Poster utskilt fra veiledertråden-2

[Looke]

 

ComboFix 08-12-15.08 - Simon 2008-12-16 21:56:56.2 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.2046.1068 [GMT 1:00]

Kjører fra: c:\users\Simon\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-16 til 2008-12-16 )))))))))))))))))))))))))))))))))

.

 

Ingen nye filer opprettet i dette tidsrommet

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-16 20:25 --------- d-----w c:\program files\Steam

2008-12-16 18:31 --------- d-----w c:\program files\mIRC

2008-12-16 18:19 --------- d-----w c:\users\Simon\AppData\Roaming\uTorrent

2008-12-16 18:07 --------- d-----w c:\users\Simon\AppData\Roaming\Malwarebytes

2008-12-16 18:07 --------- d-----w c:\programdata\Malwarebytes

2008-12-16 18:07 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-12-16 14:13 201,352 ----a-w c:\windows\System32\PnkBstrB.exe

2008-12-16 14:13 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-14 20:03 --------- d-----w c:\program files\PokerStars

2008-12-13 08:46 --------- d-----w c:\program files\K-Lite Codec Pack

2008-12-13 08:37 --------- d-----w c:\program files\Xvid

2008-12-13 01:12 --------- d-----w c:\users\Simon\AppData\Roaming\Ventrilo

2008-12-12 14:04 --------- d--h--r c:\users\Simon\AppData\Roaming\SecuROM

2008-12-12 14:03 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2008-12-12 12:58 --------- d-----w c:\programdata\Media Center Programs

2008-12-11 17:59 --------- d-----w c:\users\Simon\AppData\Roaming\Locktime

2008-12-11 17:59 --------- d-----w c:\programdata\Locktime

2008-12-11 17:59 --------- d-----w c:\program files\NetLimiter 2 Pro

2008-12-11 16:24 410,984 ----a-w c:\windows\System32\deploytk.dll

2008-12-11 16:24 --------- d-----w c:\program files\Java

2008-12-11 13:55 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2008-12-11 13:21 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-11 13:21 --------- d-----w c:\program files\EA GAMES

2008-12-11 13:19 --------- d-----w c:\users\Simon\AppData\Roaming\DAEMON Tools Lite

2008-12-11 13:15 --------- d-----w c:\users\Simon\AppData\Roaming\DAEMON Tools Pro

2008-12-11 13:15 --------- d-----w c:\users\Simon\AppData\Roaming\DAEMON Tools

2008-12-11 13:14 --------- d-----w c:\programdata\DAEMON Tools Lite

2008-12-11 13:14 --------- d-----w c:\program files\DAEMON Tools Lite

2008-12-11 13:10 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-12-11 12:26 --------- d-----w c:\program files\Ventrilo

2008-12-11 12:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-10 18:36 --------- d-----w c:\program files\CoreCodec

2008-12-10 18:22 --------- d-----w c:\users\Simon\AppData\Roaming\Winamp

2008-12-10 10:30 --------- d-----w c:\program files\Windows Sidebar

2008-12-10 10:30 --------- d-----w c:\program files\Windows Photo Gallery

2008-12-10 10:30 --------- d-----w c:\program files\Windows Mail

2008-12-10 10:30 --------- d-----w c:\program files\Windows Journal

2008-12-10 10:30 --------- d-----w c:\program files\Windows Defender

2008-12-10 10:30 --------- d-----w c:\program files\Windows Collaboration

2008-12-10 10:30 --------- d-----w c:\program files\Windows Calendar

2008-12-10 10:13 --------- d-----w c:\program files\Common Files\Steam

2008-12-10 10:11 --------- d-----w c:\program files\Winamp

2008-12-10 10:10 --------- d-----w c:\program files\CCleaner

2008-12-09 20:55 --------- d-----w c:\program files\Microsoft

2008-12-09 20:54 --------- d-----w c:\program files\Windows Live

2008-12-09 20:49 --------- d-----w c:\users\Simon\AppData\Roaming\mIRC

2008-12-09 20:48 --------- d-----w c:\users\Simon\AppData\Roaming\Media Player Classic

2008-12-09 20:47 --------- d-----w c:\program files\Common Files\Windows Live

2008-12-09 20:45 --------- d-----w c:\programdata\WLInstaller

2008-12-09 20:22 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-12-09 18:58 --------- d-----w c:\users\Simon\AppData\Roaming\Realtime Soft

2008-12-09 18:58 --------- d-----w c:\programdata\Realtime Soft

2008-12-09 18:58 --------- d-----w c:\program files\UltraMon

2008-12-09 18:32 --------- d-----w c:\program files\uTorrent

2008-12-09 18:25 --------- d-----w c:\program files\Opera

2008-12-09 17:18 --------- d-----w c:\programdata\NVIDIA

2008-12-09 16:55 319,456 ----a-w c:\windows\DIFxAPI.dll

2008-12-09 16:55 315,392 ----a-w c:\windows\HideWin.exe

2008-12-09 16:55 --------- d-----w c:\program files\Realtek

2008-12-09 16:54 --------- d-----w c:\program files\Common Files\InstallShield

2008-12-09 16:46 --------- d-----w c:\program files\Intel

2008-12-09 16:32 174 --sha-w c:\program files\desktop.ini

2008-12-04 20:46 180,224 ----a-w c:\windows\System32\xvidvfw.dll

2008-12-04 20:42 815,104 ----a-w c:\windows\System32\xvidcore.dll

2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-11-12 12:45 453,152 ----a-w c:\windows\System32\NVUNINST.EXE

2008-10-28 16:41 14,303,392 ----a-w c:\windows\System32\xlive.dll

2008-10-28 16:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll

2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll

2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll

2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-12-16_19.27.10.75 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-16 18:13:39 6,275,072 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT

+ 2008-12-16 20:56:45 6,275,072 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT

+ 2008-10-16 13:08:00 70,416 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe

- 2008-12-16 18:21:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-12-16 18:29:46 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-12-16 18:21:51 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-16 18:29:46 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-12-16 18:21:51 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-12-16 18:29:46 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-12-16 16:31:30 103,726 ----a-w c:\windows\System32\perfc009.dat

+ 2008-12-16 18:27:59 103,726 ----a-w c:\windows\System32\perfc009.dat

- 2008-12-16 16:31:30 609,944 ----a-w c:\windows\System32\perfh009.dat

+ 2008-12-16 18:28:00 609,944 ----a-w c:\windows\System32\perfh009.dat

- 2008-12-16 18:21:57 6,275,072 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2008-12-16 18:29:50 6,275,072 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2008-12-16 16:43:26 101,289,067 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.16659_001b1683_blobs.bin

+ 2008-12-16 18:28:13 101,585,775 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.16659_001b1683_blobs.bin

+ 2008-10-16 21:12:19 561,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wuapi.dll

+ 2008-10-16 20:55:59 83,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wudriver.dll

+ 2008-10-16 21:08:57 34,328 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wups.dll

+ 2008-10-16 12:56:04 31,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuapp.exe

+ 2008-10-16 13:08:00 162,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuwebv.dll

+ 2008-10-16 21:09:43 51,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuauclt.exe

+ 2008-10-16 21:13:38 1,809,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuaueng.dll

+ 2008-10-16 21:09:43 43,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wups2.dll

+ 2008-10-16 20:56:28 1,524,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.2.6001.788_none_a8125d5406872725\wucltux.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\steam\steam.exe" [2008-12-09 1410296]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]

"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 c:\windows\RtHDVCpl.exe]

 

c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

STANDARD.lnk - c:\users\Simon\AppData\Roaming\Realtime Soft\UltraMon\Profiles\STANDARD.umprofile [2008-12-09 327]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2394058434-2306417654-4167907351-1000]

"EnableNotificationsRef"=dword:00000002

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{70B3A06D-88CE-4940-957E-D2380E73D806}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{495ACF9A-D3D6-4DE9-B9D4-66FA6D4CF77C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{58B1042F-DA42-478E-AC34-FEF6EFA4A9BD}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{D5C78411-99F9-45F3-B28E-15E7BD9D36BB}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{0B76CCF4-C5F9-4BB5-B52F-2CA88FB4E1DE}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{472130D3-22BA-4FF2-8D4F-8EFD789BE92D}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{A2F79566-0FD4-42A0-99C7-E307E9AD6E66}"= UDP:c:\program files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe:Grand Theft Auto IV

"{9F74AC92-AC39-414E-B63B-72C6B1FF81B5}"= TCP:c:\program files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe:Grand Theft Auto IV

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R1 nltdi;nltdi;\??\c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2008-12-09 48128]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-16 21:58:10

Windows 6.0.6000 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'Explorer.exe'(2552)

c:\program files\UltraMon\RTSUltraMonHook.dll

.

Tidspunkt ferdig: 2008-12-16 22:10:32

ComboFix-quarantined-files.txt 2008-12-16 21:10:30

ComboFix2.txt 2008-12-16 18:30:30

 

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.

Post-Run: 409,774,166,016 bytes free

 

174

 

 

[norbat]

Det ser fint ut.

Avinstaller Combofix ved å skrive combofix /u i kjør-feltet (start->kjør).

 

Surf trygt.

[Looke]

Takker for hjelpen

[ssssss]

Hei!

Har da kjørt MBAM, men ComboFix funket ikke..

Her er loggen:

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1306

Windows 5.1.2600 Service Pack 3

 

15.12.2008 22:33:20

mbam-log-2008-12-15 (22-33-20).txt

 

Skanntype: Rask Skann

Objekter skannet: 66595

Tid tilbakelagt: 13 minute(s), 28 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

[norbat]

ssssss:

Du bør opprette din egen tråd (klikk Nytt Emne-knappen) da det i utg.pkt ikke utføres support lengre i denne tråden.

 

Gjør følgende:

Last ned RSIT.exe, legg det på skrivebordet.

 

Start programmet ved å dobbeltklikke på RSIT.exe

Klikk Continue

Etter få strakser vil det lages to logger (main.txt og info.txt).

 

Post begge i en egen tråd du oppretter ved å klikke Nytt Emne-knappen

Endret 17. desember 2008 av norbat

[Bennati]

Siden vises ikke...

[raWrz]

Siden vises ikke...

 

huh?

[Bennati]

hmm... virker nå, men ikke sist

[Shax#]

HiJackThis:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:46:02, on 31.12.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApVxdWin.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Users\KAI-MO~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Acer\Acer VCM\acp2HID.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\Test\HijackThis.exe

C:\Windows\system32\DllHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [LanzarL2007] "C:\Users\KAI-MO~1\AppData\Local\Temp\{8B59570B-C084-4373-B36E-6AD02DD7009F}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0006"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Acer VCM.lnk = ?

O4 - Global Startup: BTTray.lnk = ?

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrvx86.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

 

--

End of file - 12354 bytes

 

MBAM logg:

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.31

Databaseversjon: 1582

Windows 6.0.6001 Service Pack 1

 

31.12.2008 17:59:57

mbam-log-2008-12-31 (17-59-57).txt

 

Skanntype: Rask Skann

Objekter skannet: 47851

Tid tilbakelagt: 6 minute(s), 17 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 7

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.

 

Håper på hjelp:)

[Tosha0007]

@mini097: Som tidlegare nemnd i tråden har me slutta med hjelp her. For å få hjelp klikk på "Nytt emne" øvst eller nedst på denne sida. Post så loggane der (i ein ny tråd) og velg start nytt emne

[War]

combofix og vista 64bit = >< Løsning?

Fant foressten en fyfy (bildet skal ikke kommenteres og er kun ment som postpynt)

Endret 5. januar 2009 av War

[r2d290]

War: gjør det veiledningen ber deg om, og post loggene her i din egen tråd: https://www.diskusjon.no/index.php?showtopic=1056476

[War]

Har jeg postet en logg?

Spritet opp posten min siden spørsmålet var så kort.

[Colamann]

Hei.

 

Har gått gjennom veiledningen. Og dette er resultatene:

 

MBAM:

Malwarebytes' Anti-Malware 1.32

Databaseversjon: 1625

Windows 5.1.2600 Service Pack 2

 

07.01.2009 05:24:01

mbam-log-2009-01-07 (05-24-01).txt

 

Skanntype: Rask Skann

Objekter skannet: 48921

Tid tilbakelagt: 3 minute(s), 17 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 3

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e20388a0-577d-48c0-a0b9-eca80fe51f1b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e20388a0-577d-48c0-a0b9-eca80fe51f1b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gupebakoyi (Trojan.Vundo.H) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\matiyefu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.

 

 

 

Combofix:

ComboFix 09-01-05.05 - User 2009-01-07 5:29:22.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.2046.1235 [GMT 1:00]

Kjører fra: c:\documents and settings\User\Skrivebord\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\User\Programdata\.#

c:\windows\system32\adanudum.ini

c:\windows\system32\adeloyiv.ini

c:\windows\system32\dumphive.exe

c:\windows\system32\ebefufer.ini

c:\windows\system32\IEDFix.exe

c:\windows\system32\orafewep.ini

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\uberilid.ini

c:\windows\system32\ujuhelet.ini

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

H:\Autorun.inf

 

----- BITS: Mulige infiserte sider -----

 

hxxp://77.74.48.101

hxxp://77.74.48.105

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-07 til 2009-01-07 )))))))))))))))))))))))))))))))))

.

 

2009-01-07 05:19 . 2009-01-07 05:19 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2009-01-07 05:19 . 2009-01-07 05:19 <DIR> d-------- c:\documents and settings\User\Programdata\Malwarebytes

2009-01-07 05:19 . 2009-01-07 05:19 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-01-07 05:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-07 05:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-04 15:14 . 2009-01-04 15:24 296 --a------ c:\windows\hex.ini

2009-01-04 15:09 . 2009-01-04 15:09 <DIR> d-------- c:\windows\ShellNew

2009-01-04 15:09 . 2009-01-04 15:09 <DIR> d-------- c:\programfiler\AutoIt3

2009-01-03 22:23 . 2009-01-03 22:23 2,710 ---hs---- c:\windows\system32\redivipo.exe

2009-01-03 04:21 . 2009-01-03 04:21 2,710 ---hs---- c:\windows\system32\pepimude.exe

2009-01-02 16:20 . 2009-01-02 16:20 5,376 --a------ c:\windows\system32\drivers\MS1000.sys

2009-01-02 16:19 . 2009-01-02 16:20 <DIR> d-------- c:\programfiler\The Cleaner Demo

2009-01-02 14:14 . 2009-01-02 14:14 <DIR> d-------- c:\programfiler\SUPERAntiSpyware

2009-01-02 14:14 . 2009-01-02 14:14 <DIR> d-------- c:\documents and settings\User\Programdata\SUPERAntiSpyware.com

2009-01-02 14:14 . 2009-01-02 14:14 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com

2009-01-02 13:34 . 2009-01-02 13:34 <DIR> d-------- c:\windows\system32\ZoneLabs

2009-01-02 13:34 . 2009-01-02 13:34 <DIR> d-------- c:\programfiler\Zone Labs

2009-01-02 13:34 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll

2009-01-02 13:34 . 2009-01-07 05:33 348,371 --a------ c:\windows\system32\vsconfig.xml

2009-01-02 13:34 . 2009-01-02 13:34 4,212 --ah----- c:\windows\system32\zllictbl.dat

2009-01-02 13:32 . 2009-01-07 05:33 <DIR> d-------- c:\windows\Internet Logs

2009-01-02 10:18 . 2009-01-02 10:18 2,710 ---hs---- c:\windows\system32\biwomagu.dll

2009-01-01 22:18 . 2009-01-01 22:18 2,710 ---hs---- c:\windows\system32\perapehu.dll

2009-01-01 10:18 . 2009-01-01 10:18 2,710 ---hs---- c:\windows\system32\tofuropi.dll

2008-12-31 14:29 . 2008-12-31 14:29 211 --a------ c:\windows\wininit.ini

2008-12-31 13:55 . 2009-01-07 05:25 <DIR> dr-h----- c:\documents and settings\User\Siste

2008-12-31 10:18 . 2008-12-31 10:18 2,710 ---hs---- c:\windows\system32\tesutefa.dll

2008-12-31 10:18 . 2008-12-31 10:18 2,710 ---hs---- c:\windows\system32\hewevahu.dll

2008-12-31 10:18 . 2008-12-31 10:18 2,710 ---hs---- c:\windows\system32\gerivaya.dll

2008-12-31 10:01 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe

2008-12-30 22:17 . 2008-12-30 22:17 2,710 ---hs---- c:\windows\system32\zofowoda.dll

2008-12-30 22:17 . 2008-12-30 22:17 2,710 ---hs---- c:\windows\system32\tigogitu.dll

2008-12-30 22:17 . 2008-12-30 22:17 2,710 ---hs---- c:\windows\system32\juteruno.dll

2008-12-30 14:30 . 2008-12-30 14:30 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-26 15:20 . 2008-12-26 15:29 <DIR> d-------- c:\programfiler\Incomplete

2008-12-17 05:30 . 2008-12-17 05:30 <DIR> d-------- c:\programfiler\Tortun

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-07 04:34 --------- d-----w c:\documents and settings\User\Programdata\uTorrent

2009-01-07 04:30 --------- d-----w c:\programfiler\DC++

2009-01-07 04:21 --------- d-----w c:\documents and settings\User\Programdata\SiteAdvisor

2009-01-02 13:13 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard

2009-01-02 13:11 --------- d-----w c:\programfiler\Microsoft ActiveSync

2008-12-31 13:06 --------- d-----w c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy

2008-12-30 13:30 --------- d-----w c:\programfiler\Java

2008-12-28 08:20 --------- d-----w c:\programfiler\Lavasoft

2008-12-26 14:23 --------- d-----w c:\programfiler\LimeWire

2008-12-10 01:18 --------- d-----w c:\programfiler\Steam

2008-12-09 03:20 --------- d-----w c:\documents and settings\User\Programdata\Skype

2008-12-08 23:08 --------- d-----w c:\documents and settings\User\Programdata\skypePM

2008-12-05 20:15 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-11-16 20:39 --------- d-----w c:\documents and settings\User\Programdata\dvdcss

2008-11-12 18:24 --------- d-----w c:\programfiler\Spybot - Search & Destroy

2008-11-09 21:16 --------- d-----w c:\programfiler\Video Strip Poker

2008-11-09 14:47 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP

2008-11-07 20:51 --------- d-----w c:\programfiler\Real Alternative

2008-10-27 09:54 901,120 ----a-w c:\windows\TMUninst.exe

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]

"NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2005-09-08 94208]

"µTorrent"="c:\documents and settings\User\Skrivebord\utorrent.exe" [2007-09-24 177152]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2004-10-13 1694208]

"msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]

"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-30 136600]

"UnlockerAssistant"="c:\programfiler\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Launch LCDMon"="c:\programfiler\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 1687824]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-01-31 385024]

"Launch LGDCore"="c:\programfiler\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]

"ZoneAlarm Client"="c:\programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 11:05 356352 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.VSPX"= vspxvfw.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 c:\programfiler\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\User\\Skrivebord\\utorrent.exe"=

"c:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Programfiler\\DC++\\DCPlusPlus.exe"=

"c:\\Programfiler\\Steam\\steamapps\\[email protected]\\ricochet\\hl.exe"=

"c:\\Programfiler\\Steam\\steamapps\\[email protected]\\team fortress 2\\hl2.exe"=

"c:\\Programfiler\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=

"c:\\Programfiler\\Steam\\Steam.exe"=

"c:\\Programfiler\\Steam\\steamapps\\[email protected]\\garrysmod\\hl2.exe"=

"c:\\Programfiler\\VentSrv\\ventrilo_srv.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"g:\\Format\\PROGRAMFILER\\Warcraft III\\war3.exe"=

"c:\\Programfiler\\TVersity\\Media Server\\MediaServer.exe"=

"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"c:\\Programfiler\\Tortun\\gui.exe"=

"c:\\Programfiler\\Unlocker\\UnlockerAssistant.exe"=

"c:\\Programfiler\\Java\\jre6\\bin\\jqs.exe"=

"c:\\Programfiler\\Fellesfiler\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184]

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 81688]

R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]

R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]

R3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-02-14 30464]

R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-05 20560]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-01-07 38496]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-NWEReboot - (no file)

 

 

.

------- Tilleggsskanning -------

.

uInternet Settings,ProxyServer = 208.69.147.43:80

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\User\Programdata\Mozilla\Firefox\Profiles\eci97996.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - component: c:\documents and settings\User\Programdata\Mozilla\Firefox\Profiles\eci97996.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - component: c:\documents and settings\User\Programdata\Mozilla\Firefox\Profiles\eci97996.default\extensions\[email protected]\components\coolirisstub.dll

FF - plugin: c:\programfiler\Vizky\npVizky.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-07 05:33:50

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1390067357-790525478-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]

"??"=hex:ff,d4,a2,d1,0a,b8,4d,d7,17,55,9e,ca,1d,2f,ae,47,b1,de,05,29,8f,35,17,\

ac,83,ac,59,81,b4,48,0a,be,f0,c1,5e,a3,b0,e1,90,80,f4,93,53,02,1d,f5,33,55,\

93,e5,5f,e2,c2,ac,d8,25,44,ce,dc,ab,f9,0c,b2,b4,2e,5e,a7,80,6b,82,42,e5,fb,\

fe,a8,d3,30,a1,c8,74,9d,a8,78,4f,ab,0e,ec,7a,38,b8,71,cd,22,6b,45,ae,9d,c5,\

f3,c3,98,15,96,b8,62,ff,15,55,0a,fd,84,be,34,d1,19,f1,d1,b2,0f,5b,8d,b5,52,\

f1,2c,13,a2,ff,d8,9b,ea,a8,14,c7,f6,6a,61,2c,c5,85,f5,a9,7f,b8,99,2f,27,a3,\

45,8e,b5,b8,4d,98,7b,fc,c7,ca,38,6d,cc,1a,ea,62,6f,ab,0a,51,92,ea,2e,cb,2b,\

0d,a2,d4,f9,96,e5,be,be,7a,3c,a6,85,90,fd,75,52,c5,2f,4e,fd,0e,1b,b9,47,c9,\

29,49,27,80,fb,ca,3b,0a,d9,11,90,37,92,93,69,26,60,21,fd,ca,97,6d,9e,e4,38,\

bb,5f,ba,b8,f0,e0,8e,f4,44,90,9e,c3,da,93,cc,54,56,f9,00,b2,94,de,cd,f2,4e,\

ef,4b,ed,fc,eb,45,29,aa,48,11,67,cb,1d,da,74,ad,0a,1f,c1,12,f0,b0,f7,d5,cc,\

5a,14,e1,17,48,6b,77,29,77,ea,ca,d5,fa,21,5f,19,b4,e8,9a,14,d1,af,38,6f,d0,\

30,9a,6a,6a,a6,03,52,ff,37,58,9d,87,1d,54,4e,33,fc,36,e7,74,57,1f,ab,e7,da,\

0e,6f,9c,25,22,e4,7a,0a,fc,12,1e,15,f6,ba,48,76,27,c2,00,1a,78,b4,50,49,d7,\

d5,5c,84,d1,2f,08,15,4b,69,e3,37,de,3f,10,b4,66,8a,d8,4f,ac,0c,02,af,92,d2,\

34,e8,02,9e,02,af,ed,38,b1,b7,da,d6,a7,1d,7f,05,a2,b1,3e,a4,d0,a0,3c,57,db,\

fa,17,74,21,da,be,c3,bd,64,af,ce,24,3d,79,70,01,7c,8e,63,31,ab,29,30,66,05,\

60,48,7e,92,5e,ab,02,38,2e,c0,23,f4,48,18,5d,85,51,7f,e4,b3,e6,6c,09,84,92,\

d8,1e,30,91,61,0b,c9,b6,5e,dc,4a,c4,62,de,b6,a6,51,07,65,a0,7d,84,f9,5c,bf,\

4d,a9,47,4c,ec,cb,80,d6,98,24,ce,c3,66,f0,59,50,85,6d,d7,5a,d5,59,7e,a7,d3,\

40,be,10,98,33,15,5d,ee,b6,03,78,b8,d3,11,5b,5a,60,0b,f6,6c,02,bf,7c,d3,ae,\

6e,58,5e,0e,0b,f8,d9,dd,fb,ab,54,e9,b7,8f,e3,b8,67,10,ba,93,31,27,22,62,5a,\

94,ab,f3,8e,5e,f9,d8,1a,cc,0f,aa,44,f3,98,0d,fa,ed,c2,27,57,58,17,44,d1,70,\

87,c2,9a,1a,0e,b2,d9,f2,a5,c5,6a,d9,e9,e6,04,9e,66,36,51,76,ca,98,e6,75,64,\

1e,96,ae,c3,cf,18,a6,33,0d,9f,79,fa,22,17,b9,5a,dc,e8,82,b4,6d,77,17,46,44,\

ad,8f,b7,f8,98,fc,a3,42,2a,17,f0,21,fc,37,75,db,cd,fe,e1,8d,21,59,12,b4,73,\

a9,f3,64,18,7f,95,61,bb,16,ec,b9,d9,5e,d4,76,eb,a6,c5,7a,ac,71,4d,6f,5a,5e,\

92,ea,4f,8a,e2,85,ee,d2,8d,13,4f,bb,d8,c5,b4,24,aa,5c,28,c7,2d,be,a4,e6,59,\

fe,20,22,67,49,28,09,ba,60,e9,5b,ae,86,0a,a0,19,5e,c8,3a,ef,bf,71,b4,57,c1,\

1c,6a,27,6a,76,73,07,fb,9b,47,e5,50,ea,20,7a,97,cc,61,e5,43,7d,e6,84,2f,b2,\

31,01,6e,14,c2,f5,24,af,f9,18,da,55,48,ba,ac,c9,0d,08,ca,bd,ae,3f,43,ce,ec,\

29,33,05,14,b5,46,90,1b,e9,44,4d,ab,53,d8,8d,e1,c1,60,02,c8,5a,85,cf,24,ac,\

40,80,81,42,3b,67,9a,d0,c6,29,2a,c8,39,e6,fa,c5,36,b6,e0,f5,e4,9c,d8,61,68,\

51,c6,25,90,2e,23,ec,a3,0c,01,69,1a,d8,4f,c3,75,2e,0c,31,4d,8d,62,99,24,6a,\

a3,d3,92,96,51,e7,a5,05,cf,5f,83,9d,ba,81,6c,42,06,5e,c2,2a,e0,4e,5d,50,67,\

45,e9,d1,0c,74,3d,fe,b6,07,1e,ed,61,6b,9a,10,41,a4,d5,23,19,ee,4b,6d,4d,3d,\

44,8d,c7,b7,86,6a,ef,b2,e7,36,30,74,9b,0f,8c,dd,32,60,14,0f,3f,2d,c3,9f,f6,\

17,c3,e4,17,c7,06,10,9c,15,57,8c,62,4c,f7,72,05,fa,76,ca,ca,b4,9a,e6,34,10,\

e5,3f,3c,42,41,3b,26,26,2f,03,0b,dc,ca,a8,7e,86,4b,83,54,be,57,58,91,80,be,\

a3,5a,34,b3,6b,81,82,cd,4e,5b,45,82,9b,0f,2f,0f,c7,c4,28,32,a6,64,98,de,5e,\

fc,c1,10,e0,90,35,6b,33,ee,ce,19,47,82,e4,be,05,68,de,fd,fb,dc,89,49,34,7b,\

5f,7c,2a,49,2b,4e,2a,e5,72,15,98,2d,90,3f,af,c6,13,9b,d5,42,3c,f3,22,7c,4f,\

b1,13,73,c9,e1,07,43,c5,81,60,9e,d7,dd,1b,ed,2d,d9,7a,23,32,01,77,98,f6,5d,\

83,24,b2,56,58,9a,40,47,ac,83,54,c8,73,b2,d7,70,7c,0e,37,44,f9,69,d1,7e,36,\

42,20,f3,a5,68,30,a3,dc,c4,70,9d,f6,7b,d7,59,ab,a6,25,59,c6,ef,7e,21,cc,12,\

50,49,15,aa,79,5e,9b,f8,d6,6a,a7,e0,7d,f9,25,50,96,e0,c3,c9,2d,b3,48,8b,a4,\

fd,f6,32,84,77,27,9b,de,a7,d7,4e,03,9c,3b,9d,03,90,4b,d4,d6,d7,24,ba,db,eb,\

51,83,22,3a,a5,51,8f,e4,5c,24,86,00,a4,d1,e9,52,01,62,d1,d3,9e,db,e8,ca,b8,\

f2,e6,6a,18,55,c7,89,9f,34,cb,06,98,e1,5f,2b,17,0a,30,54,bc,81,5e,52,27,84,\

47,2a,7b,bb,d7,d4,80,8b,08,8a,e5,5b,d2,89,95,a8,72,73,a4,49,8f,bf,7b,19,70,\

af,0c,48,9e,fb,8e,6a,a1,fd,1d,c6,c9,c9,f9,d0,26,40,f5,e1,a4,ae,21,13,f0,d6,\

0c,42,b1,ac,29,6a,3c,f7,8c,dd,68,7c,4f,71,c0,b5,f8,3f,0d,41,0c,9a,f6,8f,d6,\

58,a7,e2,12,78,2e,35,e8,dc,af,04,84,cc,91,67,fc,d3,7a,58,f7,0c,37,db,d1,74,\

d4,b5,6c,14,49,ed,67,ed,11,53,28,9d,3d,58,77,77,ed,fe,d5,e0,5e,e6,c6,6d,60,\

07,69,ab,a8,8b,f4,64,d3,c8,bf,90,9a,f3,11,02,00,87,ee,d8,01,42,97,99,57,92,\

2c,06,66,89,71,94,f6,78,b5,74,8f,b4,66,46,f6,66,8e,e8,db,f5,9a,5e,57,93,b5,\

0c,d7,19,29,0f,6f,81,e1,8b,bb,b9,aa,d2,6e,ac,e4,44,ca,c3,f7,de,37,af,04,10,\

2d,a9,d4,50,0e,c5,ec,e7,ad,d9,e8,c0,3c,2e,e9,f5,70,6f,7e,4c,58,79,f1,be,16,\

f2,c7,8a,e9,38,af,10,71,5e,9d,9b,2d,cd,d0,bc,9b,41,97,9b,7e,59,ca,19,f5,8d,\

f9,e7,c7,e5,f2,b7,ff,2d,e1,88,fb,ee,6e,bb,f0,7d,b8,04,ae,d2,e6,33,39,81,2a,\

ef,73,39,9d,b2,01,7f,76,a4,f3,02,3c,4a,0d,02,59,13,9f,6f,bc,7b,4a,ac,10,9f,\

7b,02,f1,7c,18,f0,e2,2c,23,29,65,4a,02,65,f9,08,d9,ea,f3,a2,5f,60,4e,9a,cc,\

06,2f,c6,13,01,6d,2e,27,b1,a9,ef,36,ac,e7,f3,85,7f,d0,3c,58,d2,ce,4f,81,ae,\

bc,e7,a8,07,18,ee,7a,69,0f,df,22,6c,9f,e2,f2,e4,c4,e0,98,96,3c,91,92,b4,63,\

25,bf,1c,d4,cc,0b,81,b7,40,64,43,2d,66,03,8a,38,32,90,88,f7,a5,f0,9f,72,dd,\

9b,4d,af,56,29,35,6a,a3,1b,a9,14,d2,64,b8,e4,c6,8b,68,86,13,4f,e3,22,ed,8f,\

e8,f3,4c,b7,f7,61,7a,34,08,37,69,76,3e,25,23,6a,c8,62,3d,9a,58,7b,3f,1a,3f,\

2f,48,1b,03,be,8b,d0,df,dc,77,2e,b5,6d,d4,1a,1d,23,1e,9a,1b,56,df,4e,cb,6d,\

7b,45,ef,51,16,f1,46,cb,5d,f9,3a,b6,83,26,5a,3b,d5,1a,ce,e9,ab,0d,3f,fa,03,\

1d,95,28,fb,0c,84,06,00,0a,4f,7e,bf,2c,86,54,53,86,7b,c3,c7,61,c7,8c,b9,58,\

01,fe,3b,0d,45,a4,f9,61,ed,00,05,24,d3,f8,66,92,6e,a7,92,79,a4,0f,b9,84,2f,\

01,70,6a,6f,1e,40,35,6e,c2,d8,1a,39,11,18,68,97,64,53,9c,ad,e4,3f,06,71,bd,\

d1,25,16,4c,91,5d,28,72,33,49,f8,f7,75,29,e6,1f,4f,c2,8e,e8,2a,eb,e0,7d,22,\

32,9f,22,f5,1a,0c,6f,0d,f8,99,62,a7,2d,45,73,18,13,c1,5a,f8,a3,6a,e6,da,00,\

42,77,a9,5b,8b,4f,8f,8e,10,d7,68,db,dc,0e,80,f7,8c,f9,1a,4f,a6,02,18,c3,f4,\

c7,ca,25,3a,4f,f2,16,21,68,9a,84,b9,6d,fc,e3,87,12,e0,69,62,6b,01,0f,c8,03,\

2f,91,4f,eb,cc,b5,96,e9,03,c0,62,f9,be,fe,ef,50,0b,de,fb,99,ab,86,04,19,91,\

2d,6a,7f,19,66,2f,6d,3b,ac,87,7d,93,17,79,09,9c,21,51,80,3a,45,e5,79,96,aa,\

45,bb,a6,5f,71,de,b6,c0,a5,83,d5,1c,eb,8b,13,8c,1c,4b,9c,21,cc,db,ac,82,29,\

ee,49,b5,f8,c2,d7,82,31,48,a5,f0,43,ed,22,34,d8,c6,fa,d7,7e,8b,b9,b1,db,7c,\

16,3c,42,13,f5,ad,82,9a,f9,f3,ff,2a,88,8c,5b,9f,e5,f6,bd,e1,08,e6,45,07,40,\

6d,6e,23,b7,53,4e,57,ed,59,7f,20,89,a9,c9,4e,26,9f,98,56,86,92,d8,ca,9d,07,\

00,14,81,27,90,0c,4d,69,42,86,9a,78,3e,3b,5a,92,7b,55,6a,5d,99,ba,2c,b0,4f,\

f0,68,55,c9,07,b7,70,97,e0,e7,f7,83,94,d5,a2,6c,b8,5c,97,db,6b,be,2f,2e,f8,\

23,f7,2c,28,50,ee,ab,ad,bb,b9,60,ec,b4,75,ad,7a,03,e7,03,ad,19,a6,c0,01,26,\

1e,a5,6b,94,17,c2,61,ae,ea,76,57,08,9c,e8,40,38,0b,9b,86,85,05,62,60,83,1d,\

58,8a,4e,45,b7,7b,c6,0f,07,35,c4,28,a4,41,6d,22,8e,73,7c,39,5f,f4,62,32,63,\

5e,70,b1,8e,42,5c,fc,7b,64,c2,04,17,30,99,4f,de,1d,8d,6a,ab,37,47,df,33,3f,\

74,ff,ad,21,ab,74,62,74,6b,db,a5,4c,9d,b3,86,0e,f3,74,c4,32,ea,6f,57,45,4a,\

ff,48,80,a9,53,44,0e,b9,7c,f1,cb,da,16,d7,38,a9,bd,ad,00,84,c1,6b,ac,fb,bd,\

b8,fd,98,20,6e,9e,4e,de,ee,a9,3a,21,5f,da,f9,80,59,f2,f0,7c,99,d9,83,c2,59,\

95,2c,1f,5f,33,62,22,90,b9,eb,15,0b,6b,e1,0f,ff,53,06,2e,7d,e7,2b,43,b0,a5,\

1e,24,e3,d8,c3,44,f9,2a,72,c0,9f,35,a2,4e,10,55,d4,be,51,cb,4c,10,01,d7,8b,\

0c,34,d2,59,1a,9b,5c,70,d9,e8,7c,38,e0,d7,09,ef,f5,30,4e,02,da,26,aa,94,44,\

bd,41,fe,2c,d8,e3,84,6e,f7,18,ec,b7,fd,52,f4,63,5e,d5,fa,1e,dd,46,44,8c,9a,\

9e,12,95,12,f5,4f,1f,e6,25,df,f5,cc,28,e7,21,ea,49,84,4c,8e,7b,9e,10,08,3b,\

14,8f,c1,72,f9,9c,bf,38,34,54,1f,c8,69,d9,42,bb,ce,a4,a8,c5,b4,d1,a2,fb,78,\

24,b3,61,9b,cf,45,1b,17,81,fb,58,50,dd,e9,a2,cc,0f,11,50,a3,75,f4,5d,a3,8c,\

3d,03,f7,d5,8d,52,8a,16,f0,5e,86,a4,d5,c8,3f,01,4b,f4,a8,97,05,05,fb,06,b2,\

ae,e3,fc,cc,15,ff,65,97,77,45,6a,9a,d0,7b,25,cc,be,38,74,0a,44,3b,63,6a,aa,\

7c,3e,7d,25,5b,67,a6,91,4f,49,18,ea,41,15,ec,af,ef,2d,4f,49,93,fd,7b,98,7f,\

31,fe,0b,5d,01,c3,35,0b,bc,8f,6d,66,79,df,5a,e9,01,91,8d,9a,fa,5f,d2,64,b5,\

a8,99,5e,6d,3e,3e,8d,2c,0d,ab,a1,40,65,33,af,57,37,0e,3f,a1,f0,9c,7a,32,16,\

57,07,c7,90,ce,6f,5a,d9,d2,4d,31,3f,e2,1c,2f,da,94,6d,a8,57,2a,85,33,a5,89,\

1d,6a,34,94,8f,87,15,64,9a,c5,5b,af,d6,02,c5,45,ee,5b,34,77,25,e0,da,fb,f3,\

cd,4e,d3,7d,e6,33,36,cc,67,2d,a4,08,8a,02,c7,5f,75,19,e3,ad,8b,7a,1a,3e,e2,\

97,ba,e5,57,82,6c,21,59,ce,16,11,40,1b,d8,8e,1c,c0,1e,b3,88,e6,d1,6e,57,81,\

e4,f8,6c,c9,c9,e2,39,35,c5,18,16,b0,e5,87,53,af,62,bd,a5,6f,b6,34,70,8d,b5,\

8f,1a,67,ff,94,39,5c,ec,d9,36,a2,10,fe,95,19,5c,1b,d1,bb,68,6d,f5,42,6a,d1,\

06,1d,6b,97,52,9c,fe,f7,31,14,86,ce,65,14,d1,de,56,d9,71,00,61,df,67,0f,3f,\

24,4e,bf,03,27,85,e0,6b,1f,b0,d2,bd,fe,9c,27,6b,57,45,09,b6,f2,8a,b3,d7,bf,\

52,23,fe,96,44,0c,f8,51,01,28,a6,e6,09,e5,b0,c4,e7,9a,7a,07,88,7e,de,b4,79,\

32,a0,cd,f3,84,61,8b,37,83,17,35,8c,c7,86,01,59,fb,eb,a7,a5,56,1c,30,d6,34,\

32,ee,7f,48,62,6b,ed,07,8f,c6,25,c6,55,58,f3,40,e7,24,6a,79,be,ac,98,e8,a0,\

0f,1f,eb,81,19,ae,73,ef,21,3f,25,49,d8,b3,a8,c6,b7,79,69,46,09,7e,e1,d0,32,\

46,75,07,5e,43,a6,cc,f3,f4,07,31,14,5b,19,a2,ff,38,c2,76,b6,a9,c2,b3,b4,19,\

d6,b5,7e,06,c6,0d,24,bf,3c,0c,56,29,ed,5b,c9,ff,58,35,7a,cd,6d,c1,2e,aa,2c,\

03,f7,f2,13,ec,c2,f8,b7,6c,82,e9,f8,f8,a9,d7,c3,5b,ce,35,79,42,29,c8,ab,47,\

49,97,c9,74,ed,4c,70,d9,cc,e6,83,46,a4,72,a5,32,34,aa,41,95,76,8b,98,a3,9b,\

0f,30,77,13,86,b4,3d,95,e3,d2,88,6d,15,61,6b,bb,86,6e,52,f1,17,01,63,da,e9,\

46,02,63,d1,16,6f,21,18,77,fc,65,d2,b4,52,2d,88,b7,c4,13,2c,e2,c8,ce,c0,09,\

7d,4e,8d,04,79,3a,8e,16,a8,02,ca,ea,46,81,31,38,ab,1f,b2,60,55,84,50,8d,21,\

ff,3a,bc,fb,a2,8c,fe,8b,9d,62,97,a9,51,f0,7a,4b,ed,e1,a4,b5,35,c7,4c,a2,42,\

a7,05,e6,73,40,ee,ea,36,56,6e,71,e5,9a,22,08,fc,91,b6,35,49,f0,30,11,ef,0c,\

a1,79,ce,c4,46,c6,eb,17,12,7b,cf,0f,e7,b5,d8,d8,4d,b8,6d,64,91,3d,be,d2,07,\

a9,ad,4b,da,08,2f,03,24,c6,0a,12,e4,89,7d,16,15,3d,35,79,9b,98,fd,e2,ef,b5,\

87,c2,fb,c1,b3,ad,66,fc,de,d4,b8,39,23,a5,31,c3,11,06,92,18,1e,d6,fb,bb,df,\

5e,44,68,14,bb,1b,91,43,23,42,99,b9,a6,d2,e8,6a,a7,06,ae,2a,92,41,ca,2e,c9,\

b8,f2,4f,2f,a4,07,ea,a2,d1,01,cd,86,d8,4f,cb,b0,09,b2,16,4a,9f,ea,86,de,ec,\

1f,08,a3,9a,3f,c5,e6,d1,02,ae,c2,36,4c,d7,4f,6c,19,58,f1,dd,8e,65,15,10,38,\

57,0c,39,a9,9f,47,ec,e9,cb,3b,7c,1f,28,82,85,77,77,e7,d2,49,ee,ca,fe,32,61,\

6c,c0,24,3b,17,1c,62,af,c7,a0,1f,10,bf,16,fd,18,1e,d4,c5,66,0c,33,9a,55,3a,\

c0,42,71,24,98,64,50,04,e0,5c,36,04,c9,a7,5d,73,51,52,a0,91,32,6b,8d,cd,e1,\

40,d9,ee,e1,e8,09,7f,91,00,11,59,fb,c3,e5,63,fe,2d,65,d6,33,b0,31,e0,27,f7,\

34,08,c6,0f,fd,0a,d5,8b,02,20,2b,b1,d1,c6,2c,c6,67,6e,6b,33,d4,86,b1,5e,82,\

b2,60,ef,9c,c9,0a,fc,e6,6a,af,65,83,bd,2c,e7,54,4a,a9,e3,ec,71,dc,51,97,fc,\

84,55,43,99,f6,40,92,e7,c6,cf,bc,6d,51,ac,d5,f9,1f,03,3c,56,f4,d1,d0,69,6f,\

42,89,96,f9,78,5e,88,bc,de,08,5d,35,ff,51,fc,8f,1a,c6,86,66,eb,91,2c,1a,d0,\

94,38,9a,ec,ea,42,23,ba,cc,83,d2,f1,5d,a9,39,69,35,d2,50,7d,b0,37,50,86,c5,\

4e,9a,d1,48,2b,8a,4a,68,bf,83,37,7d,fb,b4,df,dc,ef,b4,1f,7e,47,72,a5,a7,35,\

b3,70,cb,f6,c8,f9,94,63,85,51,75,ac,34,0d,9f,b0,31,44,2e,78,9d,95,c7,97,f4,\

29,78,2c,57,2b,3b,a9,87,9f,4a,65,d9,66,ce,05,99,86,70,5c,24,6e,1e,36,1a,08,\

ae,79,ee,b9,b3,b0,01,b0,a6,63,e4,e6,67,44,65,b1,57,2a,d6,83,8c,d9,75,39,d2,\

aa,5b,4a,c1,ae,49,de,22,9c,f6,fd,cc,b5,fb,e7,c9,6c,22,99,a9,e3,9c,72,dd,88,\

d3,34,41,18,46,e6,5f,0d,e9,0e,b4,fa,b1,49,52,33,6f,96,17,fb,d5,c8,c3,0b,70,\

8f,c8,da,fe,21,08,3b,a5,f6,3c,41,db,24,6c,d8,d3,48,cd,e6,6e,2d,99,9d,e3,19,\

be,24,47,1e,bb,5b,04,9f,75,08,f1,96,a4,03,f2,17,c2,ac,f0,06,05,c3,44,e4,98,\

d4,6a,7b,2f,71,22,70,dd,55,98,c5,fa,6e,85,1f,cd,12,aa,c3,81,54,2f,72,37,58,\

a2,8a,13,64,af,96,85,d8,ff,86,86,4a,24,73,c6,eb,72,0a,b5,82,e3,18,38,52,f4,\

35,53,5a,11,31,6e,0f,cf,69,65,19,dc,3c,6c,ed,6c,2b,0e,65,1d,49,dc,d1,f0,da,\

2d,3c,cf,67,f5,c4,bb,9a,3f,8e,c2,6b,ca,eb,f0,31,39,12,cd,47,3a,ed,7b,4d,89,\

4f,72,49,b8,7d,f2,0e,5b,19,07,df,50,e6,c9,88,87,cc,9a,96,b5,7e,b5,20,c9,08,\

8f,a1,08,7b,a0,4a,e1,c5,12,b7,6f,6e,60,6f,53,ae,4e,41,4e,53,06,c2,44,70,23,\

ec,32,2c,33,25,85,66,18,92,c8,9c,d3,d3,18,c3,ad,7a,04,a9,6f,7c,7f,21,da,8f,\

d7,50,38,ae,93,69,a9,4a,15,48,9e,03,e5,55,54,1b,eb,ad,bb,f3,26,70,ab,56,0e,\

74,9d,6f,d7,fd,1e,a6,67,1a,66,b1,e5,d3,d2,69,f4,d4,24,a6,9c,55,5c,3d,9d,d2,\

22,d7,58,09,bd,8e,e3,64,d0,d8,36,2f,bf,ea,cb,40,8b,e2,12,af,5d,f6,ed,27,50,\

0a,b3,8d,c6,91,9c,d2,db,cd,cd,58,5d,8f,5a,da,51,61,4b,a3,36,15,cb,21,30,7e,\

3b,f2,d4,3c,be,b8,a5,6e,03,59,5b,30,34,f0,90,b7,98,ba,9d,34,68,45,5c,b5,96,\

ad,bc,5e,0f,d2,f8,e1,3c,7c,7e,57,ee,5a,34,92,df,72,b8,38,0c,82,62,83,0f,b5,\

1c,58,bd,2f,f6,f9,90,7c,41,39,64,03,58,9f,a4,3e,fd,da,80,9f,56,67,0c,14,95,\

a1,53,0c,62,02,e2,2f,8f,84,3d,77,a6,07,11,77,bf,4e,2c,00,73,3a,0e,07,4f,1b,\

e6,d0,1e,79,5a,97,f8,cd,a8,32,fc,7b,53,0c,7e,c3,25,58,6c,cd,18,21,b5,58,b9,\

27,29,d2,f7,3c,f7,e8,f1,f6,26,9f,39,4a,a9,d7,f1,98,da,a0,11,d7,a5,cb,2c,52,\

eb,d3,bc,22,d8,4d,46,bc,66,c2,1a,31,af,04,52,5f,07,21,90,bc,7b,a9,7a,6c,bc,\

0d,57,65,89,19,5b,82,50,81,e3,f7,79,5d,e5,ed,fc,13,ea,96,cc,04,d0,83,76,15,\

fb,db,65,ec,a5,67,76,3b,b4,9f,27,c1,26,80,d4,08,e5,47,f4,16,f2,c8,40,65,01,\

ad,51,8c,7b,7c,44,cf,7b,d2,a9,42,6f,9f,64,f9,39,22,9b,85,22,b7,71,7f,a9,85,\

06,87,04,fa,60,ff,a5,96,59,6d,87,d3,82,ad,ea,25,a1,67,3f,1c,1d,d2,21,62,9f,\

3d,83,bd,7d,10,cc,f0,62,e8,1d,54,0e,c3,dd,7b,05,78,c1,15,1b,c9,bf,2e,10,9e,\

35,2e,da,b2,d2,8d,c4,be,b3,ae,10,ec,a7,55,55,2c,6b,b6,84,50,d0,66,6b,fa,fd,\

88,5f,39,5f,30,7b,9e,d8,08,ac,e4,a1,83,10,4b,55,98,a8,26,88,56,64,a5,be,1b,\

e2,e2,59,73,9d,2e,f2,94,ba,67,69,97,2f,f2,df,fd,d9,c6,57,cf,63,4d,de,fa,47,\

06,18,6f,91,47,a8,74,02,ac,1f,c1,ab,98,62,c0,1c,f9,42,e4,01,ad,4c,78,68,b8,\

30,4c,47,d5,2e,c1,78,fd,8a,ea,48,da,27,97,1c,ab,be,c5,7f,c0,97,21,4d,8a,65,\

fa,46,60,b1,a9,38,83,29,92,a6,16,0d,38,71,fc,21,ed,83,1c,7b,05,b4,19,2b,02,\

91,8d,1b,1f,95,fd,44,9c,cf,fd,ab,2c,c3,c3,cc,43,1a,f6,d8,dc,9f,7a,47,08,bc,\

a9,5e,28,99,5c,c4,91,87,c1,8c,60,04,b6,2e,e2,d3,81,57,29,e0,fa,b5,9d,11,7d,\

53,6a,32,fc,54,65,a4,39,00,79,e9,de,a1,64,2c,73,8e,03,c3,bb,b7,e9,49,dd,58,\

5d,5c,6c,4b,d4,4a,b0,f4,7d,4a,6e,9b,4a,25,a7,d2,b7,e6,cb,61,2b,a2,10,8f,77,\

7f,13,f8,25,93,77,dd,94,02,9e,58,41,e8,5f,e9,07,82,36,ed,ec,af,76,ab,f5,c6,\

85,ef,4f,de,c1,b0,90,4b,1f,50,57,23,84,a8,ac,70,8a,66,f6,45,33,c4,51,6c,91,\

7b,41,a4,b8,c4,d8,15,98,9c,ac,6a,13,6c,7b,0b,3e,20,7c,ee,7f,ae,e4,ad,50,fe,\

ac,7b,62,d3,ce,79,3a,e4,5f,6d,24,f1,05,b8,9d,2e,07,5a,bd,7c,aa,02,16,c5,04,\

a4,83,4a,59,a0,76,b7,cb,0b,d4,62,63,c1,2e,62,29,b9,90,4b,e7,c9,6a,d8,df,45,\

7c,3e,03,81,13,80,74,33,66,66,ec,03,60,d3,7e,30,4d,b0,c0,61,39,15,4a,42,16,\

97,1c,fb,60,8c,ae,c8,34,e9,a8,b2,f7,60,de,77,c9,d8,97,71,fb,8b,71,4f,2b,7b,\

63,06,dc,73,90,b0,88,a4,43,6e,34,53,f3,c4,ab,c8,f6,d1,df,8a,29,58,4e,5f,3d,\

17,f6,b4,7c,dd,8a,76,b8,a1,8a,e2,8a,90,80,27,d8,3b,37,77,ea,9e,8b,ac,34,db,\

4f,aa,56,ce,33,23,58,31,95,a2,a1,82,80,40,e9,02,b4,3f,6e,9b,6d,d0,43,e3,49,\

bb,88,cd,35,63,53,f3,45,b0,d7,51,09,8f,8c,c2,15,82,fb,2c,9a,ea,97,c2,a4,1f,\

ce,22,d1,ae,ef,ad,b1,72,1e,64,0b,59,d3,96,f4,90,ba,28,74,f1,e6,f2,48,77,69,\

4b,c6,cf,3e,c4,4f,7f,80,9c,51,b0,96,e7,05,34,53,b9,b9,7e,d5,fe,b5,32,1d,29,\

21,d2,77,06,68,84,f7,f6,67,ae,57,96,6e,d6,81,8d,d8,88,b8,43,8d,a7,a2,18,c7,\

9c,7e,46,a5,9f,f6,f3,ea,51,ea,83,87,da,24,7c,b4,03,77,ae,ce,cf,7a,cb,06,ea,\

cc,c6,9c,8b,26,f8,29,19,09,1a,5e,3b,e9,18,7e,81,2b,47,c5,b8,ce,2f,f0,70,9a,\

1d,58,de,47,62,be,00,b9,48,5f,b4,56,cb,8a,bb,08,2b,76,93,11,9a,0d,e3,1d,74,\

43,f9,9b,b8,36,aa,bd,01,54,9e,09,66,a4,f0,e5,f5,da,a3,c1,48,79,6d,18,d9,67,\

53,51,93,63,7f,0f,1d,1a,fc,41,23,ed,a9,73,f0,be,99

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(892)

c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\ZoneLabs\vsmon.exe

c:\programfiler\Lavasoft\Ad-Aware\aawservice.exe

c:\programfiler\Alwil Software\Avast4\aswUpdSv.exe

c:\programfiler\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\rundll32.exe

c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

c:\programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

c:\programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

c:\programfiler\Java\jre6\bin\jqs.exe

c:\programfiler\NetLimiter 2 Monitor\nlsvc.exe

c:\programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

c:\programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

c:\programfiler\NVIDIA Corporation\nTune\nTuneService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\PAStiSvc.exe

c:\windows\system32\wdfmgr.exe

c:\programfiler\NetLimiter 2 Monitor\NLClient.exe

c:\programfiler\Alwil Software\Avast4\ashMaiSv.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-01-07 5:36:45 - maskinen ble startet på nytt [user]

ComboFix-quarantined-files.txt 2009-01-07 04:36:42

 

Pre-Run: 10 780 848 128 byte ledig

Post-Run: 10,744,147,968 byte ledig

 

432 --- E O F --- 2008-04-17 21:33:59

 

 

 

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 05:41:52, on 07.01.2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Programfiler\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\Programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Documents and Settings\User\Skrivebord\utorrent.exe

C:\Programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\NetLimiter 2 Monitor\nlsvc.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\NetLimiter 2 Monitor\NLClient.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Documents and Settings\User\Skrivebord\Test11\Test11.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.69.147.43:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\User\Skrivebord\utorrent.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Monitor\nlsvc.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Programfiler\TVersity\Media Server\MediaServer.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 9294 bytes

 

 

 

Håper at noen finner ut av hva som er galt. Dette er meget ubehagelig..

[Gavekort]

Føler nokkon for å se på min HJT-logg?

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:55:16, on 07.01.2009

Platform: Windows Vista SP2, v.113 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.16497)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Hewlett-Packard\IAM\bin\asghost.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe

C:\Program Files (x86)\DNA\btdna.exe

C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

C:\Program Files (x86)\PDF Complete\pdfsty.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files (x86)\PDF Complete\pdfsty.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files (x86)\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"

O4 - HKCU\..\Run: [AccelerometerSysTrayApplet] "C:\Windows\system32\AccelerometerSt.Exe"

O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Startup: hamachi.lnk = C:\Program Files (x86)\Hamachi\hamachi.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O13 - Gopher Prefix:

O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: APSHook.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 16142 bytes

 

[hernil]

Er sagt før og sier det igjen, opprett egen tråd hvis dere vil ha hjelp.

[Adversary]

Våkna opp til dette i dag, virus eller ikke? fant svært lite om den på google.

Den kom ut av ingenting liksom. O.o

 

[raWrz]

lag en ny tråd med problemet ditt

[HLSolbjorg]

combofix og vista 64bit = >< Løsning?

Fant foressten en fyfy (bildet skal ikke kommenteres og er kun ment som postpynt)

Akkurat den samme fikk jeg!

 

Gjorde som guiden sa, og sletta den :S

 

LOGGER

[Kazaksan]

Hey, har hatt problemer med ekstrem treg eller ingen nett som tilfeldig kommer og går i løpet av de siste ukene.

 

Har prøvd deres tre programmer og loggende er som følger:

 

 

Malwarebytes' Anti-Malware 1.32

Database version: 1647

Windows 5.1.2600 Service Pack 3

 

12.01.2009 21:50:03

mbam-log-2009-01-12 (21-50-03).txt

 

Scan type: Quick Scan

Objects scanned: 74921

Time elapsed: 11 minute(s), 6 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

 

ComboFix 09-01-11.04 - admin 2009-01-12 21:52:43.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2036 [GMT 1:00]

Running from: c:\documents and settings\admin\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 090112-0] *On-access scanning disabled* (Updated)

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\install.exe

 

----- BITS: Possible infected sites -----

 

hxxp://lp2.patch.station.sony.com:7000

.

((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))

.

 

2009-01-12 21:38 . 2009-01-12 21:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-12 21:38 . 2009-01-12 21:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-12 21:38 . 2009-01-12 21:38 <DIR> d-------- c:\documents and settings\admin\Application Data\Malwarebytes

2009-01-12 21:38 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-12 21:38 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-11 14:34 . 2009-01-11 14:34 <DIR> d-------- c:\program files\Gameforge4D

2009-01-11 14:34 . 2004-05-10 12:14 118,272 --a------ c:\windows\system32\SX5363S.DLL

2009-01-11 14:34 . 2004-05-10 12:14 102,400 --a------ c:\windows\system32\RV32RTP.dll

2009-01-11 14:34 . 2004-05-10 12:15 40 --a------ c:\windows\system32\Sx5363.ini

2009-01-10 14:16 . 2009-01-10 14:16 <DIR> d-------- c:\program files\Atari

2008-12-29 18:29 . 2008-12-29 18:29 0 --a------ c:\windows\nsreg.dat

2008-12-23 23:03 . 2008-12-23 23:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink

2008-12-23 23:03 . 2008-12-23 23:03 <DIR> d-------- c:\documents and settings\admin\Application Data\CyberLink

2008-12-23 23:02 . 2008-12-23 23:02 <DIR> d-------- c:\program files\CyberLink

2008-12-23 23:02 . 2008-12-23 23:02 <DIR> d-------- c:\program files\Common Files\CyberLink

2008-12-23 23:02 . 2008-12-23 23:01 29,480 --a------ c:\windows\system32\msxml3a.dll

2008-12-23 23:01 . 2008-12-23 23:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Temp

2008-12-23 22:48 . 2008-12-23 22:48 <DIR> d-------- c:\program files\PowerISO

2008-12-23 21:45 . 2008-12-23 21:56 <DIR> d-------- C:\Unreal Anthology

2008-12-23 21:45 . 1997-07-19 17:00 315,585 --a------ c:\windows\system32\COMCTL32.ocx

2008-12-23 21:45 . 1997-07-19 17:01 118,781 --a------ c:\windows\system32\TABCTL32.ocx

2008-12-23 21:45 . 1998-01-24 03:39 110,725 --a------ c:\windows\system32\RICHTX32.ocx

2008-12-23 21:45 . 1995-07-26 01:00 98,588 --a------ c:\windows\system32\THREED32.ocx

2008-12-23 21:45 . 2005-11-13 22:40 89,360 --a------ c:\windows\system32\VB5DB.DLL

2008-12-23 21:45 . 1997-07-19 17:00 66,924 --a------ c:\windows\system32\COMDLG32.ocx

2008-12-23 21:45 . 1995-07-26 01:00 48,640 --a------ c:\windows\system32\GRID32.ocx

2008-12-23 21:45 . 1997-01-16 10:11 44,831 --a------ c:\windows\system32\PICCLP32.ocx

2008-12-23 21:45 . 1995-07-26 01:00 43,502 --a------ c:\windows\system32\MSOUTL32.ocx

2008-12-17 21:00 . 2008-12-17 21:00 <DIR> d-------- c:\program files\MagicISO

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-12 20:26 --------- d-----w c:\documents and settings\admin\Application Data\Hamachi

2009-01-11 15:39 --------- d-----w c:\program files\Warcraft III

2009-01-10 21:12 --------- d-----w c:\program files\FinePixViewer

2009-01-10 13:25 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-01-10 12:53 --------- d-----w c:\documents and settings\admin\Application Data\Mount&Blade

2008-12-23 22:02 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-20 18:38 31 ----a-w c:\documents and settings\admin\jagex_runescape_preferences.dat

2008-12-17 20:01 --------- d-----w c:\program files\Guitar Pro 5

2008-11-29 21:44 --------- d-----w c:\program files\Mount&Blade

2008-11-16 17:30 --------- d-----w c:\program files\WC3Banlist

2008-11-15 08:27 --------- d-----w c:\documents and settings\admin\Application Data\SPORE Creature Creator

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk

backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hamachi.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hamachi.lnk

backup=c:\windows\pss\hamachi.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Skyr@cer Pro PCI 154 Configuration Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Skyr@cer Pro PCI 154 Configuration Utility.lnk

backup=c:\windows\pss\Skyr@cer Pro PCI 154 Configuration Utility.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2008-07-17 14:50 2599224 c:\program files\BitComet\BitComet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2006-11-12 11:48 157592 c:\program files\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-05-16 13:01 13529088 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2008-05-16 13:01 86016 c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

--------- 2007-12-14 11:36 50472 c:\program files\CyberLink\PowerDVD8\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2007-01-20 08:09 200704 c:\program files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

--------- 2002-02-04 21:32 53248 c:\program files\REGSHAVE\REGSHAVE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

--------- 2008-03-20 20:23 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-05-16 13:01 1630208 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-03-21 07:49 16126464 c:\windows\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Codemasters\\Turning Point - Fall of Liberty\\Binaries\\LTCG-TPGame.exe"=

"c:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=

"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=

"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\game.dat"=

"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=

"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=

"c:\program files\Gameforge4D\AirRivals\Launcher.atm"= c:\program files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2

"c:\program files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe"= c:\program files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8736:TCP"= 8736:TCP:BitComet 8736 TCP

"8736:UDP"= 8736:UDP:BitComet 8736 UDP

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-22 111184]

R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-07-22 20560]

S3 ALLOW-IO;ALLOW-IO;\??\d:\allow-io.sys --> d:\ALLOW-IO.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8d8f7c3-5775-11dd-9414-806d6172696f}]

\Shell\AutoRun\command - D:\setup.exe /autorun

.

.

------- Supplementary Scan -------

.

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\9i1kyzyc.default\

FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-12 21:55:08

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2009-01-12 21:56:08

ComboFix-quarantined-files.txt 2009-01-12 20:56:06

 

Pre-Run: 277 210 734 592 bytes free

Post-Run: 278,867,050,496 bytes free

 

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

 

185 --- E O F --- 2008-09-05 22:13:33

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:57:29, on 12.01.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 5719 bytes

 

 

 

Mange takk!