Fuzoya Skrevet 24. september 2008 Del Skrevet 24. september 2008 Jeg har hatt enkelte tilfeller med virus og spyware de to siste ukene. Hvor det kom fra har jeg ingen anelse, men jeg fulgte noen anbefalinger fra en annen tråd hvor det sto jeg skulle lime inn loggene fra Combofix og malwarebytes' anti-malware i denne tråden. Her er resultatene jeg fikk, og vil gjerne høre om det er noe jeg bør vite om innholdet i loggene. Blant annet combofix sier "THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED" med blokkbokstaver, og det høres ikke bra ut. Noen kommentarer? Combofix logg ComboFix 08-09-24.03 - Administrator 2008-09-24 23:35:53.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.608 [GMT 2:00] Running from: C:\Download\ComboFix.exe * Created a new restore point [color="red"][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 ))))))))))))))))))))))))))))))) . 2008-09-24 23:09 . 2008-09-24 23:09 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-24 23:09 . 2008-09-24 23:09 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-09-24 23:09 . 2008-09-10 00:04 38,528 --a------ E:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-24 23:09 . 2008-09-10 00:03 17,200 --a------ E:\WINDOWS\system32\drivers\mbam.sys 2008-09-21 02:01 . 2008-09-21 02:01 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\Winamp 2008-09-14 01:00 . 2008-09-14 01:00 <DIR> d-------- E:\Program Files\Enigma Software Group 2008-09-08 21:01 . 2001-07-21 18:49 2,104,298 --a------ E:\WINDOWS\system32\drivers\2gmgsmt.sf2 2008-09-08 21:01 . 2001-08-17 12:19 283,904 --a------ E:\WINDOWS\system32\drivers\emu10k1m.sys 2008-09-08 21:01 . 2001-08-17 12:19 283,904 --a--c--- E:\WINDOWS\system32\dllcache\emu10k1m.sys 2008-09-08 21:01 . 2001-08-17 12:19 36,480 --a------ E:\WINDOWS\system32\drivers\sfmanm.sys 2008-09-08 21:01 . 2001-08-17 12:19 36,480 --a--c--- E:\WINDOWS\system32\dllcache\sfmanm.sys 2008-09-08 21:01 . 2001-08-17 12:19 6,912 --a------ E:\WINDOWS\system32\drivers\ctlfacem.sys 2008-09-08 21:01 . 2001-08-17 12:19 6,912 --a--c--- E:\WINDOWS\system32\dllcache\ctlfacem.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-24 21:27 --------- d-----w E:\Documents and Settings\Administrator\Application Data\uTorrent 2008-09-19 23:20 --------- d-----w E:\Program Files\MSN Messenger 2008-09-17 16:03 --------- d-----w E:\Program Files\Windows Live Safety Center 2008-08-07 01:45 --------- d-----w E:\Program Files\Java 2008-07-07 20:06 253,952 ----a-w E:\WINDOWS\system32\es.dll 2008-06-24 16:28 74,240 ----a-w E:\WINDOWS\system32\mscms.dll 2008-06-24 16:12 295,936 ----a-w E:\WINDOWS\system32\wmpeffects.dll 2008-01-15 20:00 31,698 ----a-w E:\Program Files\nv4_disp.cat 2007-12-10 12:24 35,321 ----a-w E:\Program Files\NvApps.xm_ 2007-10-22 21:21 16,384 --sha-w E:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-10-22 21:21 32,768 --sha-w E:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2007-10-22 21:21 32,768 --sha-w E:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007102220071023\index.dat 2007-10-22 21:21 32,768 --sha-w E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="E:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 171464] "MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2007-07-22 1694208] "ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088] "nod32kui"="E:\Program Files\Eset\nod32kui.exe" [2007-12-24 917504] "Sony Ericsson PC Suite"="E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 495616] "Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016] "avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2008-07-19 78008] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 E:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2008-05-16 E:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] E:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-10 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm "aux"= ctwdm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll] "Debugger"=ntsd -d [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "E:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "E:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Spill\\Q3\\quake3.exe"= "C:\\Spill\\EMulator\\NES\\NESTCL95.EXE"= "E:\\Program Files\\uTorrent\\uTorrent.exe"= "L:\\LIMEWIRE\\LimeWire.exe"= "C:\\Programmer\\Opera\\Opera.exe"= "L:\\Bjøsses greier 2\\Counter Strike\\SteamApps\\[email protected]\\counter-strike\\hl.exe"= "C:\\Spill\\Dungeon Keeper 2\\DKII.icd"= "C:\\Spill\\unrealtournament\\System\\UnrealTournament.exe"= "H:\\programmer\\oDC\\oDC.exe"= "C:\\Spill\\World of Warcraft\\WoWTest\\WoW-0.4.0.8031-to-0.4.0.8049-enGB-downloader.exe"= "C:\\Spill\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\Spill\\JEDIKNIGHT2\\GameData\\jk2mp.exe"= "C:\\Spill\\CCRenegade\\Game.exe"= "C:\\Programmer\\The All-Seeing Eye\\eye.exe"= "E:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Spill\\EMulator\\NES\\NEsticle\\NESTCL95.EXE"= "C:\\Spill\\EMulator\\Gameboy eth\\TGB-Dual.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "4000:TCP"= 4000:TCP:Diablo II Open Battle.net "6113:TCP"= 6113:TCP:WarCraft III Battle.net R1 aswSP;avast! Self Protection;E:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);E:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 61536] S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;E:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360] S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;E:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088] S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);E:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624] S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);E:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704] S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;E:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 86432] S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);E:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 90800] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc89fbab-80ef-11dc-bd43-806d6172696f}] \Shell\AutoRun\command - D:\Setup.exe *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKLM-Run-WinampAgent - C:\Programmer\Winamp\winampa.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2008-09-24 23:37:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-24 23:38:06 ComboFix-quarantined-files.txt 2008-09-24 21:38:00 Pre-Run: 671 424 512 bytes free Post-Run: 1,571,295,232 bytes free 133 --- E O F --- 2008-09-16 08:52:39 Malwarebytes' logg Malwarebytes' Anti-Malware 1.28 Database versjon: 1203 Windows 5.1.2600 Service Pack 2 24.09.2008 23:23:09 mbam-log-2008-09-24 (23-23-09).txt Skanntype: Rask Skann Objekter skannet: 43903 Tid tilbakelagt: 12 minute(s), 15 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 17 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: E:\WINDOWS\system32\blphccl6j0erfl.scr (Fake.BlueScreenError) -> Quarantined and deleted successfully. E:\WINDOWS\system32\a.exe (Trojan.Agent) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Documents and Settings\Administrator\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. E:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. Lenke til kommentar
norbat Skrevet 25. september 2008 Forfatter Del Skrevet 25. september 2008 MBAM fjernet noe rusk. Resten ser fint ut. Ang. "THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED", så er dette rimelig normalt da gjenopprettingskonsollen til vanlig ikke er installert (det vanligste er at man booter fra windows-CD'n og kjører gjenopprettingskonsollen derfra) Lenke til kommentar
Fuzoya Skrevet 25. september 2008 Del Skrevet 25. september 2008 Ah, akkurat.. Det var bra. Tusen takk for svar Da ser det ut til at pcen min er nogenlunde frisk igjen Lenke til kommentar
Foxboron Skrevet 26. september 2008 Del Skrevet 26. september 2008 mmm noen som har hattet virus som sier at PCen din har et sikkerthets problem og veileder deg til en nettsie med virus? om ingen vet noe så setter jeg ut logene Lenke til kommentar
r2d290 Skrevet 26. september 2008 Del Skrevet 26. september 2008 Foxboron: fortsett i din egen tråd her: https://www.diskusjon.no/index.php?showtopic=1013709 Vi vil helst at brukere lager sin egen tråd for å holde litt orden Lenke til kommentar
hakonvl Skrevet 27. september 2008 Del Skrevet 27. september 2008 Hei. Prossesoren min ligger og stanger opi 100% hele tiden, og dedt er vel ike akkurat normalt. Malewarebyte fant en infeksjon i en fil, men den fjerna jeg. Malwarebyte antimaleware: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.28Database version: 1134 Windows 6.0.6000 26.09.2008 22:18:46 mbam-log-2008-09-26 (22-17-47).txt Scan type: Quick Scan Objects scanned: 63066 Time elapsed: 38 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-09-26.01 - Ingrid 26.09.2008 22:55:07.1 - NTFSx86Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1044.18.1252 [GMT 2:00] Running from: C:\Users\Håkon\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\Downloaded Program Files\setup.inf I:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-26 20:55 3,670,016 --sha-w C:\Users\Håkon\ntuser.dat 2008-09-26 20:55 3,670,016 --sha-w C:\Users\Håkon\ntuser.dat 2008-09-26 19:51 --------- d-----w C:\Users\Håkon\AppData\Roaming\Skype 2008-09-26 19:22 --------- d-----w C:\Users\Håkon\AppData\Roaming\Malwarebytes 2008-09-26 19:20 --------- d-----w C:\Users\Ingrid\AppData\Roaming\Malwarebytes 2008-09-26 19:20 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-26 19:19 --------- d-----w C:\ProgramData\Malwarebytes 2008-09-26 19:18 --------- d-----w C:\Program Files\CCleaner 2008-09-26 19:11 41,335 ----a-w C:\Users\Håkon\AppData\Roaming\nvModes.dat 2008-09-26 17:54 --------- d-----w C:\Program Files\Google 2008-09-26 16:46 --------- d-s---w C:\Users\Håkon\AppData\Roaming\Microsoft 2008-09-26 16:42 --------- d-----w C:\Program Files\Microsoft Virtual PC 2008-09-26 16:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-26 16:07 --------- d-----w C:\Program Files\Common Files\KnifeEdge 2008-09-26 14:45 41,478 ----a-w C:\Users\Ingrid\AppData\Roaming\nvModes.dat 2008-09-24 18:47 41,335 ----a-w C:\Users\Magne\AppData\Roaming\nvModes.dat 2008-09-18 19:12 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-17 20:05 --------- d-----w C:\Users\Ingrid\AppData\Roaming\Skype 2008-09-13 21:23 --------- d-----w C:\Users\Håkon\AppData\Roaming\LEGO Company 2008-09-13 19:36 --------- d-----w C:\Program Files\7-Zip 2008-09-13 19:09 --------- d-----w C:\ProgramData\TrackMania United 2008-09-13 14:34 --------- d-----w C:\Users\Ingrid\AppData\Roaming\LEGO Company 2008-09-13 14:34 --------- d-----w C:\Program Files\LEGO Company 2008-09-12 22:00 --------- d-----w C:\Program Files\Telio Backup Manager 2008-09-12 18:15 --------- d-----w C:\Program Files\Common Files\Control Panels 2008-09-12 15:50 --------- d-----w C:\ProgramData\ALM 2008-09-12 15:35 --------- d-----w C:\Users\Ingrid\AppData\Roaming\Download Manager 2008-09-12 14:00 95,888 ----a-w C:\Windows\system32\drivers\VBoxDrv.sys 2008-09-12 14:00 41,680 ----a-w C:\Windows\system32\drivers\VBoxUSBMon.sys 2008-09-11 14:13 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-11 14:04 --------- d-----w C:\Program Files\Microsoft Works 2008-09-10 14:00 --------- d-----w C:\Program Files\TmNationsForever 2008-09-10 12:59 --------- d-----w C:\ProgramData\Roxio 2008-09-10 11:33 --------- d-----w C:\Program Files\Sun 2008-09-10 09:49 --------- d-----w C:\Program Files\Java 2008-09-10 09:18 --------- d-----w C:\Users\Ingrid\AppData\Roaming\ZoomBrowser EX 2008-09-10 09:17 --------- d-----w C:\ProgramData\ZoomBrowser 2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-08-31 20:04 --------- d-----w C:\ProgramData\SongbirdVLC 2008-08-31 19:30 --------- d-----w C:\Users\Håkon\AppData\Roaming\Songbird2 2008-08-31 19:30 --------- d-----w C:\Users\Håkon\AppData\Roaming\Mozilla 2008-08-31 13:55 --------- d-----w C:\Users\Ingrid\AppData\Roaming\Roxio 2008-08-31 13:39 --------- d-----w C:\Users\Ingrid\AppData\Roaming\Songbird2 2008-08-31 13:39 --------- d-----w C:\Program Files\Songbird 2008-08-30 16:15 --------- d-----w C:\Program Files\DarwinBotsII 2008-08-29 14:27 --------- d-----w C:\Users\Håkon\AppData\Roaming\gtk-2.0 2008-08-23 12:46 --------- d-----w C:\Program Files\Ubisoft 2008-08-19 10:42 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-17 21:39 --------- d-----w C:\Users\Ingrid\AppData\Roaming\gtk-2.0 2008-08-16 13:27 --------- d-----w C:\Program Files\TrackMania United 2008-08-16 08:47 --------- d-----w C:\Program Files\Rockstar Games 2008-08-14 14:02 --------- d-----w C:\Program Files\Windows Mail 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-28 20:51 --------- d-----w C:\Program Files\wild metal 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-10 08:56 174 --sha-w C:\Program Files\desktop.ini 2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll 2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll 2007-10-24 13:43 167,064 ----a-w C:\Program Files\custom.dat 2002-04-29 13:05 176,950 ------w C:\Program Files\readme.rtf 2001-05-14 14:32 3,088,384 ------w C:\Program Files\wwp.exe 2001-03-16 13:45 98,304 ------w C:\Program Files\wwpdll32.dll 2001-03-15 15:01 995 ------w C:\Program Files\Nomouse.pif 2001-03-15 15:01 20,592 ------w C:\Program Files\Nomouse.sp 2001-03-15 15:01 20,480 ------w C:\Program Files\Nomouse.com 2000-11-27 11:32 4,710 ------w C:\Program Files\Wwp.ICO 2000-10-03 14:06 401,462 ----a-w C:\Program Files\MSVCP60.DLL 2000-08-16 19:15 122,880 ------w C:\Program Files\Landgen.exe 2000-06-08 15:00 290,869 ----a-w C:\Program Files\MSVCRT.DLL 2000-02-14 12:56 90,056 ------w C:\Program Files\LLload.bmp 1999-04-26 22:00 995,383 ------w C:\Program Files\MFC42.DLL 1999-03-29 11:48 34,304 ------w C:\Program Files\lfbmp10N.dll 1999-03-29 11:48 31,744 ------w C:\Program Files\lflmb10N.dll 1999-03-29 11:48 297,984 ------w C:\Program Files\ltkrn10N.dll 1999-03-29 11:48 27,648 ------w C:\Program Files\lftga10N.dll 1999-03-29 11:48 269,312 ------w C:\Program Files\LFCMP10N.DLL 1999-03-29 11:48 105,472 ------w C:\Program Files\ltfil10N.DLL 1998-09-06 23:03 12,208 ------w C:\Program Files\CDIO16.DLL 1998-09-06 22:55 32,768 ------w C:\Program Files\CDIO32.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1] @="{B976888E-DC7B-456C-A62F-44EA07ED231F}" [HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}] 2008-05-16 23:07 495616 --a------ C:\Program Files\Telio Backup Manager\VaultClientMenu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon2] @="{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}" [HKEY_CLASSES_ROOT\CLSID\{E30CEB29-7F47-4d0e-B2E1-56A7FC25E97D}] 2008-05-16 23:07 491520 --a------ C:\Program Files\Telio Backup Manager\VaultClientIcon.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496] "SeaMonkey Quick Launch"="C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" [2008-03-13 106496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "snpstd"="C:\Windows\vsnpstd.exe" [2005-10-11 339968] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920] "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016] "TrayStartup"="C:\Program Files\Telio Backup Manager\VaultClientTray.exe" [2008-05-16 224304] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 C:\Windows\KHALMNPR.Exe] C:\Users\Magne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] C:\Users\Ingrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] C:\Users\H†kon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-18 110592] Canon LBP2900 Statusvindu.lnk - C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2007-11-22 50848] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-10-13 50688] QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-13 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{56D541F6-770C-407F-B7EA-C77986BE42FA}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema "{6AA5DBC5-3FE3-4440-BCED-CD60B23CDE52}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{DE7B7BD6-6ACB-4277-A61C-21E339FB829D}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{A8FADC6E-1D67-4223-9C3C-FC279F374E74}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{EE9057E0-8D75-4828-9844-6F3D73BCF84A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{90F12E42-3822-4C15-B0E5-D0537766EC18}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{AF713D53-FF7A-48FA-BF77-91942B6A6D17}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{C799949A-A3A2-4E75-B318-976249D916D2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{1D685090-B2A5-4620-886B-EF3160A89253}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{19AEE7BF-4967-4DFE-BC3B-FA6C0C90DC68}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager "{7F43F8B1-DBE4-42F9-875E-36AB1997C82D}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager "{5143D5AE-3289-4EC6-BB38-5533E196A6B5}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio "{237BC40E-17ED-45B9-AE9A-1F2A58A0B174}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio "{25F2628A-0C10-4B1C-A8FD-17ACF9B64683}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile "{1087A48B-947D-49C6-853E-FB372412E9B7}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile "{DC13B10E-DF64-4B2B-98C2-0D600DA474DC}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi "{0970B445-3F86-493B-83C8-8AAEB24B61D8}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi "TCP Query User{29DD76C2-9E91-4D4D-8ADE-F2FB86049FE9}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{E132A39D-A1DE-49C9-88D0-086D7872450C}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{7E62582A-13D8-480C-AB0D-610F0E4CA441}C:\\program files\\chami\\html-kit\\bin\\htmlkit.exe"= Disabled:UDP:C:\program files\chami\html-kit\bin\htmlkit.exe:HTML-Kit "UDP Query User{CDBC078E-EC4F-481E-88AD-9EB5CDAC0FA5}C:\\program files\\chami\\html-kit\\bin\\htmlkit.exe"= Disabled:TCP:C:\program files\chami\html-kit\bin\htmlkit.exe:HTML-Kit "{3623234D-0382-483A-943F-023F2DC9C8E5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{D479CC39-DA96-4007-90FE-E4384B9C4D51}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{57F11785-5289-47BE-87E6-F21C0903D0E1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{285C6329-F0FE-49FD-B714-BC7BE8C29537}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{E7D2E8C7-24CC-4152-9F9F-D41F8D454F47}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever "{D9D71F2A-D205-4F3B-BC25-75E6274DDD3A}"= Disabled:UDP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process "{66BFD197-9A2D-4425-8B0D-09EA1EE99DF4}"= Disabled:TCP:C:\Windows\System32\CNAB4RPK.EXE:Canon LBP2900 RPC Server Process "{4E37BC9A-B052-494D-8256-5AE2C0900F94}"= UDP:C:\Users\Ingrid\AppData\Local\Temp\SIT26933.tmp\setup.exe:setup "{278E87D3-8B90-44E8-AC8F-4279840B7274}"= TCP:C:\Users\Ingrid\AppData\Local\Temp\SIT26933.tmp\setup.exe:setup "{86486FE6-45F3-437B-86EC-E80E7D4931A4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{963CBA10-B7F6-4C42-B09F-E559CEBEB6D2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{EE663751-CD7D-4BBF-A635-4863AB6A258A}F:\\old timer tennis 2\\ott2.exe"= UDP:F:\old timer tennis 2\ott2.exe:OTT2 "UDP Query User{498552E6-F497-4AA0-BA5C-99FC542A8F6C}F:\\old timer tennis 2\\ott2.exe"= TCP:F:\old timer tennis 2\ott2.exe:OTT2 "TCP Query User{33014E3D-D00F-419C-BAF9-5F416F5745D5}C:\\program files\\trackmania united\\tmunited.exe"= UDP:C:\program files\trackmania united\tmunited.exe:TmUnited "UDP Query User{A49E2272-6C0F-410A-BBCF-F316C254306D}C:\\program files\\trackmania united\\tmunited.exe"= TCP:C:\program files\trackmania united\tmunited.exe:TmUnited [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416] R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys [2008-09-12 95888] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280] R2 VaultClientSRV;Telio Backup Manager Service;C:\Program Files\Telio Backup Manager\VaultClientSRV.exe [2008-05-16 982064] R2 VaultClientUpgrade;Backup Manager Upgrade Service;C:\Program Files\Telio Backup Manager\VaultClientUpgrade.exe [2008-05-16 56368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fae6f29e-eecf-11dc-b771-001c23984931}] \shell\AutoRun\command - StartPortableApps.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fae6f2a3-eecf-11dc-b771-001c23984931}] \shell\AutoRun\command - H:\LaunchU3.exe -a *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\md6qdln6.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://mail.google.com/mail/?auth=DQAAAHEAAAA2mIClVido9FazkyrVEfrlHlwPbysSW-xbmxOrvaaqyQ-oJbZ-8ZR56pcyL3wxEPL3uY_yzpLSRUzvlm9ntb-lpWS4aRMVbaMpbjo4c3Lb8EpG6h4vU0lX5tdftmTL5h43dwPKK2_f_SR2C_qrlFCKLhntz0o648O1FnuiSNUoYA&gausr=iviksmo%40gmail.com&shva=1 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-26 23:01:08 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-09-26 23:04:08 ComboFix-quarantined-files.txt 2008-09-26 21:03:04 Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Post-Run: 34,104,885,248 byte ledig 245 --- E O F --- 2008-09-26 12:39:57 Hijackthis Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:53:47, on 27.09.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Telio Backup Manager\VaultClientTray.exe C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe C:\Users\Ingrid\Desktop\test\test.exe C:\Windows\system32\Taskmgr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?auth=DQAAAHEA....com&shva=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [TrayStartup] C:\Program Files\Telio Backup Manager\VaultClientTray.exe O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe O4 - HKCU\..\Run: [seaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Canon LBP2900 Statusvindu.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...indows-i586.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Telio Backup Manager Service (VaultClientSRV) - TELIO - C:\Program Files\Telio Backup Manager\VaultClientSRV.exe O23 - Service: Backup Manager Upgrade Service (VaultClientUpgrade) - TELIO - C:\Program Files\Telio Backup Manager\VaultClientUpgrade.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10210 bytes Lenke til kommentar
TBerge Skrevet 29. september 2008 Del Skrevet 29. september 2008 Hei! Har et problem med popups fra wixawin m fl. Har kjørt opplegget i veiledningen, men er ikke kvitt problemet. Poster loggene Takknemlig for hjelp mvh T Logfile_HijackThis_v2_290908.docCombifix270908.doc[attachme t=255375:mbam_log...0_47_58_.txt] mbam_log_2008_09_29__20_47_58_.txt Lenke til kommentar
norbat Skrevet 29. september 2008 Forfatter Del Skrevet 29. september 2008 TBerge: Åpne notisblokk, kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript Dra og slipp fila over Combofix-iconet. Combofix vil starte igjen: Folder:: c:\Program Files\VisualEnhancer Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18F9C1EA-2200-A738-4852-B368FBF3EF2A}] Post loggen (kopier og lim loggen rett i posten - ikke i noe word-doc) Lenke til kommentar
TBerge Skrevet 30. september 2008 Del Skrevet 30. september 2008 OK, her er loggen: ComboFix 08-09-28.05 - Pappa 2008-09-30 19:42:28.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1496 [GMT 3:00] Running from: C:\Documents and Settings\Pappa\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Pappa\Desktop\CFScript.txt.rtf * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\Program Files\VisualEnhancer c:\Program Files\VisualEnhancer\pcre3.dll c:\Program Files\VisualEnhancer\uninstall.exe c:\Program Files\VisualEnhancer\VisualEnhancer-2.dll c:\Program Files\VisualEnhancer\VisualEnhancer.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NSESVC -------\Service_nsesvc ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))) . 2008-09-29 20:20 . 2008-09-29 20:20 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-29 20:11 . 2008-09-29 20:11 <DIR> d-------- C:\Program Files\CCleaner 2008-09-27 19:30 . 2008-09-27 19:30 <DIR> d-------- C:\Program Files\Panicware 2008-09-27 14:57 . 2008-05-16 12:28 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr 2008-09-27 14:57 . 2008-02-07 13:12 79,752 --a------ C:\WINDOWS\system32\drivers\ndis_rd.sys 2008-09-27 14:57 . 2008-02-07 13:12 74,624 --a------ C:\WINDOWS\system32\drivers\tdi_rd.sys 2008-09-27 14:57 . 2008-04-16 13:57 42,552 --a------ C:\WINDOWS\system32\drivers\ale_nf.sys 2008-09-27 14:57 . 2008-09-02 13:48 19,512 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys 2008-09-27 14:56 . 2008-09-30 19:46 <DIR> d-------- C:\Program Files\Norman 2008-09-23 22:20 . 2008-09-25 21:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-23 22:20 . 2008-09-23 22:20 <DIR> d-------- C:\Documents and Settings\Pappa\Application Data\Malwarebytes 2008-09-23 22:20 . 2008-09-23 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-23 22:20 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-23 22:20 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-22 22:49 . 2008-09-22 22:49 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-09-22 22:49 . 2008-09-22 22:49 <DIR> d-------- C:\WINDOWS\system32\en 2008-09-22 22:49 . 2008-09-22 22:49 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-22 22:49 . 2008-09-22 22:49 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-22 22:47 . 2008-09-22 22:49 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-22 22:34 . 2008-04-14 03:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-09-20 18:57 . 2008-09-28 20:50 <DIR> d-------- C:\Documents and Settings\Pappa\Application Data\LimeWire 2008-09-20 18:56 . 2008-09-20 18:56 <DIR> d-------- C:\Program Files\LimeWire 2008-08-15 17:58 . 2008-04-11 22:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-08 17:38 --------- d-----w C:\Program Files\Java 2008-09-07 18:21 --------- d-----w C:\Program Files\daTax . ((((((((((((((((((((((((((((( snapshot@2008-09-23_22.31.35.26 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 17:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-09-27 11:56:15 10,134 ----a-r C:\WINDOWS\Installer\{C8B34404-2E52-4C1F-A2B7-D26E46E5974D}\ARPPRODUCTICON.exe - 2008-04-14 00:11:56 512,000 ------w C:\WINDOWS\system32\jscript.dll + 2008-05-09 10:53:39 512,000 ----a-w C:\WINDOWS\system32\jscript.dll - 2008-04-14 00:12:08 434,176 ------w C:\WINDOWS\system32\vbscript.dll + 2008-05-09 10:53:40 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll + 2008-09-30 16:47:22 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_9a0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "ABIT uGuruIII"="C:\Program Files\ABIT\uGuru\uGuru.exe" [2006-03-23 417792] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856] "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-11 95536] "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe" [2005-04-11 69721] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-12-14 26112] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416] "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 406016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Norman ZANDA"="C:\Program Files\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616] "NPCTray"="C:\Program Files\Norman\npc\bin\npc_tray.exe" [2007-09-17 126008] "nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] "Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-05-31 1646687] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "VIDC.MJPX"= PICVideo MJPEG Codec [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2008-02-07 79752] R0 UGURU;UGURU;C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 14592] R1 NPROSEC;Norman Security driver;C:\Program Files\Norman\Ngs\Bin\nprosec.sys [2008-04-15 52792] R1 TDI_RD;Norman Firewall TDI driver;C:\WINDOWS\system32\drivers\TDI_RD.SYS [2008-02-07 74624] R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\Bin\NDISKIO.SYS [2007-01-02 20448] R2 NPFSvc32;Norman Personal Firewall Service;C:\Program Files\Norman\npf\bin\npfsvc32.exe [2008-09-19 597104] R2 NPROSECSVC;Norman Security service;C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [2008-04-22 121912] R2 NVOY;Norman's Very Own supplY of resources;C:\Program Files\Norman\npm\bin\nvoy.exe [2008-02-07 121912] R3 NPC;Norman Parental Control;C:\Program Files\Norman\npc\bin\npcsvc32.exe [2008-04-17 416880] R3 NUAA;Norman User Activity Agent;C:\Program Files\Norman\npc\bin\nuaa.exe [2008-04-30 117816] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512] R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\Bin\nvcoas.exe [2008-04-30 191544] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Npm\Bin\Nvcsched.exe [2007-09-18 154680] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-30 19:46:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Norman\Npm\Bin\elogsvc.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\Npf\Bin\npfuser.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Norman\nvc\bin\Nip.exe C:\Program Files\Norman\nvc\bin\CClaw.exe C:\ComboFix\pv.cfexe . ************************************************************************** . Completion time: 2008-09-30 19:49:03 - machine was rebooted [Pappa] ComboFix-quarantined-files.txt 2008-09-30 16:48:55 ComboFix2.txt 2008-09-28 18:16:30 ComboFix3.txt 2008-09-27 11:36:33 ComboFix4.txt 2008-09-25 18:36:22 ComboFix5.txt 2008-09-30 16:37:59 Pre-Run: 271 438 360 576 bytes free Post-Run: 271,234,260,992 byte ledig 170 --- E O F --- 2008-09-23 18:51:27 mvh T Lenke til kommentar
norbat Skrevet 30. september 2008 Forfatter Del Skrevet 30. september 2008 TBerge: - og hvordan går det med popup? Lenke til kommentar
Duckyouck Skrevet 1. oktober 2008 Del Skrevet 1. oktober 2008 Jeg har fulgt oppskriften og har tre logger. Hvordan legger jeg ut de i en "klikk her for å se innholdet"-funskjon slik at de ikke blir så mye rot? Lenke til kommentar
norbat Skrevet 1. oktober 2008 Forfatter Del Skrevet 1. oktober 2008 Først så oppretter du ny tråd: Klikk Nytt Emneknappen Lag en passende emnetittel Slå på Sidepanelet (under skrivefeltet) Klikk "Sett inn: SPOILER" Lim inn loggen Lenke til kommentar
Duckyouck Skrevet 1. oktober 2008 Del Skrevet 1. oktober 2008 Kan du sjekke disse loggene? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:19:34, on 01.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Norton Internet Security\ISSVC.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\vsnpstd3.exe C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\OpenOffice.org 2.4\program\soffice.exe C:\Programfiler\OpenOffice.org 2.4\program\soffice.BIN C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\rsvp.exe C:\Programfiler\Messenger\msmsgs.exe C:\Documents and Settings\Tom Cruise\Skrivebord\Helt annet\æøå.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Telenorhjelpen] "C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programfiler\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101489239201 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O20 - AppInit_DLLs: raqyen.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Programfiler\Spyware Doctor\pctsAuxs.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Programfiler\Spyware Doctor\pctsSvc.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe -- End of file - 9601 bytes Malwarebytes' Anti-Malware 1.28 Database versjon: 1226 Windows 5.1.2600 Service Pack 3 01.10.2008 20:29:34 mbam-log-2008-10-01 (20-29-33).txt Skanntype: Rask Skann Objekter skannet: 43437 Tid tilbakelagt: 4 minute(s), 39 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 10 Registerverdier infisert: 58 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 6 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5ecddee-e8e6-4f34-ada9-aaaa1935be00} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a5ecddee-e8e6-4f34-ada9-aaaa1935be00} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yureb6.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yuref4.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur65.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur73.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura9.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yuraa.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurab.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurac.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurad.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurae.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yuraf.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurdc.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurdd.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurdf.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf0.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1d5.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur24f.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2c8.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur329.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur32a.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur32e.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur32f.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur330.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yureb6.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yuref4.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur65.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur73.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yura9.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yuraa.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurab.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurac.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurad.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurae.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yuraf.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurdc.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurdd.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurdf.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf0.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1d5.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur24f.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2c8.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur329.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur32a.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur32e.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur32f.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur330.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur6.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e0add2c0 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\raqyen.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SAV.cpl (Rogue.SystemAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\Tom Cruise\Lokale innstillinger\Temp\video1066.cfg.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\Tom Cruise\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Tom Cruise\Lokale innstillinger\Temp\video1066.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully. ComboFix 08-09-30.03 - Tom Cruise 2008-10-01 20:53:13.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.134 [GMT 2:00]Running from: C:\Documents and Settings\Tom Cruise\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\byjsitku.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MCHINJDRV ((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 ))))))))))))))))))))))))))))))) . 2008-10-01 20:21 . 2008-10-01 20:21 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-01 20:21 . 2008-10-01 20:21 <DIR> d-------- C:\Documents and Settings\Tom Cruise\Programdata\Malwarebytes 2008-10-01 20:21 . 2008-10-01 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-01 20:21 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-01 20:21 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-01 20:18 . 2008-10-01 20:50 <DIR> dr-h----- C:\Documents and Settings\Tom Cruise\Siste 2008-10-01 19:28 . 2008-10-01 19:28 <DIR> d-------- C:\Programfiler\Ventrilo 2008-10-01 19:17 . 2008-10-01 19:17 <DIR> d-------- C:\Programfiler\Teamspeak2_RC2 2008-10-01 14:58 . 2008-10-01 14:58 <DIR> d-------- C:\Documents and Settings\Tom Cruise\Programdata\PC Tools 2008-10-01 14:58 . 2008-10-01 15:10 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-10-01 14:58 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-10-01 14:58 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-10-01 14:58 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-10-01 14:58 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-10-01 14:29 . 2008-10-01 15:12 <DIR> d-------- C:\Programfiler\Enigma Software Group 2008-09-21 11:45 . 2008-09-21 11:45 <DIR> d-------- C:\Programfiler\Fellesfiler\xing shared 2008-09-21 11:45 . 2008-09-21 11:45 <DIR> d-------- C:\Program Files 2008-09-20 13:33 . 2008-09-20 13:33 <DIR> d-------- C:\WINDOWS\system32\no 2008-09-20 13:33 . 2008-09-20 13:33 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-19 21:43 . 2008-04-14 18:22 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll 2008-09-19 21:43 . 2008-04-14 18:22 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll 2008-09-19 21:43 . 2008-04-14 18:22 276,992 --------- C:\WINDOWS\system32\wmphoto.dll 2008-09-19 21:43 . 2008-04-14 18:22 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-09-19 21:43 . 2008-04-14 18:22 53,248 --------- C:\WINDOWS\system32\tsgqec.dll 2008-09-19 21:43 . 2008-04-14 18:22 50,688 --------- C:\WINDOWS\system32\tspkg.dll 2008-09-19 21:41 . 2008-04-14 18:21 651,264 --------- C:\WINDOWS\system32\dot3ui.dll 2008-09-07 01:13 . 2008-09-07 01:52 2,506 --ahs---- C:\WINDOWS\system32\xyyHQXyb.ini2 2008-09-07 01:13 . 2008-09-07 01:54 2,506 --ahs---- C:\WINDOWS\system32\xyyHQXyb.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-01 19:00 --------- d-----w C:\Documents and Settings\Tom Cruise\Programdata\OpenOffice.org2 2008-10-01 18:54 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-10-01 18:13 --------- d-----w C:\Programfiler\Norton Internet Security 2008-10-01 17:28 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-10-01 13:21 --------- d-----w C:\Programfiler\MSN Messenger 2008-10-01 12:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-09-28 16:36 --------- d-----w C:\Documents and Settings\Tom Cruise\Programdata\Azureus 2008-09-21 09:45 --------- d-----w C:\Programfiler\Fellesfiler\Real 2008-09-20 15:36 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-09-14 05:56 25,240 ----a-w C:\Documents and Settings\Tom Cruise\Programdata\GDIPFONTCACHEV1.DAT 2008-09-07 00:23 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-08-30 10:27 --------- d-----w C:\Programfiler\OpenOffice.org 2.4 2008-08-30 10:27 --------- d-----w C:\Programfiler\Java 2008-08-24 21:44 --------- d-----w C:\Programfiler\Vuze 2008-08-24 21:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\Azureus 2008-08-24 17:00 --------- d-----w C:\Programfiler\iTunes 2008-08-24 17:00 --------- d-----w C:\Programfiler\iPod 2008-08-24 16:58 --------- d-----w C:\Programfiler\Bonjour 2008-08-04 23:02 --------- d-----w C:\Programfiler\CCleaner 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2005-06-27 16:18 774,144 ----a-w C:\Programfiler\RngInterstitial.dll 2005-06-02 12:05 2,148 ----a-w C:\Documents and Settings\Tom Cruise\minf.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-07 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [2004-08-12 339968] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-07-30 100056] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-01-31 58728] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2004-07-30 286720] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 413696] "Telenorhjelpen"="C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-30 289064] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-09-21 185896] "SoundMan"="SOUNDMAN.EXE" [2004-04-28 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "DJSNetCN"="C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-01-24 43152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-09-07 02:22 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=raqyen.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15231:TCP"= 15231:TCP:Bittorent "6881:TCP"= 6881:TCP:Blizz "6881:UDP"= 6881:UDP:Blizz2 "3724:TCP"= 3724:TCP:Wow R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 30464] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Tom Cruise\Programdata\Mozilla\Firefox\Profiles\vr4iuvdw.Default User\ FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\npracplug.dll FF -: plugin - C:\Programfiler\Real\RealArcade\Plugins\Mozilla\npracplug.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-01 20:58:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Fellesfiler\Symantec Shared\CCPROXY.EXE C:\Programfiler\Fellesfiler\Symantec Shared\CCSETMGR.EXE C:\Programfiler\Norton Internet Security\ISSVC.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCEVTMGR.EXE C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\OpenOffice.org 2.4\program\soffice.exe C:\Programfiler\OpenOffice.org 2.4\program\soffice.bin C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Messenger\msmsgs.exe . ************************************************************************** . Completion time: 2008-10-01 21:11:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-01 19:11:07 Pre-Run: 29 221 933 056 byte ledig Post-Run: 29,135,495,168 byte ledig 179 --- E O F --- 2008-09-21 09:01:19 Lenke til kommentar
TBerge Skrevet 1. oktober 2008 Del Skrevet 1. oktober 2008 TBerge:- og hvordan går det med popup? Kjempebra, ingen flere popoups. Tusen Takk!!! T Lenke til kommentar
norbat Skrevet 1. oktober 2008 Forfatter Del Skrevet 1. oktober 2008 (endret) Duckyouck: Bruk utforsker til å finne og slett følgende to filer: C:\WINDOWS\system32\xyyHQXyb.ini2 C:\WINDOWS\system32\xyyHQXyb.ini Start HJT, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: O20 - AppInit_DLLs: raqyen.dll Ut over dette ser logg fin ut. Ut over dette bør Java, Flash Player og Adobe Reader holdes oppdatert da sårbarheter i 'eldre' versjoner kan være en inngangsport for malware. Kjører pc'n ok, så kan du fjerne combofix. Det gjør du ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Neste gang oppretter du en egen tråd der du legger evt. logger >> og det hadde du her, ja TBerge: Fint. Du kan fjerne combofix (skriv combofix /u i kjør-feltet). Du kan også sjekke om du har siste versjoner av Java, Flash Player og Adobe Reader. Surf trygt. Endret 1. oktober 2008 av norbat Lenke til kommentar
Duckyouck Skrevet 1. oktober 2008 Del Skrevet 1. oktober 2008 jeg fant ikke de to filene, men jeg fant "system32". Sikkert bare jeg som er skikkelig dårlig på disse greiene. Kan du hjelpe? og....eh...hva er utforsker......(føler meg relativt dum!) Lenke til kommentar
norbat Skrevet 1. oktober 2008 Forfatter Del Skrevet 1. oktober 2008 For å se filene gjør du følgende: Kontrollpanel->Mappealternativer->Vis Fjern merket framfor "Skjul beskyttede operativsystemfiler" Sett merke framfor "Vis skjulte filer og mapper". Utforskeren: Høyreklikk på startknappen, vel Utforsk Lenke til kommentar
jojo123 Skrevet 1. oktober 2008 Del Skrevet 1. oktober 2008 Malwarebytes' Anti-Malware 1.28 Database versjon: 1226 Windows 6.0.6000 2008-10-01 22:58:53 mbam-log-2008-10-01 (22-58-53).txt Skanntype: Rask Skann Objekter skannet: 42444 Tid tilbakelagt: 2 minute(s), 59 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 11 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. ComboFix 08-09-30.03 - Jonas 2008-10-01 23:01:16.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.924 [GMT 2:00] Running from: C:\Users\Jonas\AppData\Local\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\Downloaded Program Files\setup.inf . ((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-01 20:55 --------- d-----w C:\Users\Jonas\AppData\Roaming\Malwarebytes 2008-10-01 20:55 --------- d-----w C:\ProgramData\Malwarebytes 2008-10-01 20:55 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-10-01 20:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-01 20:50 --------- d-----w C:\Program Files\Acer Inc 2008-10-01 20:49 --------- d-----w C:\Program Files\Axis Communications 2008-10-01 20:46 --------- d-----w C:\Program Files\Save Flash 2008-10-01 20:45 --------- d-----w C:\Program Files\DivX 2008-10-01 20:22 --------- d-----w C:\Program Files\CyberLink 2008-10-01 20:18 --------- d-----w C:\Program Files\Railroad Tycoon 3 2008-10-01 20:17 --------- d-----w C:\Program Files\Azureus 2008-10-01 20:16 --------- d-----w C:\Users\Jonas\AppData\Roaming\Leadertech 2008-10-01 20:16 --------- d-----w C:\Program Files\Common Files\Adobe 2008-10-01 20:15 --------- d-----w C:\Program Files\NewTech Infosystems 2008-10-01 20:15 --------- d-----w C:\Program Files\Common Files\NewTech Infosystems 2008-10-01 20:07 --------- d-----w C:\Program Files\JLC's Software 2008-10-01 20:07 --------- d-----w C:\Program Files\Google 2008-10-01 20:00 --------- d-----w C:\Program Files\Common Files\Real 2008-10-01 19:54 --------- d-----w C:\Users\Jonas\AppData\Roaming\Sony 2008-10-01 19:53 --------- d-----w C:\ProgramData\Sony Ericsson 2008-10-01 19:52 --------- d-----w C:\Program Files\URUSoft 2008-10-01 19:51 --------- d-----w C:\Program Files\thriXXX 2008-10-01 19:49 --------- d-----w C:\Program Files\Windows Live 2008-10-01 19:31 --------- d-----w C:\Program Files\CCleaner 2008-10-01 16:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-30 11:07 --------- d-----w C:\Users\Jonas\AppData\Roaming\uTorrent 2008-09-29 18:15 --------- d-----w C:\Program Files\World of Warcraft 2008-09-25 16:20 --------- d-----w C:\Users\Jonas\AppData\Roaming\dvdcss 2008-09-25 13:09 --------- d-----w C:\Users\Jonas\AppData\Roaming\OpenOffice.org2 2008-09-25 13:09 --------- d-----w C:\ProgramData\OrdnettPluss 2008-09-22 08:16 --------- d-----w C:\Users\Jonas\AppData\Roaming\Azureus 2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-09-03 06:09 --------- d-----w C:\Program Files\SocksCapV2 2008-09-02 07:26 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-08-31 11:37 --------- d-----w C:\Program Files\MiKTeX 2.5 2008-08-31 11:36 --------- d-----w C:\ProgramData\MiKTeX 2008-08-28 09:05 235,536 ----a-w C:\Windows\system32\drivers\tmwfp.sys 2008-08-28 09:05 143,376 ----a-w C:\Windows\system32\drivers\tmlwf.sys 2008-08-28 09:01 72,072 ----a-w C:\Windows\system32\drivers\tmtdi.sys 2008-08-28 09:01 142,096 ----a-w C:\Windows\system32\drivers\tmcomm.sys 2008-08-22 07:37 --------- d-----w C:\Program Files\PokerStars 2008-08-14 01:10 --------- d-----w C:\Program Files\Windows Mail 2008-08-13 13:12 --------- d-----w C:\Program Files\Audacity 2008-08-07 20:33 --------- d-----w C:\Users\Jonas\AppData\Roaming\Winamp 2008-08-07 20:33 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-07 20:33 --------- d-----w C:\Program Files\MathType 2008-08-07 20:33 --------- d-----w C:\Program Files\DominateGame 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-10 01:10 174 --sha-w C:\Program Files\desktop.ini 2008-06-28 20:43 70,083 ----a-w C:\Users\Jonas\AppData\Roaming\nvModes.dat 2008-02-16 10:36 13,025 ----a-w C:\Users\Gjest\AppData\Roaming\nvModes.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-08-28 714024] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Clean Access Agent.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk backup=C:\Windows\pss\Clean Access Agent.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Jonas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopEarth AutoStart.lnk] path=C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk backup=C:\Windows\pss\DesktopEarth AutoStart.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Jonas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk] path=C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk backup=C:\Windows\pss\Last.fm Helper.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Jonas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] path=C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] --a------ 2007-01-17 09:01 151552 C:\Acer\AcerTour\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2007-03-07 17:47 843776 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-09-18 16:16 171464 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-09-03 08:45 133104 C:\Users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2006-12-09 05:35 614400 C:\PROGRA~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] --a------ 2006-11-02 11:45 222208 C:\Windows\System32\msconfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-12-20 07:50 7766016 C:\Windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-12-20 07:50 81920 C:\Windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] --a------ 2006-12-20 07:50 90191 C:\Windows\System32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor] --a------ 2008-08-28 11:05 714024 C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2] --a------ 2007-12-30 12:23 1365504 C:\Program Files\Rainlendar2\Rainlendar2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-10-23 05:00 815104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] --a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2007-08-26 11:19 1006264 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2006-11-02 14:36 201728 C:\Program Files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --a------ 2007-03-01 09:38 4390912 C:\Windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{326A5CB9-6F39-4223-B147-4E096FF4342B}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{18DA683D-730B-4440-909F-13E27188EF91}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{E6407F78-50EA-448B-BED9-0614E7A1098D}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\MagicDirector.exe:CyberLink MagicDirector "{6FE9BA0E-60A1-4E41-96CA-68063A3E6DF3}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\PowerDV.exe:CyberLink PowerDV "{6FA0EFE7-E731-49BA-BB94-33BB3D7240D2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C0F7CA48-DA61-489F-844C-8F9CDB5AA33A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{BFB281E6-9FB1-46C3-88E5-E1C11F170DD2}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{74309D79-D1B6-4AE6-B447-B1A65DDA31BB}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{6C10462D-3C90-4E91-93B7-43FFBB504EDF}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{B1052F9D-5DCF-420F-A21D-F11BAA2AC630}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{12408866-F722-430E-BD95-120544E9ED24}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{3AFB61A7-568D-4E7F-BBED-12A8911B52FF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{BA5C91AF-9A65-410D-BED5-E4378EF7082A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{505E651F-654D-4CD6-8A8F-41DC3C314617}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{BAF340F1-D5AD-439B-8BDD-7415EC65C1D0}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{0AD5FCE1-DA47-4D7C-8BD5-E2194B88466B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{A8E0BB1B-6D6F-4B16-BA3D-0353E319B1DA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{F714CC53-9468-466B-96B8-A4FD4AA229C1}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "UDP Query User{6B18E24B-0B69-408C-9677-AA4EFE2A052F}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "TCP Query User{B40DF24E-BBF8-40CB-A614-7172DE41CF27}C:\\program files\\rockstar games\\grand theft auto\\wino\\grand theft auto.exe"= UDP:C:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe:Grand Theft Auto "UDP Query User{C84B4A7C-B91A-4856-941D-34BB61C40125}C:\\program files\\rockstar games\\grand theft auto\\wino\\grand theft auto.exe"= TCP:C:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe:Grand Theft Auto "TCP Query User{156D9356-A275-4F75-BD7A-42E3C03A2A46}C:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary "UDP Query User{ECAD17E4-1052-41B0-AD75-553AE691CBA4}C:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary "TCP Query User{E9B4E2C8-3E16-4C93-A143-95C8E3497513}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{1D16B754-B9C9-41EA-9B55-18FEB1609B3D}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{A136E62E-1C89-47C1-80E3-BCFA7D81EB13}C:\\users\\jonas\\desktop\\bgb.exe"= UDP:C:\users\jonas\desktop\bgb.exe:bgb.exe "UDP Query User{6B55245F-83A1-400D-A353-5E40EE352468}C:\\users\\jonas\\desktop\\bgb.exe"= TCP:C:\users\jonas\desktop\bgb.exe:bgb.exe "TCP Query User{E4F7B9A2-9FC7-4013-8E68-71762E801845}C:\\users\\jonas\\desktop\\vbalink180b0\\visualboyadvance.exe"= UDP:C:\users\jonas\desktop\vbalink180b0\visualboyadvance.exe:visualboyadvance.exe "UDP Query User{0CE3F041-985A-4D5C-9945-2F84D55D8ADA}C:\\users\\jonas\\desktop\\vbalink180b0\\visualboyadvance.exe"= TCP:C:\users\jonas\desktop\vbalink180b0\visualboyadvance.exe:visualboyadvance.exe "TCP Query User{A9BDEA3E-5F7C-4563-A517-A0C237022A19}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{8A007298-66A1-414A-8EDE-378321DC1EE0}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{F2A69561-3DFF-4679-B991-7B7396D9CFA3}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= UDP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "UDP Query User{12429FB0-E29E-4E08-87EE-5C4D3EB18909}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= TCP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "TCP Query User{80F0AE9D-9B22-4E56-AB86-5F439B218F5D}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= UDP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "UDP Query User{F5F0CAC3-64D9-47C5-9877-55DB316D1310}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= TCP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "TCP Query User{0BA0BCD3-6180-47B2-A67D-6E1D1E5800D8}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{0E8A944D-BB38-431F-B900-53209C50460E}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "{29B72E8D-07D7-4FEA-B91A-083D271FB0FE}"= UDP:60324:torrent "{3322C490-919E-4629-ABD4-90389E79619C}"= UDP:6881:Torrent "TCP Query User{4E155425-54E0-4562-837C-871AE6B40231}D:\\mine dokumenter\\wormsarm\\worms armageddon.exe"= UDP:D:\mine dokumenter\wormsarm\worms armageddon.exe:Worms Armageddon "UDP Query User{C95F6EB2-DBFD-4B76-AACF-F66AEFA3568F}D:\\mine dokumenter\\wormsarm\\worms armageddon.exe"= TCP:D:\mine dokumenter\wormsarm\worms armageddon.exe:Worms Armageddon "TCP Query User{C328F0AB-4605-47F7-9F78-C79B2E5C4833}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{4FFAA915-BFB4-4048-8E09-4C8395962B87}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{F0CB81D4-2997-4D57-9443-657553395623}D:\\mine dokumenter\\liero\\lierox v0.56 pack 1.9\\lierox.exe"= UDP:D:\mine dokumenter\liero\lierox v0.56 pack 1.9\lierox.exe:LieroX "UDP Query User{B3DB4302-EEBF-423C-864A-4C2BDF2CD917}D:\\mine dokumenter\\liero\\lierox v0.56 pack 1.9\\lierox.exe"= TCP:D:\mine dokumenter\liero\lierox v0.56 pack 1.9\lierox.exe:LieroX "TCP Query User{78110DD8-F98D-4BCC-B570-9275CB588F98}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood "UDP Query User{D73A300B-506D-4863-B63F-BEFCD01868D5}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood "TCP Query User{F94DE2CE-061E-48E8-B2D7-113533465678}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe: "UDP Query User{8DF47CD8-F0CA-49D8-AA5F-65138F163D6B}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe: "TCP Query User{BCAD12BF-11C7-482A-94A5-B6470548F667}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner "UDP Query User{23147BD5-E84E-4C9B-96BC-55308A075399}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner "TCP Query User{15D9D66C-EBC3-4067-812A-1BE3E81A6B4F}D:\\mine dokumenter\\liero\\lierox-v0.62b\\lierox.exe"= UDP:D:\mine dokumenter\liero\lierox-v0.62b\lierox.exe:Liero Xtreme "UDP Query User{3BABDCF7-739E-4FA5-AA5D-233DF861A340}D:\\mine dokumenter\\liero\\lierox-v0.62b\\lierox.exe"= TCP:D:\mine dokumenter\liero\lierox-v0.62b\lierox.exe:Liero Xtreme "TCP Query User{5A9A522C-CC8E-46F1-AE73-2D1D965B86AB}D:\\mine dokumenter\\liero\\openlierox\\openlierox.exe"= UDP:D:\mine dokumenter\liero\openlierox\openlierox.exe:OpenLieroX "UDP Query User{1194773C-DBED-4036-82D7-229D6FF9FCAC}D:\\mine dokumenter\\liero\\openlierox\\openlierox.exe"= TCP:D:\mine dokumenter\liero\openlierox\openlierox.exe:OpenLieroX "TCP Query User{637ED327-BC79-4AC1-9BED-C46989530AC7}D:\\mine dokumenter\\liero\\lierox v0.56 pack 1.9\\lierox.exe"= UDP:D:\mine dokumenter\liero\lierox v0.56 pack 1.9\lierox.exe:LieroX "UDP Query User{C56175EA-A04B-4EBB-B884-303767B14B56}D:\\mine dokumenter\\liero\\lierox v0.56 pack 1.9\\lierox.exe"= TCP:D:\mine dokumenter\liero\lierox v0.56 pack 1.9\lierox.exe:LieroX "{325EFA2F-0392-4D1D-A7F2-825538892EBB}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0 "{4896560C-EC33-4287-BD30-AE1696C5095D}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0 "TCP Query User{865A1A34-0661-40A9-B111-7FF2B397D037}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{01B54518-A3EA-4684-BE9E-36CF9D076EC0}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "{949B14B6-BB5B-49A4-9A68-4C6E4EC426C4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{1CF00EE6-D39B-4D7E-87A4-DD2239230324}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{B50DF421-FC13-48E4-BBF1-49810600B4B7}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{C3923E18-3083-44A9-8499-52165436768F}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service "UDP Query User{870E4C39-108D-4F14-82BE-6BD4BE0B380D}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service "TCP Query User{1499B3BB-44DB-40E7-ABAA-9007EEA00A3A}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "UDP Query User{910409F7-CBD9-4587-A7C8-16B7A7570E27}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "{5B39FD69-D98F-4C4F-A690-CACE3806C859}"= UDP:12345:Trend Micro OfficeScan Listener "TCP Query User{05BC955A-93CA-4B46-8D01-DCA519A84919}C:\\program files\\world of warcraft\\wow-1.12.0-engb-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.0-engb-downloader.exe:Blizzard Downloader "UDP Query User{0AB29C9F-55FF-4F19-BD26-CBF7A6F9D887}C:\\program files\\world of warcraft\\wow-1.12.0-engb-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.0-engb-downloader.exe:Blizzard Downloader "TCP Query User{6F8A37B8-A28C-403B-80D0-35AD053BBFB9}C:\\users\\jonas\\appdata\\local\\temp\\rar$ex00.767\\ipcurve\\ipcurve.exe"= UDP:C:\users\jonas\appdata\local\temp\rar$ex00.767\ipcurve\ipcurve.exe:ipcurve.exe "UDP Query User{10EC1A94-A414-4F57-8F81-FD1456B64982}C:\\users\\jonas\\appdata\\local\\temp\\rar$ex00.767\\ipcurve\\ipcurve.exe"= TCP:C:\users\jonas\appdata\local\temp\rar$ex00.767\ipcurve\ipcurve.exe:ipcurve.exe "TCP Query User{C180E8D4-61CD-4FB0-8507-DF25D67957A8}D:\\mine dokumenter\\azureus downloads\\curve\\ipcurve\\ipcurve.exe"= UDP:D:\mine dokumenter\azureus downloads\curve\ipcurve\ipcurve.exe:ipcurve "UDP Query User{1519C8E3-1F54-4D38-9838-62F76CE26416}D:\\mine dokumenter\\azureus downloads\\curve\\ipcurve\\ipcurve.exe"= TCP:D:\mine dokumenter\azureus downloads\curve\ipcurve\ipcurve.exe:ipcurve "TCP Query User{101A2B50-1962-4B62-AFF3-7EB5BE5703E6}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe:Blizzard Downloader "UDP Query User{A0949491-5C87-4021-A4A7-30E585E7A410}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe:Blizzard Downloader "TCP Query User{9A9EF794-C475-425B-8FC2-77F0FD093C4D}C:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary "UDP Query User{6F519652-3160-4204-8AB4-E8E05E8B9C43}C:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary "TCP Query User{0A04661E-BC88-4C4F-BE99-E7CEE915DC06}D:\\mine dokumenter\\azureus downloads\\curve\\ipcurve\\ipcurve.exe"= UDP:D:\mine dokumenter\azureus downloads\curve\ipcurve\ipcurve.exe:ipcurve "UDP Query User{DECF3012-04BC-4799-B859-0A8CDB3714BF}D:\\mine dokumenter\\azureus downloads\\curve\\ipcurve\\ipcurve.exe"= TCP:D:\mine dokumenter\azureus downloads\curve\ipcurve\ipcurve.exe:ipcurve "{000EBAAA-CD65-4BE0-A93E-52F12F3B5E70}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{B495F9AF-E93C-4E0E-A322-702364E943AE}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2008-08-28 143376] R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2008-08-28 235536] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] S3 cxbu0wdm;CardMan 3x21;C:\Windows\system32\DRIVERS\cxbu0wdm.sys [2006-10-16 92800] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-04-18 13352] S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \shell\AutoRun\command - I:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37aaaf96-05d2-11dd-9756-001b381f3b24}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL winupdate.exe \shell\menu\command - winupdate.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{736c13dc-bf21-11dc-9fbb-001b381f3b24}] \shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78236410-1442-11dd-af72-bab13f0224ce}] \shell\AutoRun\command - I:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7823642f-1442-11dd-af72-bab13f0224ce}] \shell\AutoRun\command - I:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78236441-1442-11dd-af72-001b381f3b24}] \shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78236443-1442-11dd-af72-001b381f3b24}] \shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79be6dd2-e613-11dc-a314-001b381f3b24}] \shell\AutoRun\command - I:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79be6df0-e613-11dc-a314-001b381f3b24}] \shell\AutoRun\command - I:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a618443-6677-11dc-9c37-001b381f3b24}] \shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a15c2041-56af-11dd-b3d2-c2cd84bd4f43}] \shell\AutoRun\command - I:\LaunchU3.exe -a *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe MSConfigStartUp-BMc79cbb88 - C:\Users\Jonas\AppData\Local\Temp\hgtwmqun.dll MSConfigStartUp-eDataSecurity Loader - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe MSConfigStartUp-eDSMSNfix - C:\Acer\Empowering Technology\eDSMSNfix.exe MSConfigStartUp-ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe MSConfigStartUp-PWRISOVM - C:\Program Files\PowerISO\PWRISOVM.EXE MSConfigStartUp-SetPanel - C:\Acer\APanel\APanel.cmd MSConfigStartUp-Sony Ericsson PC Suite - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe MSConfigStartUp-SUPERAntiSpyware - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSConfigStartUp-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\00gwwg5m.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-01 23:04:21 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-10-01 23:07:18 ComboFix-quarantined-files.txt 2008-10-01 21:06:15 Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Post-Run: 25,407,946,752 byte ledig 322 --- E O F --- 2008-09-26 16:24:32 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:16:21, on 01.10.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ehome\ehtray.exe C:\Users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe C:\Program Files\Launch Manager\LManager.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Opera\opera.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe C:\Program Files\Trend Micro\HijackThis\jykgk.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 151.204.41.29:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://casinband1.opplandvgs.no/auth/CCALogin.CAB O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://195.204.240.73/activex/AMC.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp08.photoprintit.de/microsite/502...geUploader3.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: eNetHook.dll O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 5799 bytes Lenke til kommentar
norbat Skrevet 1. oktober 2008 Forfatter Del Skrevet 1. oktober 2008 Frichassé: Ser greit ut. Fungerer pc'n greit? Du bør oppdater Vista med SP1 Lenke til kommentar
jojo123 Skrevet 1. oktober 2008 Del Skrevet 1. oktober 2008 Fungerer greit, men er litt treig. Har avinstallert en del programmer nå, og virker bedre. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå