MKej Skrevet 1. juli 2009 Del Skrevet 1. juli 2009 Hei Har problem med nettet når jeg surfer, alt går i sirup men av og til går det fort. Men når jeg lastet ned ting med utorrent f.eks går det kjapt.. Her er HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:09:45, on 01.07.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\fntqxrl.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Opera\opera.exe C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [egui] "C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CTCheck] C:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [fntqxrl] C:\WINDOWS\system32\fntqxrl.exe \u O4 - HKLM\..\Run: [TrojanScanner] C:\Programfiler\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-21-1935655697-838170752-1417001333-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres') O4 - HKUS\S-1-5-21-1935655697-838170752-1417001333-1004\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'postgres') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Poker\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programfiler\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 9642 bytes ComboFix Log fil: ComboFix 09-06-29.07 - Mads Kristensen 01.07.2009 16:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1023.511 [GMT 2:00] Kjører fra: c:\documents and settings\Mads Kristensen\Skrivebord\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Mads Kristensen\Programdata\inst.exe . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NICSK32 ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-01 til 2009-07-01 ))))))))))))))))))))))))))))))))) . 2009-07-01 14:17 . 2009-07-01 14:17 -------- d-----w- c:\programfiler\Trend Micro 2009-07-01 14:13 . 2009-07-01 14:13 -------- d-----w- c:\documents and settings\Mads Kristensen\Programdata\Malwarebytes 2009-07-01 14:13 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-01 14:13 . 2009-07-01 14:13 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-07-01 14:12 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-01 14:12 . 2009-07-01 14:13 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-06-29 01:07 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-06-29 01:07 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-06-29 01:06 . 2009-06-29 01:06 -------- d-----w- c:\programfiler\iPod 2009-06-29 01:04 . 2009-06-29 01:07 -------- d-----w- c:\programfiler\iTunes 2009-06-29 00:59 . 2009-06-29 01:01 -------- d-----w- c:\programfiler\QuickTime 2009-06-26 01:59 . 2009-06-26 01:59 -------- d-----w- c:\documents and settings\Mads Kristensen\Programdata\Move Networks 2009-06-26 01:59 . 2009-06-26 01:59 971776 ----a-w- c:\documents and settings\Mads Kristensen\Programdata\Mozilla\Firefox\Profiles\79tbye7a.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll 2009-06-22 13:02 . 2009-06-13 18:00 3015544 ----a-w- c:\documents and settings\Mads Kristensen\Programdata\Simply Super Software\Trojan Remover\aqj77A.exe 2009-06-21 23:33 . 2009-06-21 23:33 -------- d-----w- c:\documents and settings\Mads Kristensen\Lokale innstillinger\Programdata\P5 2009-06-20 18:02 . 2004-05-04 10:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll 2009-06-20 18:01 . 2009-06-20 18:02 -------- d-----w- c:\programfiler\BurnAware Free 2009-06-17 17:22 . 2009-06-17 17:22 -------- d-----w- c:\documents and settings\All Users\Programdata\vsosdk 2009-06-17 11:14 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2009-06-17 11:14 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2009-06-17 11:14 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2009-06-17 11:14 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2009-06-17 11:14 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2009-06-17 11:14 . 2009-06-17 11:14 -------- d-----w- c:\programfiler\Trojan Remover 2009-06-17 11:14 . 2009-06-17 11:14 -------- d-----w- c:\documents and settings\All Users\Programdata\Simply Super Software 2009-06-17 11:14 . 2009-06-17 11:14 -------- d-----w- c:\documents and settings\Mads Kristensen\Programdata\Simply Super Software 2009-06-17 10:56 . 2009-06-17 10:56 30208 ----a-w- c:\windows\system32\fntqxrl.exe 2009-06-17 10:56 . 2009-06-17 10:56 30208 ----a-w- c:\documents and settings\Mads Kristensen\ftbku.exe.vir 2009-06-16 21:49 . 2009-07-01 12:51 -------- d--h--r- c:\documents and settings\Mads Kristensen\Siste 2009-06-16 11:35 . 2009-06-16 11:35 16742799 ----a-w- c:\documents and settings\All Users\Programdata\vlc-0.9.9-win32.exe 2009-06-16 09:12 . 2009-06-16 09:12 -------- d-----w- c:\documents and settings\Mads Kristensen\Programdata\Apple Computer 2009-06-16 09:11 . 2009-06-16 09:12 -------- d-----w- c:\documents and settings\All Users\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-16 09:10 . 2009-06-16 09:10 -------- d-----w- c:\programfiler\Bonjour 2009-06-16 09:09 . 2009-06-29 00:58 -------- d-----w- c:\documents and settings\All Users\Programdata\Apple Computer 2009-06-16 09:08 . 2009-06-16 09:08 -------- d-----w- c:\documents and settings\Mads Kristensen\Lokale innstillinger\Programdata\Apple 2009-06-16 09:08 . 2009-06-16 09:08 -------- d-----w- c:\programfiler\Apple Software Update 2009-06-16 09:07 . 2009-06-29 01:06 -------- d-----w- c:\programfiler\Fellesfiler\Apple 2009-06-16 09:07 . 2009-06-16 09:07 -------- d-----w- c:\documents and settings\All Users\Programdata\Apple 2009-06-16 09:06 . 2009-06-16 09:12 -------- d-----w- c:\documents and settings\Mads Kristensen\Lokale innstillinger\Programdata\Apple Computer 2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-01 13:54 . 2008-09-20 22:24 -------- d-----w- c:\documents and settings\Mads Kristensen\Programdata\uTorrent 2009-06-27 18:40 . 2008-09-21 10:44 -------- d-----w- c:\documents and settings\Mads Kristensen\Programdata\mIRC 2009-06-27 18:13 . 2008-09-21 10:44 -------- d-----w- c:\programfiler\mIRC 2009-06-22 13:05 . 2008-09-21 01:56 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP 2009-06-22 12:44 . 2008-12-11 21:45 -------- d-----w- c:\programfiler\MediaMonkey 2009-06-22 12:12 . 2008-09-20 23:09 -------- d-----w- c:\programfiler\Spybot - Search & Destroy 2009-06-18 19:31 . 2001-10-09 12:00 67670 ----a-w- c:\windows\system32\perfc014.dat 2009-06-18 19:31 . 2001-10-09 12:00 399216 ----a-w- c:\windows\system32\perfh014.dat 2009-06-17 17:38 . 2008-11-29 17:53 -------- d-----w- c:\programfiler\DVDFab 5 2009-06-17 11:48 . 2008-09-21 01:39 -------- d-----w- c:\programfiler\Everest Poker 2009-06-17 11:27 . 2008-09-21 00:05 -------- d-----w- c:\programfiler\Fellesfiler\Nero 2009-06-16 01:05 . 2009-03-02 17:12 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help 2009-05-23 19:39 . 2008-12-27 17:16 -------- d-----w- c:\programfiler\Full Tilt Poker 2009-05-15 15:30 . 2009-04-12 14:59 -------- d-----w- c:\programfiler\B2BPOKER 2009-05-07 15:34 . 2008-04-14 07:22 346112 ----a-w- c:\windows\system32\localspl.dll 2009-05-01 10:41 . 2009-05-01 10:42 38208 ----a-w- c:\documents and settings\Mads Kristensen\Programdata\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-04-29 04:50 . 2008-05-07 16:50 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:49 . 2008-05-07 16:49 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-19 19:51 . 2008-04-14 06:43 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:55 . 2008-04-14 07:22 585216 ----a-w- c:\windows\system32\rpcrt4.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] "CTSyncU.exe"="c:\programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "IntelliPoint"="c:\programfiler\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840] "egui"="c:\programfiler\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "CTCheck"="c:\programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "fntqxrl"="c:\windows\system32\fntqxrl.exe" [2009-06-17 30208] "TrojanScanner"="c:\programfiler\Trojan Remover\Trjscan.exe" [2009-06-01 1059720] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-06-05 292136] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-06-18 67584] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-26 113664] hp psc 1000 series.lnk - c:\programfiler\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456] hpoddt01.exe.lnk - c:\programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"= "c:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "c:\\Programfiler\\Opera\\opera.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\B2BPOKER\\DailyPoker\\jre\\bin\\javaw.exe"= "c:\\Programfiler\\B2BPOKER\\Fjordbet\\jre\\bin\\javaw.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\WgaTray.exe"= "c:\\Programfiler\\ESET\\ESET NOD32 Antivirus\\egui.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\fntqxrl.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [01.07.2008 09:04 34312] R2 ekrn;Eset Service;c:\programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe [01.07.2008 09:02 468224] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programfiler\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "c:\programfiler\PostgreSQL\8.3\data\" --> c:\programfiler\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}] c:\programfiler\PixiePack Codec Pack\InstallerHelper.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-02-08 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8225026257.job - c:\programfiler\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52] 2009-07-01 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-07-01 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-07-01 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 20:18] . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-NeroFilterCheck - c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe . ------- Tilleggsskanning ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe FF - ProfilePath - c:\documents and settings\Mads Kristensen\Programdata\Mozilla\Firefox\Profiles\79tbye7a.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p= FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\documents and settings\Mads Kristensen\Programdata\Mozilla\Firefox\Profiles\79tbye7a.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-01 16:47 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(3672) c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\WgaTray.exe c:\windows\system32\rundll32.exe c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\programfiler\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\programfiler\PostgreSQL\8.3\bin\pg_ctl.exe c:\windows\system32\IoctlSvc.exe c:\programfiler\PostgreSQL\8.3\bin\postgres.exe c:\programfiler\PostgreSQL\8.3\bin\postgres.exe c:\programfiler\PostgreSQL\8.3\bin\postgres.exe c:\programfiler\PostgreSQL\8.3\bin\postgres.exe c:\programfiler\PostgreSQL\8.3\bin\postgres.exe c:\programfiler\PostgreSQL\8.3\bin\postgres.exe c:\programfiler\iPod\bin\iPodService.exe . ************************************************************************** . Tidspunkt ferdig: 2009-07-01 16:53 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-07-01 14:53 Pre-Run: 41 827 954 688 byte ledig Post-Run: 42 365 702 144 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 223 --- E O F --- 2009-06-17 11:34 Setter stor pris på alt av hjelp jeg får... Lenke til kommentar
Atiks Skrevet 9. juli 2009 Del Skrevet 9. juli 2009 (endret) Du må fjerne denne i hijackthis loggen: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) ,men combofix loggen vet jeg ikke. Vis du synes pcen går sakte bruk ccleaner for eksempel og installer også et antivirus for eksempel avira og en brannmur. Vis dataen går forsatt sakte kan du fjern disse fra hijackthis loggen tror jeg: C:\WINDOWS\system32\fntqxrl.exe O4 - HKLM\..\Run: [fntqxrl] C:\WINDOWS\system32\fntqxrl.exe \u Kind O4 - HKUS\S-1-5-21-1935655697-838170752-1417001333-1004\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'postgres') O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab Endret 9. juli 2009 av xtryk Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå