Shax# Skrevet 19. juli 2009 Del Skrevet 19. juli 2009 (endret) Hei, jeg har hatt noen problemer med pcen i det siste, og lurer på om dette er virus, eller malware. MBAM LOGG: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.31Databaseversjon: 1582 Windows 6.0.6001 Service Pack 1 19.07.2009 10:10:02 mbam-log-2009-07-19 (10-09-58).txt Skanntype: Rask Skann Objekter skannet: 49821 Tid tilbakelagt: 6 minute(s), 9 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 31 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 2 Filer infisert: 7 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.BHO) -> No action taken. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.85.0 (Adware.Zango) -> No action taken. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\ProgramData\ZangoSA (Adware.Zango) -> No action taken. C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken. Filer infisert: C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken. C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken. C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken. C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken. COMBOFIX LOGG: Klikk for å se/fjerne innholdet nedenfor ComboFix 09-07-14.08 - Kai-Morten 19.07.2009 10:19.3.2 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3066.1916 [GMT 2:00] Kjører fra: c:\users\Kai-Morten\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-167869320-3240739295-1256932892-1001 c:\users\Kai-Morten\AppData\Roaming\WeatherDPA c:\users\Kai-Morten\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml c:\users\Kai-Morten\AppData\Roaming\Zango c:\windows\Installer\1523ee.msi c:\windows\Installer\1857f8.msi c:\windows\Installer\19c91b.msi c:\windows\Installer\19c91f.msi c:\windows\Installer\41d6df1.msi c:\windows\Installer\424d5a.msi c:\windows\Installer\775e2a.msi . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-19 til 2009-07-19 ))))))))))))))))))))))))))))))))) . 2009-07-16 19:57 . 2009-07-16 19:57 38208 ----a-w- c:\users\Kai-Morten\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-07-16 19:41 . 2009-07-16 19:41 -------- d-----w- c:\program files\Secunia 2009-07-16 07:52 . 2009-07-15 10:39 353048 ----a-w- c:\programdata\avg8\update\backup\avgxch32.dll 2009-07-16 07:52 . 2009-07-14 18:55 2301208 ----a-w- c:\programdata\avg8\update\backup\avguiadv.dll 2009-07-16 07:52 . 2009-07-14 18:55 1107224 ----a-w- c:\programdata\avg8\update\backup\avgssie.dll 2009-07-15 12:25 . 2009-07-15 12:25 -------- d-----w- c:\program files\MovieXplayer 2009-07-15 10:42 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-07-15 10:42 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-15 10:42 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-15 10:42 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-07-15 10:38 . 2009-07-14 18:55 1452312 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll 2009-07-15 10:38 . 2009-07-14 18:55 1085208 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe 2009-07-15 10:38 . 2009-07-14 18:55 755992 ----a-w- c:\programdata\avg8\update\backup\avginet.dll 2009-07-15 10:38 . 2009-07-14 18:55 587032 ----a-w- c:\programdata\avg8\update\backup\avgiproxy.exe 2009-07-14 20:06 . 2009-07-18 18:14 -------- d--h--w- C:\$AVG8.VAULT$ 2009-07-14 18:59 . 2009-06-02 11:38 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll 2009-07-14 18:55 . 2009-07-15 10:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-14 18:55 . 2009-07-14 18:55 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2009-07-14 18:55 . 2009-07-14 18:55 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-07-14 18:55 . 2009-07-19 07:52 -------- d-----w- c:\windows\system32\drivers\Avg 2009-07-14 18:55 . 2009-07-15 10:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-14 18:55 . 2009-07-14 18:59 -------- d-----w- c:\programdata\AVG Security Toolbar 2009-07-14 18:55 . 2009-07-15 10:39 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-14 18:55 . 2009-07-14 18:55 -------- d-----w- c:\programdata\avg8 2009-07-14 18:55 . 2009-07-14 18:55 -------- d-----w- c:\program files\AVG 2009-07-10 23:01 . 2009-07-10 23:01 3033712 ----a-w- c:\windows\system32\drivers\appdrv01.sys 2009-07-10 23:01 . 2009-07-10 23:01 316816 ----a-w- c:\windows\system32\appdrvrem01.exe 2009-07-10 21:02 . 2009-07-17 15:08 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\Pro Cycling Manager 2009 2009-07-10 20:39 . 2009-07-10 21:00 -------- d-----w- c:\program files\Cyanide 2009-06-29 20:59 . 2009-06-29 20:59 -------- d-----w- c:\windows\system32\Isklar Screensaver dir 2009-06-29 20:59 . 2009-06-29 20:59 201728 ----a-w- c:\windows\system32\Isklar Screensaver.scr 2009-06-28 15:48 . 2009-06-28 15:48 -------- d-----w- c:\program files\RMClock 2009-06-26 08:19 . 2009-06-26 08:19 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\Regensoft 2009-06-25 12:49 . 2009-06-25 12:49 -------- d-----w- c:\program files\Regensoft 2009-06-20 18:25 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-06-20 18:25 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-06-20 18:25 . 2009-06-20 18:25 -------- d-----w- c:\program files\iPod 2009-06-20 18:25 . 2009-06-20 18:25 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-20 18:25 . 2009-06-20 18:25 -------- d-----w- c:\program files\iTunes 2009-06-20 18:23 . 2009-06-20 18:23 -------- d-----w- c:\program files\QuickTime 2009-06-20 18:16 . 2009-06-20 18:16 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-19 08:17 . 2008-05-13 05:59 80798 ----a-w- c:\windows\system32\perfc014.dat 2009-07-19 08:17 . 2008-05-13 05:59 460618 ----a-w- c:\windows\system32\perfh014.dat 2009-07-19 08:12 . 2008-08-08 16:06 -------- d-----w- c:\program files\Launch Manager 2009-07-19 08:12 . 2009-01-28 17:45 -------- d-----w- c:\program files\Steam 2009-07-19 08:12 . 2008-08-08 15:43 63914 ----a-w- c:\programdata\nvModes.dat 2009-07-19 08:10 . 2008-08-08 15:44 12 ----a-w- c:\windows\bthservsdp.dat 2009-07-19 07:53 . 2009-01-10 12:32 -------- d-----w- c:\programdata\NOS 2009-07-18 22:39 . 2008-11-22 12:36 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\Azureus 2009-07-18 21:54 . 2009-02-16 16:58 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\uTorrent 2009-07-18 18:55 . 2009-03-01 10:54 -------- d-----w- c:\program files\SpeedFan 2009-07-17 09:05 . 2009-01-10 12:32 -------- d-----w- c:\program files\NOS 2009-07-16 19:57 . 2008-11-19 14:27 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-07-16 19:52 . 2008-08-09 23:35 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\vlc 2009-07-15 14:26 . 2009-03-27 13:58 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\Spotify 2009-07-15 13:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-15 10:39 . 2009-07-15 10:40 3403032 ----a-w- c:\programdata\avg8\update\backup\avgui.exe 2009-07-14 14:01 . 2009-06-15 13:18 -------- d-----w- c:\programdata\Avira 2009-07-14 10:10 . 2008-08-08 18:38 -------- d-----w- c:\program files\Java 2009-07-09 20:00 . 2008-10-26 20:26 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\FileZilla 2009-07-03 09:28 . 2009-03-20 15:26 -------- d-----w- c:\program files\Common Files\Steam 2009-06-26 13:21 . 2008-11-16 19:45 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\Download Manager 2009-06-26 11:14 . 2008-12-27 16:06 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\Sony 2009-06-26 09:15 . 2008-10-26 20:24 -------- d-----w- c:\program files\FileZilla FTP Client 2009-06-26 08:21 . 2009-02-27 14:01 -------- d-----w- c:\program files\Common Files\Real 2009-06-25 13:13 . 2009-03-12 20:13 -------- d-----w- c:\program files\DoremiSoft 2009-06-20 19:11 . 2008-08-09 15:45 7592 ----a-w- c:\users\Kai-Morten\AppData\Local\d3d9caps.dat 2009-06-20 18:25 . 2008-11-28 16:59 -------- d-----w- c:\programdata\Apple Computer 2009-06-18 13:45 . 2008-11-14 11:34 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\mIRC 2009-06-18 13:42 . 2009-06-18 13:41 -------- d-----w- c:\program files\mIRC 2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys 2009-06-14 12:46 . 2008-08-24 19:16 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\LimeWire 2009-06-04 13:34 . 2009-06-04 13:34 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\Sony Creative Software 2009-06-04 13:21 . 2009-06-04 13:21 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\Publish Providers 2009-06-04 13:14 . 2009-06-04 13:14 -------- d-----w- c:\programdata\Sony 2009-06-04 13:14 . 2009-06-04 13:14 -------- d-----w- c:\program files\Sony 2009-06-02 20:12 . 2009-04-04 21:57 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\Skype 2009-05-31 17:27 . 2009-05-31 17:25 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\Web Page Maker 2009-05-31 17:26 . 2009-05-31 17:25 -------- d-----w- c:\program files\Web Page Maker 2009-05-30 08:19 . 2009-05-30 08:19 -------- d-----w- c:\program files\Hand-Crafted Software 2009-05-29 14:26 . 2009-05-11 19:47 -------- d-----w- c:\users\Kai-Morten\AppData\Roaming\Hamachi 2009-05-28 19:28 . 2009-05-28 19:27 -------- d-----w- c:\program files\Boilsoft MOV Converter 2009-05-27 19:37 . 2009-05-27 19:37 -------- d-----w- c:\programdata\TVU Networks 2009-05-27 12:54 . 2009-05-27 12:54 -------- d-----w- c:\program files\Real 2009-05-23 20:57 . 2009-05-23 20:31 -------- d-----w- c:\program files\Windows Live 2009-05-21 20:06 . 2009-04-02 14:29 -------- d-----w- c:\program files\Image-Line 2009-05-21 09:33 . 2008-11-01 23:30 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-11 19:46 . 2009-05-11 19:46 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-05-09 12:11 . 2009-05-02 09:01 34 ----a-w- c:\users\Kai-Morten\jagex_runescape_preferences.dat 2009-05-09 08:36 . 2008-08-08 15:45 397008 ----a-w- c:\users\Kai-Morten\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-09 05:50 . 2009-06-10 12:18 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-09 05:34 . 2009-06-10 12:18 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-05-04 13:03 . 2009-05-04 13:03 59904 ----a-w- c:\windows\system32\zlib1.dll 2009-05-04 12:53 . 2009-05-04 12:53 286720 ----a-w- c:\windows\system32\libcurl.dll 2009-05-04 12:53 . 2009-05-04 12:53 196608 ----a-w- c:\windows\system32\ssleay32.dll 2009-05-04 12:53 . 2009-05-04 12:53 143360 ----a-w- c:\windows\system32\libexpatw.dll 2009-04-30 12:37 . 2009-06-14 03:26 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-04-30 12:37 . 2009-06-14 03:26 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-04-23 19:48 . 2009-04-23 19:48 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS 2009-04-23 12:43 . 2009-06-10 12:17 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:42 . 2009-06-10 12:18 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-21 19:01 . 2008-12-02 19:29 180 ----a-w- c:\users\Kai-Morten\AppData\Roaming\Azureus\restart.bat 2009-04-21 11:55 . 2009-06-10 12:18 2033152 ----a-w- c:\windows\system32\win32k.sys 2008-08-09 07:28 . 2008-08-09 07:28 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-02 11:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2008-07-30 2865152] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-14 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "RegistryMechanic"="c:\program files\Registry Mechanic\rmtray.exe" [2008-07-03 812952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-08 13601312] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-08 92704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-01 793096] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-14 1948440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk] backup=c:\windows\pss\Acer VCM.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP3000 ????.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3000 ????.lnk backup=c:\windows\pss\Canon LBP3000 ????.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk] backup=c:\windows\pss\ShortKeys 2.lnk.CommonStartup backupExtension=.CommonStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1778150080-963567772-2609252161-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{D2B1AD69-FAF1-479D-802C-B633829E10B8}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{72809BB2-06E8-402B-A447-05B28C6DD4AA}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "{459BA5F8-42B4-4D41-B4CC-7BB099443075}"= UDP:c:\program files\Spotify\spotify.exe:Spotify "{C82F506A-7F9A-42C2-84F0-3F19E31A7FCA}"= TCP:c:\program files\Spotify\spotify.exe:Spotify "TCP Query User{E543AD21-BA32-486F-8A5C-F60F2B4539C0}c:\\program files\\steam\\steamapps\\mini097\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\mini097\team fortress 2\hl2.exe:hl2 "UDP Query User{C1E61B72-D997-486C-AF90-454360863147}c:\\program files\\steam\\steamapps\\mini097\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\mini097\team fortress 2\hl2.exe:hl2 "TCP Query User{D6E75C09-A157-4212-A3F2-2B5659E8365B}c:\\program files\\steam\\steamapps\\mini097\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mini097\day of defeat source\hl2.exe:hl2 "UDP Query User{80E221BB-E7FE-4393-8C0D-1A96B441753D}c:\\program files\\steam\\steamapps\\mini097\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mini097\day of defeat source\hl2.exe:hl2 "TCP Query User{6C78F3A3-CECE-4715-B964-576489BEFF14}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "UDP Query User{D1A0FD94-81D4-4607-8315-3EE7F1244412}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "{F16BECE8-AE81-4FAD-A307-2145C67CD6F0}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{7862458C-C902-4C92-8398-44878AB91FE5}"= c:\program files\Skype\Phone\Skype.exe:Skype "{4FD197D4-528B-4361-9498-083472B758E4}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{404C7417-236E-45AA-ABC1-193AF4601813}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{41FB19B2-42DB-4E24-8FFB-7E3B45DEB555}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "{09CE8107-3487-46EA-A8E6-B5F1B6045967}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{898150DE-F474-422A-89E9-ED91370C8FC4}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{E698EC0C-4A31-4F4E-B83A-D7BC586E71DE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{E5885544-8AC2-47A2-95C9-AD4FA097AD1D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{BCCECD40-DF41-4DA0-8B70-DDCEFE782411}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{FBFBCEF5-0502-4180-8E84-65EAC842DABD}c:\\program files\\steam\\steamapps\\mini097\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mini097\counter-strike source\hl2.exe:hl2 "UDP Query User{F4191C13-B253-489F-92C7-6BCE77B265E3}c:\\program files\\steam\\steamapps\\mini097\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mini097\counter-strike source\hl2.exe:hl2 "TCP Query User{8690D63F-CD9D-459E-A10E-E8F69F037D73}c:\\program files\\sony\\vegas pro 9.0\\vegsrv90.exe"= UDP:c:\program files\sony\vegas pro 9.0\vegsrv90.exe:Sony Vegas Network Render Service Control "UDP Query User{7E648489-03CA-4B3B-A852-EDFEAC155AB2}c:\\program files\\sony\\vegas pro 9.0\\vegsrv90.exe"= TCP:c:\program files\sony\vegas pro 9.0\vegsrv90.exe:Sony Vegas Network Render Service Control "TCP Query User{1559C738-374A-461B-ADC2-4624CA7EAFF0}c:\\program files\\steam\\steamapps\\mini097\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\mini097\source sdk base\hl2.exe:hl2 "UDP Query User{739D4C48-0F5A-44FC-9B83-494839B3047B}c:\\program files\\steam\\steamapps\\mini097\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\mini097\source sdk base\hl2.exe:hl2 "TCP Query User{84E0581D-82A0-44CC-829F-BA830150B05E}c:\\games\\team fortress 2\\hl2.exe"= UDP:c:\games\team fortress 2\hl2.exe:hl2 "UDP Query User{693D616C-B141-487B-83F0-1851C100E45F}c:\\games\\team fortress 2\\hl2.exe"= TCP:c:\games\team fortress 2\hl2.exe:hl2 "TCP Query User{E450FB8E-FA9D-478C-AF50-332FE69FCD76}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{E1CCC0A2-D7D4-42C3-8A8E-0248D8FC2A5C}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "TCP Query User{D0BF89CA-3BD9-4481-AF72-AD7810FC8660}f:\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:f:\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game "UDP Query User{91AF7BC1-58DA-41B9-A4D3-34411448C692}f:\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:f:\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game "{824C4225-D8AA-4316-9836-E997871DCE35}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{BDA02CEA-1901-4C09-8EF7-E318A5C7465D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{287F8B2A-A6FC-4A4E-8622-30AEEB1D9CF1}c:\\program files\\steam\\steamapps\\mini097\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mini097\counter-strike source\hl2.exe:hl2 "UDP Query User{10798B4E-8DDB-48E9-A5C6-F7A3F2AD15E7}c:\\program files\\steam\\steamapps\\mini097\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mini097\counter-strike source\hl2.exe:hl2 "TCP Query User{8CF83C4C-8CEB-4175-8D4A-16D4278EB338}f:\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:f:\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game "UDP Query User{B722BE5A-4FD4-4825-B793-61D28518D4E2}f:\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:f:\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game "{F00EEE24-898C-41EB-BC11-3DA9C19A7988}"= UDP:c:\program files\Spotify\spotify.exe:Spotify "{A0BA8647-E158-453E-A207-E413DFF43C52}"= TCP:c:\program files\Spotify\spotify.exe:Spotify "{4B427EC8-979D-4951-901F-FB287FA6D8AB}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter "{7EE700B7-FA4A-4CCC-8328-428EFCF3E2D9}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter "{78E82906-9D40-467A-83BE-181D32DA9D6B}"= UDP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe:Pro Cycling Manager - Season 2009 "{DC68625E-0E7F-423A-8719-3094EC9EC276}"= TCP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe:Pro Cycling Manager - Season 2009 "{D1F52FDF-6C82-4376-8454-DAB72000D41C}"= UDP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:Pro Cycling Manager - Season 2009 - AutoRun "{4F767C5F-17B3-4CB2-893F-4416D3EBE69D}"= TCP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:Pro Cycling Manager - Season 2009 - AutoRun "{70D86726-3092-4794-8EAC-0BE6099C3BEA}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe "{0F1C8E63-1DFF-4687-80A7-0107C494C40C}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe "{FCC9C0A0-331E-446F-BF8A-6412461DE393}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe "{9795D952-A102-4A70-B490-5E1F827F4213}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{352207F0-86BD-491F-A5EF-929CE8F0F12D}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{33796953-252D-4971-B73A-9939D4CC59E5}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "TCP Query User{89E36492-B2FD-4B69-978C-ECE66AE27E8B}c:\\program files\\cyanide\\pro cycling manager - season 2009\\pcm.exe"= UDP:c:\program files\cyanide\pro cycling manager - season 2009\pcm.exe:Pro Cycling Manager "UDP Query User{6023F677-9FFF-4752-8272-FA9A1D32C819}c:\\program files\\cyanide\\pro cycling manager - season 2009\\pcm.exe"= TCP:c:\program files\cyanide\pro cycling manager - season 2009\pcm.exe:Pro Cycling Manager [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DisabledInterfaces"= {89364BD1-3FDC-4C7D-A34A-C3D9137A83A2} [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "d:\\Vuze Downloads\\Spotify\\Generator.exe"= d:\vuze downloads\Spotify\Generator.exe:*:Enabled:Windows Service R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [14.07.2009 20:55 12552] R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [11.07.2009 01:01 3033712] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [14.07.2009 20:55 335752] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [14.07.2009 20:55 108552] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15.01.2009 17:17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15.01.2009 17:17 55024] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/03/22 06:52];c:\program files\Acer Arcade Deluxe\PlayMovie00.fcl [22.03.2009 07:52 87536] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [14.07.2009 20:55 907032] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [14.07.2009 20:55 298776] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03.03.2008 13:11 16384] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [12.05.2008 22:36 24576] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [06.04.2008 22:42 50424] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [04.04.2008 03:03 131072] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [08.08.2008 18:05 233472] R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [23.12.2008 14:44 185640] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 08:40 3668480] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [24.09.2008 17:09 45600] S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?] S2 gupdate1c998e3d45f50eb;Googles oppdateringstjeneste (gupdate1c998e3d45f50eb);c:\program files\Google\Update\GoogleUpdate.exe [27.02.2009 16:01 133104] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21.01.2008 04:23 179712] S3 Dfrsvrt;Dfrsvrt; [x] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?] S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [08.08.2008 17:57 84240] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PortTalk;PortTalk;c:\windows\System32\drivers\porttalk.sys [27.04.2009 11:07 3567] S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [17.06.2009 14:20 12648] S3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [28.06.2009 17:48 4608] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15.01.2009 17:17 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 14:00] 2009-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 14:00] 2009-07-19 c:\windows\Tasks\User_Feed_Synchronization-{B0CBF002-F36A-4C32-B9F5-AA7F13E2448B}.job - c:\windows\system32\msfeedssync.exe [2009-03-28 11:31] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.sol.no/ mStart Page = hxxp://no.intl.acer.yahoo.com DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-19 10:26 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie00.fcl" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1778150080-963567772-2609252161-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:13,ea,92,c0,d9,f7,f2,b1,39,d0,79,d0,a7,c9,e4,70,a8,a6,9d,c8,e1,5a,3e, 7e,05,cf,97,9f,30,bf,0b,fb,f4,7f,ad,3f,62,bc,54,fe,03,18,c7,66,ef,82,13,ef,\ "??"=hex:3f,88,3e,1b,75,c2,3a,68,0d,c4,17,68,8a,15,11,f4 [HKEY_USERS\S-1-5-21-1778150080-963567772-2609252161-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:c7,88,b9,26,bd,92,c8,03,d9,a5,c8,a0,2f,64,60,cc,4f,93,c0,aa,28, 23,74,16,25,23,57,19,a6,2e,57,5a,54,8f,26,37,83,5e,a2,36,47,39,d6,63,8b,d4,\ "rkeysecu"=hex:d1,42,e6,45,b6,66,40,22,9e,75,f9,7e,2f,0f,87,0b [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2009-07-19 10:27 ComboFix-quarantined-files.txt 2009-07-19 08:27 ComboFix2.txt 2009-01-10 23:43 ComboFix3.txt 2009-01-10 22:46 Pre-Run: 51 570 745 344 byte ledig Post-Run: 51 696 803 840 byte ledig 378 --- E O F --- 2009-07-17 10:52 Kan dere være så snill å hjelpe meg? EDIT: HJT LOGG(Oppdatert) Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:57:25, on 19.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\OSCAR Editor\OscarEditor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Registry Mechanic\regmech.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor\OscarEditor.exe" Minimum O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\rmtray.exe /H O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing) O23 - Service: Googles oppdateringstjeneste (gupdate1c998e3d45f50eb) (gupdate1c998e3d45f50eb) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 9829 bytes Endret 19. juli 2009 av mini097 Lenke til kommentar
Atiks Skrevet 19. juli 2009 Del Skrevet 19. juli 2009 Jeg ser at det er mange ting som er infisert, har du slettet alle filene da? Og post en HJT logg Link til HJT. Lenke til kommentar
Shax# Skrevet 19. juli 2009 Forfatter Del Skrevet 19. juli 2009 (endret) HJT LOGG: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:30:48, on 19.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\OSCAR Editor\OscarEditor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Registry Mechanic\regmech.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\conime.exe C:\Windows\system32\notepad.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor\OscarEditor.exe" Minimum O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\rmtray.exe /H O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing) O23 - Service: Googles oppdateringstjeneste (gupdate1c998e3d45f50eb) (gupdate1c998e3d45f50eb) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 10094 bytes Hva mener du med slettet de? Jeg vet ikke hva jeg skal slette. Og jeg vet ikke hvordan jeg skal slette de. Endret 19. juli 2009 av mini097 Lenke til kommentar
Shax# Skrevet 19. juli 2009 Forfatter Del Skrevet 19. juli 2009 Btw. Jeg har Acer Aspire 5930G, Windows Vista Home Premium vist det har noe å si. Lenke til kommentar
Atiks Skrevet 19. juli 2009 Del Skrevet 19. juli 2009 (endret) Jeg ment da mbam var ferdig fikk du liste over alle virusene som var på dataen der var det en slett knapp også, så slette du de infiserte tingene? Og slett denne i HJT O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab Endret 19. juli 2009 av snippern Lenke til kommentar
Shax# Skrevet 19. juli 2009 Forfatter Del Skrevet 19. juli 2009 Ja, jeg trykte Fjern alle. Men jeg vet ikke om alt ble fjernet. Lenke til kommentar
Shax# Skrevet 19. juli 2009 Forfatter Del Skrevet 19. juli 2009 Hvordan sletter jeg den da? Lenke til kommentar
Atiks Skrevet 19. juli 2009 Del Skrevet 19. juli 2009 (endret) Da HJT scannet og ble ferdig kunne du hakke av filer der, så det du må er å hakke av det jeg skrev. Endret 19. juli 2009 av snippern Lenke til kommentar
Shax# Skrevet 19. juli 2009 Forfatter Del Skrevet 19. juli 2009 (endret) Sletta den nå Skal du ha ny logg? Isåfall NY HJT LOGG: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:57:25, on 19.07.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\OSCAR Editor\OscarEditor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Registry Mechanic\regmech.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor\OscarEditor.exe" Minimum O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\rmtray.exe /H O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing) O23 - Service: Googles oppdateringstjeneste (gupdate1c998e3d45f50eb) (gupdate1c998e3d45f50eb) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 9829 bytes Endret 19. juli 2009 av mini097 Lenke til kommentar
Atiks Skrevet 19. juli 2009 Del Skrevet 19. juli 2009 Jeg vet ikke hvordan mann ser Combofix ,men scann pcen med sas og post loggen her er link til sas Lenke til kommentar
Shax# Skrevet 19. juli 2009 Forfatter Del Skrevet 19. juli 2009 Dette kan sikkert ta litt tid med SAS, men hvor havner loggen? Lenke til kommentar
Shax# Skrevet 19. juli 2009 Forfatter Del Skrevet 19. juli 2009 Ser HJT loggene fine ut? Jeg legger ut SAS loggen når det er ferdig. Lenke til kommentar
Atiks Skrevet 19. juli 2009 Del Skrevet 19. juli 2009 logger opp automatisk vis jeg ikke husker feil Lenke til kommentar
Shax# Skrevet 19. juli 2009 Forfatter Del Skrevet 19. juli 2009 OK;) Kanskje Norbat kan gi svar på Combofix ^^ Ser han leser i tråden nå Lenke til kommentar
norbat Skrevet 19. juli 2009 Del Skrevet 19. juli 2009 Combofixloggen ser grei ut. Fortsett med veilendingen til snippern. (loggen finner du under Innstillinger->Statistikk/logg) (Malwarebytesloggen viser noen linjer som antakelig vil dukke opp ved neste skann med programmet - de som står under Filer infisert. De trenger du ikke å bekymre deg for.) Lenke til kommentar
Shax# Skrevet 19. juli 2009 Forfatter Del Skrevet 19. juli 2009 Ok;) Er de egentlig ikke farlige? SAS har funnet 43 infiserte til nå, er ikke ferdig enda da. Lenke til kommentar
Atiks Skrevet 19. juli 2009 Del Skrevet 19. juli 2009 prøv avira sin antivirus viss du tror at du forsatt har virus. Jeg sa det på grunn av da jeg testet de tre antivirus programmene fant sas og mbam samme ,men avira fant helt annet. Lenke til kommentar
Shax# Skrevet 19. juli 2009 Forfatter Del Skrevet 19. juli 2009 Jeg har AVG Premium, hadde avira før. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå