab,b9,60,1f,f2,ae,28,fe,\ 83,68,77,46,79,52,f6,e1,e1,97,e9,0c,99,12,2d,a3,da,9b,aa,6a,6b,9f,14,dd,83,\ 7a,1a,9b,68,be,08,02,23,ed,3d,6a,93,47,0f,1d,72,bc,db,fb,0b,15,e9,15,4b,95,\ b8,57,21,22,31,0b,14,5b,63,7d,74,4d,22,2b,ed,29,ec,c7,d2,89,e2,d4,de,a8,2e,\ b5,a9,27,9e,d1,45,8e,da,87,86,82,67,af,03,6c,fd,d9,de,25,53,ac,64,8c,91,ce,\ 5f,b3,13,47,6f,76,3d,b9,03,a3,e1,2f,27,12,32,61,a8,7b,bc,a6,05,a1,c4,ae,1b,\ ba,90,d5,83,8b,19,35,b6,3d,e3,8f,ea,b4,dd,8a,e1,70,ab,c3,24,c8,b8,27,a8,37,\ 10,95,44,95,05,a9,5e,20,f1,9e,d7,48,6d,ca,66,38,a1,6e,a3,52,43,68,ff,da,8c,\ e9,95,84,fe,8f,60,32,2a,b5,de,32,c6,da,85,e2,b5,0b,28,18,af,81,48,15,66,a1,\ a6,0a,55,73,28,81,c0,4c,aa,ab,8b,40,1b,2e,1c,7a,11,e6,66,c5,0a,c4,c8,aa,d6,\ d0,2b,00,47,74,d4,25,34,de,14,d9,a2,d7,5e,e6,ba,a1,4d,ac,9a,8e,8e,27,b0,28,\ 40,1e,bd,a8,02,02,e4,fd,a5,da,63,93,6d,a8,05,51,41,c0,f8,ad,7b,f0,65,ca,08,\ 24,b3,75,f8,bc,b7,e0,d9,46,39,d9,64,68,3d,cb,0c,bd,02,e4,69,61,3a,16,5b,50,\ 25,12,c6,4d,15,02,bb,53,3c,da,d5,72,bd,61,60,2b,71,3b,30,06,1b,08,67,c6,c2,\ 29,2d,82,4d,0d,88,fe,07,c9,50,7b,08,54,25,8c,a3,2f,df,a0,0f,cb,61,cd,02,5d,\ e5,dc,2b,12,b1,80,63,fe,c1,94,69,c4,3a,65,10,51,f1,65,2f,75,2b,fb,e8,48,eb,\ 7d,46,48,6e,01,1d,02,7c,1d,0c,70,61,6b,a3,35,ae,67,6b,31,87,52,a3,a4,cc,0c,\ d9,f7,93,bc,01,8b,a4,15,a5,3f,4a,42,0f,ce,da,b4,61,39,4a,55,32,3d,48,66,88,\ 4f,3c,f5,98,c0,a7,78,d2,c2,47,56,f4,c8,29,87,03,f2,e2,e2,5b,49,db,4b,1b,da,\ 91,60,9e,f2,9c,2a,6d,b0,9b,1c,76,a8,1c,a5,33,0e,46,7f,42,74,39,a9,82,80,83,\ 92,bd,c1,1f,17,86,41,de,ae,1c,b9,c0,de,9f,05,6d,6a,84,5f,94,71,52,a9,0f,52,\ cf,78,65,cd,28,4c,d9,41,a5,af,c8,df,e8,f5,2d,90,05,52,8c,40,e5,29,1a,bd,75,\ 50,a7,77,0e,7a,5b,7d,16,cd,e0,0b,92,40,87,d4,d8,80,62,4b,04,cc,5f,31,c0,ee,\ d9,16,9f,4a,b0,3f,1c,ff,8c,8d,10,fb,b8,a8,57,ca,9a,bd,64,29,70,f6,bf,6c,3b,\ 7b,65,fc,66,83,5a,46,e4,c2,e6,06,cb,a6,94,5b,a6,ab,ba,4d,18,d4,56,b1,cd,cb,\ 16,11,b6,e1,37,7d,e6,f4,41,48,6b,6c,22,7f,d2,4d,de,51,78,0f,c8,85,b2,97,d6,\ c6,a4,1d,7f,f5,57,79,e2,58,8e,76,3b,14,8f,db,88,0d,11,d6,a6,c5,ae,aa,dc,5e,\ ab,80,fb,ec,f4,cf,64,a3,5d,d8,f7,46,4b,c3,4e,b0,fc,5e,12,db,11,66,43,7d,a8,\ e4,42,22,68,59,53,27,d7,57,5c,25,28,9e,cf,cf,6f,d8,8a,b2,aa,cc,e6,50,a2,ac,\ 67,c4,8e,4a,a1,4b,88,c4,d0,fd,a5,e5,53,02,fc,01,64,dd,7c,8b,13,b6,df,bd,04,\ 13,92,c6,b1,a2,06,f4,74,f0,37,b5,da,f7,8f,94,cf,e8,e7,57,35,10,6e,b5,bb,95,\ 69,c4,76,41,81,dc,bc,5e,27,7d,f7,3f,37,be,0d,95,3a,4d,2f,e7,f1,e5,59,cc,1c,\ 6b,87,24,7a,48,e0,ca,01,86,5e,6e,1d,2b,87,31,08,17,12,4f,5c,9e,4b,91,4d,04,\ 3d,a4,4e,b0,e6,54,90,72,5f,7b,0c,eb,33,2d,42,6e,98,6e,55,4d,50,da,39,81,98,\ eb,a6,43,53,9c,16,92,53,ac,da,c2,f7,1e,fb,72,ca,aa,be,6b,40,88,4b,ef,2d,27,\ 9b,0c,cb,eb,86,1a,47,af,e4,15,2e,12,8a,0d,33,41,78,47,8e,ac,9f,a1,43,75,84,\ 8a,b8,c5,ed,69,8f,b8,18,12,b1,b1,2c,b7,9c,84,e8,8a,bf,5c,81,35,64,5b,cc,c3,\ c1,d5,8c,75,ac,7f,39,82,74,ff,b6,4a,7c,d3,1f,89,e1,a1,9b,fb,b4,f0,39,07,96,\ a2,09,51,1c,a7,63,2c,c9,8b,08,03,b4,5a,1b,dd,19,b6,38,b2,af,74,63,33,f4,2d,\ 8d,b8,8b,f5,0b,bf,97,13,bb,ca,5c,a9,90,3c,ff,a6,36,f8,ca,84,fb,8c,3a,48,7e,\ d1,25,73,1c,0a,a9,04,62,c8,88,91,1a,1e,50,33,5b,f3,74,65,4a,62,27,ed,ee,df,\ 89,d5,37,32,67,a3,0d,55,66,06,a6,5d,76,f2,02,40,89,b1,12,5e,ef,b3,04,87,23,\ fb,f9,f5,99,79,93,98,ea,2c,03,4e,1a,6c,2b,41,4e,24,a9,8a,2f,d8,46,16,7f,36,\ d0,ab,c9,e1,31,b7,4a,7b,f5,0e,6e,aa,4b,4f,83,49,fa,f6,e2,67,56,26,54,f0,2b,\ 2a,a8,a4,15,78,10,3c,40,32,0a,01,a5,c3,3c,28,d9,8c,58,8c,fd,09,ee,2d,a9,4f,\ 31,4c,ac,28,0f,e0,59,cd,67,11,6a,f3,93,73,58,18,67,7e,9c,99,80,64,f3,bf,5a,\ 1b,58,2e,1d,85,1a,0e,b9,85,39,c5,9c,d1,c5,8f,a5,01,e1,7d,c1,dd,f2,45,41,79,\ 17,ed,08,80,e3,30,02,86,95,13,2f,12,97,83,8c,e8,24,00,1e,55,af,59,1f,7b,12,\ 47,c6,8c,d0,45,da,bb,ef,52,70,3d,72,4c,29,21,92,b9,0a,fb,58,3b,a5,65,49,c0,\ b4,a5,35,75,c2,72,f2,db,58,70,7a,b5,36,29,8d,97,ff,dd,01,c2,6b,42,ef,aa,55,\ 68,ef,64,10,2c,96,35,da,18,fa,e7,1c,65,48,d2,29,cd,bb,ec,86,d7,7a,59,bc,7f,\ 52,c0,ca,b7,25,6e,49,76,91,65,06,60,08,9b,9e,cc,e0,d8,54,ea,74,49,fe,2e,ae,\ 39,54,8b,29,26,ac,ea,9f,b6,27,71,15,0a,7a,1e,db,5b,b3,02,42,2b,d3,90,57,75,\ a6,e5,61,bf,1d,73,50,a6,20,91,8b,e5,df,f3,da,7b,26,42,05,47,a4,09,65,90,c2,\ 37,a7,b7,aa,c4,3b,50,0d,81,00,d6,1c,f3,ce,09,2f,cc,8b,2f,ec,77,c4,29,18,12,\ 61,0f,ad,a7,2f,e9,3e,a7,01,22,d7,4a,c6,f3,f8,0c,89,e6,38,eb,9f,cb,dd,2b,88,\ c6,31,ce,40,ee,7d,f8,14,f1,ca,2a,1c,2e,46,f7,f2,6d,c2,35,77,65,35,89,32,26,\ 8c,27,a8,79,42,b1,e1,e4,8e,64,51,de,63,31,e7,63,6b,42,fe,9b,fd,eb,68,e2,2a,\ 97,50,c7,68,fe,0d,06,5a,cc,95,f3,58,f6,f7,af,11,f6,67,91,36,18,41,08,b4,ad,\ ec,ef,96,a3,eb,ca,91,42,f5,44,99,c0,4d,17,7d,07,d6,a9,7f,57,e5,50,95,b7,1f,\ dd,02,21,71,f6,c4,b5,f4,34,21,c1,03,32,91,6d,e4,8d,ab,22,90,c5,4b,e5,59,e0,\ 0f,b1,4a,c2,e9,e1,7d,68,91,cd,f7,69,8f,b9,93,ce,eb,e9,a4,a3,28,92,b4,55,ea,\ 5b,aa,c9,34,51,ef,b9,14,98,df,e6,4f,59,52,d5,eb,9a,d2,fb,5e,0c,3f,28,7c,58,\ 01,48,55,71,7e,18,7b,22,03,79,b8,dd,40,22,7b,4e,d7,f4,96,71,21,7f,25,8f,1f,\ 0d,c0,7b,18,55,22,17,05,95,c8,b3,46,1b,b9,87,37,8d,48,dc,7e,3c,6b,1e,34,38,\ 74,8f,d6,4b,80,6e,2c,24,18,44,7f,b8,a1,e5,4f,5e,2e,f6,f8,c4,f4,81,b3,77,78,\ 0d,d1,c9,9d,9c,55,fd,81,f1,58,a9,2c,0e,3d,03,d9,00,8f,98,85,3a,8a,2a,62,67,\ 04,bd,19,01,63,28,ae,d1,1f,39,ef,16,7a,60,8e,ef,b1,4e,26,a6,6b,90,91,df,9e,\ 15,9f,aa,c0,8d,b8,2e,34,a6,a9,4c,de,17,08,e0,32,c1,8e,d1,fc,cc,38,91,b6,7d,\ 96,72,9d,57,c8,0c,d3,57,db,e8,b0,5f,61,93,60,be,2e,0c,2f,ed,85,41,61,72,b1,\ c9,b2,f5,56,82,79,29,f6,c1,ad,65,1e,f4,20,bb,bb,c2,c4,79,63,bd,e6,1a,8a,0b,\ 3a,54,d3,99,44,a8,00,42,3a,7a,d3,d7,2e,fb,1c,78,6d,da,ea,69,a1,e3,85,9e,4a,\ aa,68,2e,69,03,0a,e5,94,60,e7,e8,3a,ab,1d,bd,2d,85,0d,a0,cc,ce,d0,57,ea,cc,\ 9f,5f,fa,c4,97,57 "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1460) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe c:\progra~1\MICROS~2\rapimgr.exe c:\program files\Microsoft ActiveSync\WCESMgr.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\nvsvc32.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2009-01-07 22:36:33 - machine was rebooted [Fredrik] ComboFix-quarantined-files.txt 2009-01-07 21:36:28 Pre-Run: 68,877,484,032 bytes free Post-Run: 68,892,614,656 bytes free 488 --- E O F --- 2008-12-21 16:24:02 Lenke til kommentar
r2d290 Skrevet 11. januar 2009 Del Skrevet 11. januar 2009 (endret) For å svare på de uthevede linjene: O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) Denne hører egentlig til AVG, men det kan se ut til at du har prøvd å fjerne AVG til fordel for Norton? Isåfall er dette en rest som ikke ble fjernet, så du kan godt fjerne den. Men den skal altså normalt være trygg. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Dette er vel en av de få (no name)*******(no file) vi pleier å la være. Den kommer fra msn, og gjør ikke noen skade på maskinen. O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') ctfmon.exe is a process belonging to Microsoft Office Suite. It activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office XP Language Bar. (LEGG MERKE TIL AT MANGE VIRUS SKJULER SEG BAK DETTE NAVNET, ENTEN MED EN ANNEN ADRESSE, ELLER ET NAVN SOM LIKNER, eks. CTFM0N.exe (skrevet med en 0-er)) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll inetrepl.dll is a ActiveSync Favorite Synchronization Module from Microsoft Corporation belonging to Microsoft ActiveSync O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe xpnetdiag.exe is a Network Diagnostic for Windows XP from Microsoft Corporation belonging to Microsoft® Windows® Operating System HijackThis-loggen var med andre ord ren. Combofix-loggen inneholdt noen elementer som var ukjent for meg, så jeg foreslår at noen andre tar den delen edit: går i fotsporene til -smash-: siden du kjørte MBAM kan du godt poste mbam-loggen også Endret 11. januar 2009 av r2d290 Lenke til kommentar
Gavekort Skrevet 11. januar 2009 Forfatter Del Skrevet 11. januar 2009 For å svare på de uthevede linjene: O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) Denne hører egentlig til AVG, men det kan se ut til at du har prøvd å fjerne AVG til fordel for Norton? Isåfall er dette en rest som ikke ble fjernet, så du kan godt fjerne den. Men den skal altså normalt være trygg. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Dette er vel en av de få (no name)*******(no file) vi pleier å la være. Den kommer fra msn, og gjør ikke noen skade på maskinen. O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') ctfmon.exe is a process belonging to Microsoft Office Suite. It activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office XP Language Bar. (LEGG MERKE TIL AT MANGE VIRUS SKJULER SEG BAK DETTE NAVNET, ENTEN MED EN ANNEN ADRESSE, ELLER ET NAVN SOM LIKNER, eks. CTFM0N.exe (skrevet med en 0-er)) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll inetrepl.dll is a ActiveSync Favorite Synchronization Module from Microsoft Corporation belonging to Microsoft ActiveSync O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe xpnetdiag.exe is a Network Diagnostic for Windows XP from Microsoft Corporation belonging to Microsoft® Windows® Operating System HijackThis-loggen var med andre ord ren. Combofix-loggen inneholdt noen elementer som var ukjent for meg, så jeg foreslår at noen andre tar den delen edit: går i fotsporene til -smash-: siden du kjørte MBAM kan du godt poste mbam-loggen også Men eg har aldri hatt MS Office. Takk for hjelpen, korleis finn du info om slike ting? Lenke til kommentar
r2d290 Skrevet 12. januar 2009 Del Skrevet 12. januar 2009 Kontakt meg på PM hvis du vil ha nærmere info om analyse av logger Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå