Bartin Skrevet 22. juli 2008 Del Skrevet 22. juli 2008 Malware logg Malwarebytes' Anti-Malware 1.22 Database versjon: 978 Windows 5.1.2600 Service Pack 2 15:01:38 22.07.2008 mbam-log-7-22-2008 (15-01-38).txt Skanntype: Full Skann (C:\|) Objekter skannet: 98771 Tid tilbakelagt: 45 minute(s), 38 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 5 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 2 Filer infisert: 62 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\WINDOWS\system32\iDlo18 (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Programdata\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. Filer infisert: C:\Programfiler\TTC.dll (Adware.TTC) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Documents and Settings\Eier\f.exe.vir (Spyware.FirePass) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Programfiler\Fellesfiler\Yazzle1560OinAdmin.exe.vir (Adware.ClickSpring) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Programfiler\Svconr\Svconr.exe.vir (Trojan.Clicker) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\Fonts\Crack.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\aqVreo18\aqVreo182328.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP421\A0590914.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP421\A0593881.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP456\A0626043.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP456\A0626050.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP456\snapshot\MFEX-1.DAT (Adware.TTC) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP458\A0628050.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP458\A0628047.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP459\A0629062.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP459\A0629063.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP459\A0629064.exe (Trojan.Insider) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP459\A0629065.exe (Trojan.Insider) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP459\A0629066.exe (Adware.Insider) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP460\A0630047.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP460\A0630079.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP460\A0631037.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP460\A0631047.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631450.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631456.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631458.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631461.exe (Adware.Insider) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631462.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631464.exe (Adware.ClickSpring) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631465.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631466.exe (Trojan.Insider) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631467.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631468.exe (Adware.Insider) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631469.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631477.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631478.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631479.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0631485.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0632485.exe (Trojan.Insider) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0632486.exe (Adware.ClickSpring) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0632487.exe (Adware.ClickSpring) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0632488.dll (Adware.ClickSpring) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0632491.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0632494.dll (Adware.CommAd) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0632495.exe (Adware.CommAd) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0632496.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP462\A0632497.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP463\A0632532.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP463\A0632533.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP463\A0632534.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP464\A0632619.exe (Spyware.FirePass) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP464\A0632621.exe (Adware.ClickSpring) -> Quarantined and deleted successfully. C:\WINDOWS\b999.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vntiho18\vntiho182328.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\axs9\key89104.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iDlo18\iDlo182328.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Programdata\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\n.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\BMfb8f3b4f.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BMfb8f3b4f.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\GJESTEKONTO\Programdata\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Eier\Programdata\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully. Hijackthis logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:03:36, on 22.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programfiler\HP\Smart Web Printing\hpswp_clipbook.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\Programfiler\internet explorer\iexplore.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Eier\Skrivebord\hijackkk\test.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettby.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programfiler\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [showLOMControl] O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [CTCheck] C:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: GameSpot Download Manager.lnk = C:\Documents and Settings\Eier\Skrivebord\GameSpot\GameSpotDownloadManager_Win32.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/ O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/SU1.5/ocx/15030/CTSUEng.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by136fd.bay136.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://217.197.149.13/activex/AMC.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - http://195.136.36.165/activex/AMC.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://cam.butovonet.ru/activex/AMC.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by136fd.bay136.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/SU1.5/ocx/15033/CTPID.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O24 - Desktop Component 1: (no name) - http://www.vg.no/ -- End of file - 10221 bytes Lenke til kommentar
norbat Skrevet 22. juli 2008 Forfatter Del Skrevet 22. juli 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [showLOMControl] Oppdater Java: http://java.com/en/download/index.jsp Post en ny combofix-logg, så ser vi om det er noe mer å gjøre. Hvordan kjører forøvrig pc'n? Lenke til kommentar
Bartin Skrevet 22. juli 2008 Del Skrevet 22. juli 2008 combofix ComboFix 08-07-21.1 - Eier 2008-07-22 15:33:45.3 - NTFSx86 Running from: C:\Documents and Settings\Eier\Skrivebord\combofix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Eier\Lokale innstillinger\Temporary Internet Files\bestwiner.stt . ((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))) . 2008-07-22 15:31 . 2008-07-22 15:31 <DIR> d-------- C:\Programfiler\Sun 2008-07-22 15:01 . 2008-07-22 15:01 <DIR> d-------- C:\WINDOWS\LastGood 2008-07-22 14:11 . 2008-07-22 14:11 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\Malwarebytes 2008-07-22 14:11 . 2008-07-22 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-07-22 14:11 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-22 14:11 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-22 01:38 . 2008-07-22 14:03 <DIR> dr-h----- C:\Documents and Settings\Eier\Siste 2008-07-22 01:37 . 2008-07-22 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-22 01:36 . 2008-07-22 01:36 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-22 01:36 . 2008-07-22 01:36 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\SUPERAntiSpyware.com 2008-07-22 01:35 . 2008-07-22 01:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-22 01:31 . 2008-07-22 01:31 <DIR> d-------- C:\Programfiler\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-22 13:31 --------- d-----w C:\Programfiler\Java 2008-07-22 11:50 --------- d-----w C:\Programfiler\Steam 2008-07-21 22:59 --------- d-----w C:\Documents and Settings\Eier\Programdata\LimeWire 2008-07-21 22:54 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-01-21 19:31 63,408 ----a-w C:\Documents and Settings\Eier\Programdata\GDIPFONTCACHEV1.DAT 2007-01-26 12:31 62,400 ----a-w C:\Documents and Settings\GJESTEKONTO\Programdata\GDIPFONTCACHEV1.DAT 2004-07-22 08:51 3,432,656 -c--a-w C:\Programfiler\ManagedDX.CAB 2004-07-19 20:58 1,156,363 -c--a-w C:\Programfiler\BDANT.cab 2004-07-19 20:53 976,020 -c--a-w C:\Programfiler\BDAXP.cab 2004-07-09 12:17 13,265,040 -c--a-w C:\Programfiler\dxnt.cab 2004-07-09 07:13 703,080 -c--a-w C:\Programfiler\BDA.cab 2004-07-09 07:13 15,493,481 -c--a-w C:\Programfiler\DirectX.cab 2004-07-09 02:08 472,576 ----a-w C:\Programfiler\dxsetup.exe 2004-07-09 02:08 2,242,560 ----a-w C:\Programfiler\dsetup32.dll 2004-07-09 01:03 62,976 ----a-w C:\Programfiler\DSETUP.dll 1999-08-18 14:36 135,168 -c--a-w C:\WINDOWS\inf\Agfa\message.exe 2006-12-06 07:17 104 --sh--r C:\WINDOWS\system32\94CEB4F867.sys 2007-03-02 19:58 6,580 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-07-22_ 2.37.27.60 ))))))))))))))))))))))))))))))))))))))))) . - 2007-07-11 23:22:00 135,168 -c--a-w C:\WINDOWS\system32\java.exe + 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2007-07-11 23:22:04 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe + 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2007-07-12 00:22:38 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe + 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe - 2007-10-08 13:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 12:39:50 17,784 ------w C:\WINDOWS\system32\spmsg.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "Steam"="c:\programfiler\steam\steam.exe" [2008-05-01 14:19 1271032] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "CTSyncU.exe"="C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 12:03 868352] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 22:49 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 22:46 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 22:50 114688] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 05:12 94208] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 06:56 761947] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2005-12-15 12:44 839680] "ISUSPM Startup"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20 122940] "Microsoft Works Update Detection"="C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 07:20 28672] "CTCheck"="C:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 12:08 397312] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-07 15:57 29744] "SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 01:19 393216 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2006-03-24 15:59:55 24576] HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\StubInstaller.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Steam\\SteamApps\\vholvik\\counter-strike source\\hl2.exe"= "C:\\Programfiler\\Steam\\SteamApps\\marti946\\counter-strike source\\hl2.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-07 15:57] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2006-07-10 21:27:34 C:\WINDOWS\Tasks\Low Battery Alarm Program.job" . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.nettby.no/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} R0 -: HKLM-Main,Window Title = Microsoft Internet Explorer R1 -: HKCU-Internet Settings,ProxyOverride = localhost O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 -: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx C:\WINDOWS\Downloaded Program Files\KooPlayer.ocx O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://217.197.149.13/activex/AMC.cab C:\WINDOWS\Downloaded Program Files\setup.inf O16 -: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - hxxp://195.136.36.165/activex/AMC.cab C:\WINDOWS\Downloaded Program Files\setup.inf O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://cam.butovonet.ru/activex/AMC.cab C:\WINDOWS\Downloaded Program Files\setup.inf ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-22 15:36:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-22 15:38:40 ComboFix-quarantined-files.txt 2008-07-22 13:38:16 ComboFix2.txt 2008-07-22 12:02:33 ComboFix3.txt 2008-07-22 00:38:09 Pre-Run: 37,315,485,696 byte ledig Post-Run: 37,322,612,736 byte ledig 148 --- E O F --- 2008-07-22 13:02:05 Merker stor fremgang, og den går ganske mye fortere. Selvom jeg ikke har brukt den så veldig mye, har bare følgt guiden din. Er det noe mer jeg skal gjøre? og takk, norbat, du er utrolig Lenke til kommentar
norbat Skrevet 22. juli 2008 Forfatter Del Skrevet 22. juli 2008 Loggen ser fin ut Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Kjør en rens med ccleaner + register (kjør denne flere ganger til den ikke finner flere feil). Du vil bli spurt om du vil lage backup når du kjører register-rensen. Det sier du ja til. Restart pc'n Sjekk om pc'n trenger en diskdefragmentering (tilbehør->systemverktøy->diskdefragmentering->'analyser') Lenke til kommentar
Bartin Skrevet 22. juli 2008 Del Skrevet 22. juli 2008 Takker, norbat Den går som et olja lyn nå.. Kommer med nye logger for en annen maskin, den funker fint. men greit å få vekk dritten anyways Lenke til kommentar
norbat Skrevet 22. juli 2008 Forfatter Del Skrevet 22. juli 2008 Post gjerne loggene i en egen tråd som du oppretter ved å klikke på NYTT EMNE-knappen Lenke til kommentar
Skosåle Skrevet 2. august 2008 Del Skrevet 2. august 2008 takk takk. Bra og nyttig tråd. Skriver her, bare sånn at jeg har den på "mine innlegg" Lenke til kommentar
Chriztar Skrevet 6. august 2008 Del Skrevet 6. august 2008 Hei har problemer med en ny Vista Acer laptop. Den har problemer med å lukke programmer og den fryser uten grunn ganske ofte, spesielet hvis jeg ser på film. Kommer opp en dialogboks etter en godstund der det står først. "Kan ikke åpne dialogboksen for sikkerhetsalternativer under påloggingsprossesen" X Feil - Sikkerhetsalternativer Aner ikke hva det er. ComboFix 08-08-04.09 - Christer 2008-08-06 14:35:30.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1895 [GMT 2:00] Running from: C:\Users\Christer\Downloads\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Possible infected sites ----- http://images.metaservices.microsoft.com:80 . ((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 ))))))))))))))))))))))))))))))) . 2008-08-06 14:34 . 2008-08-06 14:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-05 21:59 . 2008-08-05 21:59 <DIR> d-------- C:\Users\All Users\DAEMON Tools Pro 2008-08-05 21:59 . 2008-08-05 21:59 <DIR> d-------- C:\ProgramData\DAEMON Tools Pro 2008-08-05 21:59 . 2008-08-05 21:59 <DIR> d-------- C:\Program Files\DAEMON Tools Pro 2008-08-05 21:58 . 2008-08-05 22:00 <DIR> d-------- C:\Users\Christer\AppData\Roaming\DAEMON Tools Pro 2008-08-05 03:01 . 2008-04-20 18:29 317,464 --a------ C:\Windows\System32\drivers\iaStor.sys 2008-08-04 20:18 . 2008-08-04 20:18 <DIR> d-------- C:\Users\Christer\AppData\Roaming\Sports Interactive 2008-08-04 20:16 . 2008-08-04 20:16 <DIR> dr-h----- C:\Users\Christer\AppData\Roaming\SecuROM 2008-08-04 20:16 . 2008-08-04 20:16 107,888 --a------ C:\Windows\System32\CmdLineExt.dll 2008-08-04 20:03 . 2008-08-04 20:03 <DIR> d--h----- C:\Program Files\Zero G Registry 2008-08-04 20:03 . 2008-08-04 20:03 <DIR> d-------- C:\Program Files\Sports Interactive 2008-08-04 20:02 . 2008-08-04 20:02 <DIR> d--h----- C:\Users\Christer\InstallAnywhere 2008-08-04 14:03 . 1999-06-23 17:13 86,016 --a------ C:\Windows\unvise32.exe 2008-08-04 14:02 . 2008-08-04 14:02 <DIR> d-------- C:\Program Files\Gammafon 2008-08-04 03:20 . 2008-08-04 03:20 <DIR> d-------- C:\Windows\SWAT 4 2008-08-04 03:20 . 2008-08-04 03:42 <DIR> d-------- C:\Program Files\SWAT 4 2008-08-04 01:56 . 2008-08-04 01:56 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-08-03 15:49 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll 2008-08-03 14:03 . 2008-08-03 14:03 <DIR> d-------- C:\Users\Christer\Bluetooth Software 2008-08-03 14:03 . 2008-08-06 14:38 12 --a------ C:\Windows\bthservsdp.dat 2008-08-03 02:52 . 2008-08-03 02:52 <DIR> d-------- C:\Users\Christer\AppData\Roaming\Talkback 2008-08-03 02:52 . 2008-08-03 02:52 <DIR> d-------- C:\Program Files\Mozilla Sunbird 2008-08-03 02:41 . 2008-08-03 02:41 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-08-03 02:26 . 2008-08-03 02:26 <DIR> d-------- C:\Program Files\GreedyTorrent 2008-08-03 00:01 . 2008-08-03 00:01 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-08-02 11:24 . 2008-08-02 11:24 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-08-02 11:18 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll 2008-08-02 11:18 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml 2008-08-02 11:18 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml 2008-08-02 04:58 . 2008-08-02 04:58 56 --a------ C:\Windows\Cleanup.cmd 2008-08-02 00:37 . 2008-08-02 00:37 512,096 --a------ C:\Windows\System32\drivers\amon.sys 2008-08-02 00:37 . 2008-08-02 00:37 298,104 --a------ C:\Windows\System32\imon.dll 2008-08-02 00:37 . 2008-08-02 00:37 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys 2008-08-01 22:48 . 2008-08-05 03:15 <DIR> d-------- C:\Users\Christer\AppData\Roaming\Hamachi 2008-08-01 22:47 . 2008-08-01 22:48 <DIR> d-------- C:\Program Files\Hamachi 2008-08-01 22:47 . 2008-08-01 22:47 17,480 --a------ C:\Windows\System32\drivers\hamachi.sys 2008-08-01 22:05 . 2008-08-05 20:43 <DIR> d-------- C:\Users\Christer\AppData\Roaming\dvdcss 2008-08-01 22:00 . 2008-08-03 02:41 <DIR> d-------- C:\Users\Christer\AppData\Roaming\Apple Computer 2008-08-01 21:59 . 2008-08-01 21:59 <DIR> d-------- C:\Program Files\iTunes 2008-08-01 21:59 . 2008-08-01 21:59 <DIR> d-------- C:\Program Files\iPod 2008-08-01 21:58 . 2008-08-01 21:59 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-08-01 21:58 . 2008-08-01 21:59 <DIR> d-------- C:\ProgramData\Apple Computer 2008-08-01 21:58 . 2008-08-01 21:58 <DIR> d-------- C:\Program Files\QuickTime 2008-08-01 21:58 . 2008-08-01 21:58 <DIR> d-------- C:\Program Files\Bonjour 2008-08-01 21:57 . 2008-08-01 21:57 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-08-01 21:57 . 2008-08-01 21:57 <DIR> d-------- C:\Program Files\Apple Software Update 2008-08-01 21:56 . 2008-08-01 21:56 <DIR> d-------- C:\Users\All Users\Apple 2008-08-01 21:56 . 2008-08-01 21:56 <DIR> d-------- C:\ProgramData\Apple 2008-08-01 21:48 . 2006-10-26 19:58 30,512 --a------ C:\Windows\System32\mdimon.dll 2008-08-01 21:39 . 2008-08-02 01:04 <DIR> d-------- C:\Users\All Users\Messenger Plus! 2008-08-01 21:39 . 2008-08-02 01:04 <DIR> d-------- C:\ProgramData\Messenger Plus! 2008-08-01 21:35 . 2008-08-01 21:35 <DIR> d-------- C:\Program Files\Windows Live 2008-08-01 21:35 . 2008-08-01 21:35 <DIR> d-------- C:\Program Files\Messenger Plus! Live 2008-08-01 21:35 . 2008-08-01 21:35 268 --ah----- C:\sqmdata00.sqm 2008-08-01 21:35 . 2008-08-01 21:35 244 --ah----- C:\sqmnoopt00.sqm 2008-08-01 21:33 . 2008-08-01 21:37 <DIR> d-------- C:\Program Files\MSN Messenger 2008-08-01 21:28 . 2008-08-01 22:32 <DIR> d-------- C:\Users\Christer\AppData\Roaming\CyberLink 2008-08-01 21:24 . 2008-08-01 21:24 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-08-01 21:19 . 2008-08-02 01:02 <DIR> d-------- C:\Program Files\Acer Arcade Deluxe 2008-08-01 20:46 . 2008-08-01 20:46 <DIR> d-------- C:\Users\Christer\AppData\Roaming\DAEMON Tools 2008-08-01 20:46 . 2008-08-01 20:46 717,296 --a------ C:\Windows\System32\drivers\sptd.sys 2008-08-01 20:36 . 2008-08-01 20:36 <DIR> d-------- C:\Program Files\VideoLAN 2008-08-01 20:22 . 2008-08-06 14:38 <DIR> d-------- C:\Users\Christer\AppData\Roaming\uTorrent 2008-08-01 20:22 . 2008-08-01 20:22 <DIR> d-------- C:\Program Files\uTorrent 2008-08-01 19:46 . 2008-08-01 14:22 <DIR> d-------- C:\Program Files\Acer Inc 2008-08-01 19:46 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll 2008-08-01 19:46 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll 2008-08-01 19:46 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll 2008-08-01 19:46 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe 2008-08-01 19:46 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx 2008-08-01 19:46 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe 2008-08-01 19:46 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll 2008-08-01 19:46 . 2008-08-01 19:46 92 --a------ C:\Windows\GridV.UNI 2008-08-01 19:45 . 2008-08-02 00:59 <DIR> d-------- C:\Program Files\Launch Manager 2008-08-01 19:45 . 2008-08-02 00:59 83 --a------ C:\Windows\LManager.UNI 2008-08-01 19:44 . 2007-10-23 10:56 200,704 --a------ C:\Windows\PLFSetI.exe 2008-08-01 19:44 . 2008-01-10 13:56 57 --a------ C:\Windows\PidList.ini 2008-08-01 19:41 . 2008-08-01 19:41 <DIR> d-------- C:\Program Files\CCleaner 2008-08-01 19:40 . 2008-08-01 19:40 <DIR> d-------- C:\Windows\System32\es-MX 2008-08-01 19:40 . 2008-08-01 19:40 <DIR> d-------- C:\Windows\System32\es-AR 2008-08-01 19:40 . 2008-08-01 19:40 <DIR> d-------- C:\Program Files\WIDCOMM 2008-08-01 19:40 . 2007-04-26 04:20 233,472 --a------ C:\Windows\System32\BtwRSupport.dll 2008-08-01 19:40 . 2007-02-27 08:20 81,200 --a------ C:\Windows\System32\drivers\btwavdt.sys 2008-08-01 19:40 . 2007-03-29 21:46 79,664 --a------ C:\Windows\System32\drivers\btwaudio.sys 2008-08-01 19:40 . 2007-02-27 08:20 16,432 --a------ C:\Windows\System32\drivers\btwrchid.sys 2008-08-01 19:39 . 2008-08-01 19:39 0 --a------ C:\Windows\nsreg.dat 2008-08-01 19:36 . 2008-08-01 19:36 1,548,099 --a------ C:\Windows\System32\VMC3KAPI.dll 2008-08-01 19:36 . 2008-08-01 19:36 331,776 --a------ C:\Windows\System32\DrvCrypt.dll 2008-08-01 19:36 . 2008-08-01 19:36 114,688 --a------ C:\Windows\System32\VCryptAPI.dll 2008-08-01 19:36 . 2008-08-01 19:36 43,184 --a------ C:\Windows\System32\drivers\AlfaFF.sys 2008-08-01 19:36 . 2008-08-01 19:36 23,040 --a------ C:\Windows\System32\ShlCmd.exe 2008-08-01 19:36 . 2008-08-01 19:36 16,384 --a------ C:\Windows\System32\AlfaFF.dll 2008-08-01 19:36 . 2008-08-01 19:36 5,632 --a------ C:\Windows\System32\biologon.dll 2008-08-01 19:35 . 2008-08-01 19:35 <DIR> d-------- C:\Users\Christer\AppData\Roaming\Validity 2008-08-01 19:35 . 2008-08-01 19:35 192,512 --a------ C:\Windows\System32\BioOne.dll 2008-08-01 19:35 . 2008-08-01 19:35 189,952 --a------ C:\Windows\System32\PBAGUI.dll 2008-08-01 19:34 . 2008-08-01 19:34 <DIR> d-------- C:\Program Files\Validity Sensors, Inc 2008-08-01 19:27 . 2008-08-01 19:27 <DIR> dr------- C:\Users\Christer\Searches 2008-08-01 19:27 . 2008-08-03 02:42 <DIR> dr------- C:\Users\Christer\Contacts 2008-08-01 19:27 . 2008-08-01 19:27 <DIR> d-------- C:\Users\Christer\AppData\Roaming\InstallShield 2008-08-01 19:26 . 2008-08-05 14:51 <DIR> dr------- C:\Users\Christer\Videos 2008-08-01 19:26 . 2008-08-01 19:27 <DIR> dr------- C:\Users\Christer\Saved Games 2008-08-01 19:26 . 2008-08-05 15:16 <DIR> dr------- C:\Users\Christer\Pictures 2008-08-01 19:26 . 2008-08-04 21:47 <DIR> dr------- C:\Users\Christer\Music 2008-08-01 19:26 . 2008-08-01 19:27 <DIR> dr------- C:\Users\Christer\Links 2008-08-01 19:26 . 2008-08-06 14:36 <DIR> dr------- C:\Users\Christer\Downloads 2008-08-01 19:26 . 2008-08-04 20:18 <DIR> dr------- C:\Users\Christer\Documents 2008-08-01 19:26 . 2006-11-02 14:37 <DIR> d-------- C:\Users\Christer\AppData\Roaming\Media Center Programs 2008-08-01 19:26 . 2008-04-20 06:13 <DIR> d-------- C:\Users\Christer\AppData\Roaming\Acer GameZone Console 2008-08-01 19:26 . 2008-08-01 19:27 <DIR> d--h----- C:\Users\Christer\AppData 2008-08-01 19:26 . 2008-08-05 03:02 <DIR> d-------- C:\Users\Christer 2008-08-01 19:19 . 2008-08-01 19:19 <DIR> d-------- C:\Windows\System32\NOR 2008-08-01 19:19 . 2008-08-01 19:19 <DIR> d-------- C:\Windows\System32\Lang 2008-08-01 19:19 . 2008-05-16 17:14 1,034,776 --a------ C:\Windows\System32\imsmudlg.exe 2008-08-01 19:19 . 2006-11-10 09:25 319,456 --a------ C:\Windows\System32\difxapi.dll 2008-08-01 19:18 . 2008-08-06 02:36 <DIR> d-------- C:\Users\All Users\NVIDIA 2008-08-01 19:18 . 2008-08-06 02:36 <DIR> d-------- C:\ProgramData\NVIDIA 2008-08-01 19:18 . 2008-08-01 19:27 <DIR> d--hs---- C:\$RECYCLE.BIN 2008-08-01 19:04 . 2008-08-01 19:04 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos 2008-08-01 19:04 . 2008-08-01 19:04 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches 2008-08-01 19:04 . 2008-08-01 19:04 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games 2008-08-01 19:04 . 2008-08-01 19:04 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures 2008-08-01 19:04 . 2008-08-01 19:04 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music 2008-08-01 19:04 . 2008-08-01 19:04 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links 2008-08-01 19:04 . 2008-08-01 19:04 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-05 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-05 20:37 --------- d-----w C:\Program Files\eSobi 2008-08-05 20:37 --------- d-----w C:\Program Files\Acer GameZone 2008-08-03 23:37 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-01 17:43 --------- d-----w C:\Program Files\Yahoo! 2008-08-01 17:22 --------- d-sh--w C:\ProgramData\Start-meny 2008-08-01 17:22 --------- d-sh--w C:\ProgramData\Skrivebord 2008-08-01 17:22 --------- d-sh--w C:\ProgramData\Programdata 2008-08-01 17:22 --------- d-sh--w C:\ProgramData\Maler 2008-08-01 17:22 --------- d-sh--w C:\ProgramData\Favoritter 2008-08-01 17:22 --------- d-sh--w C:\ProgramData\Dokumenter 2008-08-01 17:22 --------- d-sh--w C:\Program Files\Fellesfiler 2008-08-01 17:19 --------- d-----w C:\Program Files\Intel 2008-08-01 12:37 --------- d-----w C:\Program Files\Acer 2008-08-01 12:23 --------- d-----w C:\ProgramData\McAfee 2008-08-01 12:07 --------- d-----w C:\ProgramData\SiteAdvisor 2008-08-01 11:59 --------- d-----w C:\Program Files\Windows Mail 2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "GreedyTorrent"="C:\Program Files\GreedyTorrent\GTor.exe" [2007-03-08 11:09 2526661] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-08-01 20:22 219952] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:25 125952] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2008-07-30 13:54 200136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 05:31 1033512] "ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 19:30 397312] "eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 03:36 544768] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-20 18:30 178712] "ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-08-01 19:36 3642368] "PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 10:56 200704] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-08-02 00:37 949376] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-03-13 11:24 805384] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-07 19:55 13527584] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-07 19:55 92704] "RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 11:53 5296128 C:\Windows\RtHDVCpl.exe] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 18:50:32 723760] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2008-08-01 19:36 3024384 C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3595638846-731970180-1472366445-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3F8FC558-C273-4496-8037-5F167DD1BBFA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{53D0E573-E4C7-4CE9-A59B-975D8683C546}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4044E06A-FEC8-4293-9F4B-1E18733DBE0B}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{AFFBA766-8750-423D-B688-8B75DE5AE238}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{67C85612-9B16-40A3-A873-0AE6C7FC702D}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{15EA37F3-4435-44E7-A6B6-C6006BC1FADE}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{DAF62DB6-B2D1-4AA9-8492-CF1473E662DC}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{1604EFC1-72BA-4EE5-A83E-F1539A7CBE4A}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{8008B26F-C9C6-4819-89ED-B1F8D937F9CE}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{9C51EB13-6DD6-4655-9C79-6DA0A5CF77DB}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM "{941E965F-437C-4BE7-A159-562D7A2C8F1C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{DE56657E-531D-4D8B-AEAA-F37394D0504B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{C3251532-2BF7-41C4-8BDF-E50726D3F674}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{7A6E6683-09E6-4F42-A681-2A5DB6D941E0}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{196A4B02-232D-4AEE-A3A9-448015B7FB80}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{2C3AE512-BD07-4F2F-88AE-464B005F0323}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{3F1360E7-404D-49F2-B9EA-B11B0E5B454C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{9FC5FE31-79BC-45E4-B58B-758A8FFAE7CC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{D29C98A4-BA99-4BE5-B641-AA71F1E6284E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{F1ED72AE-FE2B-447C-90E9-BEBD5B97623B}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "TCP Query User{44E3DAF8-3BF6-4F8A-B569-C1B62BA485B3}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{C4EC6EE2-B7B5-477C-A95F-AA6746D63EBF}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "TCP Query User{83886A35-AD7E-4817-B390-B2BE0C6EA72E}C:\\users\\christer\\desktop\\warcraft iii lan haxxversion\\war3.exe"= UDP:C:\users\christer\desktop\warcraft iii lan haxxversion\war3.exe:war3.exe "UDP Query User{2FA10FC9-B0E4-4E1F-B132-8538F66A29A2}C:\\users\\christer\\desktop\\warcraft iii lan haxxversion\\war3.exe"= TCP:C:\users\christer\desktop\warcraft iii lan haxxversion\war3.exe:war3.exe "TCP Query User{B388AE8D-7A54-4F73-91BD-B90996EEDDBA}C:\\users\\christer\\desktop\\warcraft iii lan haxxversion\\war3.exe"= UDP:C:\users\christer\desktop\warcraft iii lan haxxversion\war3.exe:war3.exe "UDP Query User{3CEE7E1D-9BD9-48F4-9A83-B3F7C713222C}C:\\users\\christer\\desktop\\warcraft iii lan haxxversion\\war3.exe"= TCP:C:\users\christer\desktop\warcraft iii lan haxxversion\war3.exe:war3.exe "TCP Query User{8E865CDF-7C7D-4948-84E5-7D4942C0DD5A}C:\\program files\\greedytorrent\\gtor.exe"= UDP:C:\program files\greedytorrent\gtor.exe:GTor "UDP Query User{AB01BB2E-61C7-4612-9A9B-F3F17457E162}C:\\program files\\greedytorrent\\gtor.exe"= TCP:C:\program files\greedytorrent\gtor.exe:GTor "{2158FBF9-711F-4649-B627-5E2428D3C58A}"= UDP:D:\Spill Files\Civ4\Civilization4.exe:Sid Meier's Civilization 4 "{948839BC-7489-4A03-8669-DAE76C08701A}"= TCP:D:\Spill Files\Civ4\Civilization4.exe:Sid Meier's Civilization 4 "{B9116C24-1951-47AC-BA18-184D2CB7D1A1}"= UDP:D:\Spill Files\Civ4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword "{7F23DD97-DC37-4402-979A-E0E4DEFF41FE}"= TCP:D:\Spill Files\Civ4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword "{0DCCD442-47D0-4AB9-ADAF-E837A44F69BB}"= UDP:D:\Spill Files\Civ4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss "{0FD86773-6398-4C03-8B2E-0AAFB4B69F77}"= TCP:D:\Spill Files\Civ4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss "TCP Query User{EF8D7A24-8E65-4B44-A618-856E1EA24BF0}C:\\program files\\greedytorrent\\gtor.exe"= UDP:C:\program files\greedytorrent\gtor.exe:GTor "UDP Query User{F7734EDE-B6B2-4583-A70F-C7F6BA2E7FB5}C:\\program files\\greedytorrent\\gtor.exe"= TCP:C:\program files\greedytorrent\gtor.exe:GTor "{2153187B-FCA7-45D5-906F-6642382F3C1A}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{C27BA074-177B-4D6C-814C-F201B3245B1E}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 R0 AlfaFF;AlfaFF File System mini-filter;C:\Windows\system32\Drivers\AlfaFF.sys [2008-08-01 19:36] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 18:57] R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-07 15:05] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 02:02] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 18:53] R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 17:03] R2 vfsFPService;Validity Fingerprint Service;C:\Windows\system32\vfsFPService.exe [2008-02-15 09:09] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-12-18 17:12] R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-03-11 13:38] R3 vfs101x;vfs101x;C:\Windows\system32\drivers\vfs101x.sys [2008-02-15 09:09] S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 21:46] S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 08:20] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 08:20] S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23] S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7932b14d-632a-11dd-b4b7-00a0d1a4c706}] \shell\AutoRun\command - wd_windows_tools\setup.exe . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Christer\AppData\Roaming\Mozilla\Firefox\Profiles\niuerj6d.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.netvibes.com FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-06 14:40:15 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\nvvsvc.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\rundll32.exe C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe C:\ACER\Mobility Center\MobilityService.exe C:\Program Files\ESET\nod32krn.exe C:\Windows\System32\wbem\unsecapp.exe C:\Windows\System32\conime.exe C:\Windows\System32\wbem\unsecapp.exe C:\Program Files\Launch Manager\LManager.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Common Files\Mcafee\MNA\McNASvc.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-08-06 14:43:22 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-06 12:43:16 Pre-Run: 40,905,601,024 byte ledig Post-Run: 40,344,256,512 byte ledig 307 --- E O F --- 2008-08-03 23:56:28 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:36, on 2008-08-06 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe C:\Program Files\ESET\nod32kui.exe C:\Program Files\Launch Manager\LManager.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\GreedyTorrent\GTor.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\CF16957.exe C:\Windows\system32\conime.exe C:\Users\Christer\Downloads\HiJackThis.exe C:\Windows\explorer.exe C:\Windows\system32\CF16957.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\CF16957.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [GreedyTorrent] "C:\Program Files\GreedyTorrent\GTor.exe" -tray O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe -- End of file - 8426 bytes Lenke til kommentar
norbat Skrevet 6. august 2008 Forfatter Del Skrevet 6. august 2008 Loggene ser greie ut. Sjekk om Vista kan si noe om hvorfor pc'n er ustabil Alle programmer->Vedlikehold->Problemrapporter og løsninger. Lenke til kommentar
Chriztar Skrevet 6. august 2008 Del Skrevet 6. august 2008 Jeg har prøvd det allerede. Vet du om det kan være noe acer software som driver å jobber med noe? Har aldri sett den dialogboksen før, prøvde å google den, men da ble jeg henvist til den tråden her. Lenke til kommentar
norbat Skrevet 6. august 2008 Forfatter Del Skrevet 6. august 2008 Så Vista kunne ikke fortelle noe om hvorfor pc'n oppfører seg slik den gjør? Når oppsto dette - installerte du noe i forkant av problemet? Lenke til kommentar
Chriztar Skrevet 6. august 2008 Del Skrevet 6. august 2008 Det kommer ikke opp som et problem en gang i den lista. Pc'n er så godt som ny, det eneste jeg har gjort er å avinstalere masse av den acer skiten som følger med, jeg inbiller meg at det må være en av acer programmene som er skylden siden jeg aldri har sett denne typen feilmelding før. Pc'n fryser helt, den vil ikke gå ut av programmer, og de programmene som fungerer fryser også i det jeg prøver å gjøre noe med dem.... Veldig rart. Lenke til kommentar
Chriztar Skrevet 7. august 2008 Del Skrevet 7. august 2008 Tror jeg har funnet løsningen. Mcafee network agent dreiv å holdt på selvom mcafee var avinstalert. Har stoppet tjenesten nå og så langt har det gått bra. Lenke til kommentar
norbat Skrevet 7. august 2008 Forfatter Del Skrevet 7. august 2008 Ja, jeg så i loggen at du hadde noe fra mcafee og tenkte å be deg om å fjerne dette til slutt. Fint at det ser ut som om problemet ble løst Lenke til kommentar
pxK Skrevet 10. august 2008 Del Skrevet 10. august 2008 Har problemer med at pc'en slår seg av random. Sjekker først om det er noe slusk på tur før jeg begynner med hardware feil søking. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 05:51:52, on 10.08.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\AVG\AVG8\avgtray.exe C:\Windows\SysWOW64\CTHELPER.EXE C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe E:\Nedlastinger\CoreTemp\Core Temp.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\HD Tune\HDTune.exe C:\Program Files (x86)\RivaTuner v2.09\RivaTuner.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~2.0_0\bin\ssv.dll O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7585 bytes Lenke til kommentar
norbat Skrevet 10. august 2008 Forfatter Del Skrevet 10. august 2008 pxK: Loggen ser grei ut, så problemet er nok knyttet til noe annet enn malware. Lenke til kommentar
pxK Skrevet 10. august 2008 Del Skrevet 10. august 2008 Ah, Takk for ett små rask svar Lenke til kommentar
mard Skrevet 12. august 2008 Del Skrevet 12. august 2008 Hei. Jeg har fådd virus, trojaner trur jeg. tingen er at når jeg trøkker på uansett mappe, uansett partisjon på hardisken kommer det opp en popup med følgende. "Attention, "mitt navn."! Some dangerous viruses detected in your system. Microsoft windows xp files corrupted.This may lead to the destruction of important files in C:\WINDOWS. Downloade protection software now!. Click here to download the antispyware(recommended) yes no" når jeg trøkker nei kommer internet explorer opp på denne siden http://free-viruscan.com/id/4912933/4/1/. Har gjort litt research på internett men vet ikke hvordan jeg fjerner dette. er utrolig irritere når man ikke kan gå inn på noe på hardisken uten den ekle popupen. mvh Martin Lenke til kommentar
norbat Skrevet 12. august 2008 Forfatter Del Skrevet 12. august 2008 Du kjører gjennom veiledningen i denne tråds 1.post: https://www.diskusjon.no/index.php?showtopic=691246 Loggene det spørres etter, poster du i en egen tråd som du oppretter ved å klikke på Nytt Emne-knappen Lenke til kommentar
dj6230 Skrevet 13. august 2008 Del Skrevet 13. august 2008 Hei, jeg fulgte første posten din. Her er logg, er det noe som bør gjøres? ComboFix 08-08-12.01 - NAME 2008-08-13 13:27:01.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.729 [GMT 2:00] Running from: C:\Documents and Settings\NAME.3FQD8BAR83WZPSK\Skrivebord\ComboFix.exe * Created a new restore point [color="red"][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Gjest\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS2\BM8f66bfea.txt C:\WINDOWS2\BM8f66bfea.xml C:\WINDOWS2\cookies.ini C:\WINDOWS2\system32\clgzti.dll C:\WINDOWS2\system32\drivers\fad.sys C:\WINDOWS2\system32\ejcstgko.dll C:\WINDOWS2\system32\khfGvvuu.dll C:\WINDOWS2\system32\mcrh.tmp C:\WINDOWS2\system32\pdwcisho.dll C:\WINDOWS2\system32\tfdbcgib.dll C:\WINDOWS2\system32\utafuiex.dll C:\WINDOWS2\system32\uuvvGfhk.ini C:\WINDOWS2\system32\uuvvGfhk.ini2 C:\WINDOWS2\system32\xeiufatu.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Service_Iprip ((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))) . C:\ComboFix\CreateC00 . 2008-08-13 11:51 . 2008-08-13 11:51 <DIR> d-------- C:\Programfiler\Trend Micro 2008-08-13 11:50 . 2008-08-13 11:50 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-13 11:50 . 2008-08-13 11:50 <DIR> d-------- C:\Documents and Settings\Gunnar.3FQD8BAR83WZPSK\Programdata\SUPERAntiSpyware.com 2008-08-13 11:50 . 2008-08-13 11:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS2\Programdata\SUPERAntiSpyware.com 2008-08-13 11:44 . 2008-08-13 11:44 <DIR> dr-h----- C:\Documents and Settings\Gunnar.3FQD8BAR83WZPSK\Siste 2008-08-13 11:37 . 2008-08-13 11:37 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-13 11:12 . 2008-08-13 11:12 <DIR> d-------- C:\Programfiler\Lavasoft 2008-08-13 11:12 . 2008-08-13 11:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS2\Programdata\Lavasoft 2008-08-13 11:11 . 2008-08-13 11:48 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-13 08:28 . 2008-08-13 13:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS2\Programdata\Spybot - Search & Destroy 2008-08-12 15:26 . 2008-08-12 15:26 2,048 --a------ C:\WINDOWS2\system32\lchdiqcs.exe 2008-08-12 15:24 . 2008-08-12 15:53 <DIR> d-------- C:\WINDOWS2\BDOSCAN8 2008-08-12 14:37 . 2008-08-12 15:15 <DIR> d-------- C:\Documents and Settings\Gunnar.3FQD8BAR83WZPSK\.housecall6.6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:38, on 2008-08-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS2\System32\smss.exe C:\WINDOWS2\system32\winlogon.exe C:\WINDOWS2\system32\services.exe C:\WINDOWS2\system32\lsass.exe C:\WINDOWS2\system32\svchost.exe C:\WINDOWS2\System32\svchost.exe C:\WINDOWS2\system32\LEXBCES.EXE C:\WINDOWS2\system32\LEXPPS.EXE C:\WINDOWS2\system32\spoolsv.exe C:\Norman\Bin\Zanda.exe C:\WINDOWS2\System32\nvsvc32.exe C:\WINDOWS2\System32\tcpsvcs.exe C:\WINDOWS2\System32\snmp.exe C:\WINDOWS2\System32\svchost.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS2\Explorer.EXE C:\Programfiler\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS2\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\stickies\stickies.exe C:\WINDOWS2\system32\wscntfy.exe C:\WINDOWS2\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.startsiden.no/"]http://www.startsiden.no/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: {ef0ef1a7-8926-64e9-6334-efb01b9cc7c3} - {3c7cc9b1-0bfe-4336-9e46-62987a1fe0fe} - C:\WINDOWS2\system32\nagelt.dll (file missing) O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS2\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [israfel] C:\WINDOWS2\system32\Israfel.vbs O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS2\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS2\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS2\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS2\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS2\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS2\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url="http://download.bitdefender.com/resources/scan8/oscan8.cab"]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120838060765"]http://update.microsoft.com/windowsupdate/...b?1120838060765[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{B62DD9FD-8738-43AC-89FB-5BEBC66CFCBD}: NameServer = 193.212.1.11 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS2\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\System32\nvsvc32.exe -- End of file - 6073 bytes Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå