Poster utskilt fra veiledertråden-2

[testuser]

Det skjer på alle sider, dagbladet.no, pcmnorge.no, nfl.com osv. Jeg har problemet på to pcer, denne og en XP, begge 32 bit. Jeg tror det var msn som smittet denne (vistaen), fordi det poppet opp like etter jeg hadde logget inn første gang.

[Potetåker123]

MBAM fil:

 

Malwarebytes' Anti-Malware 1.35

Databaseversjon: 1915

Windows 6.0.6001 Service Pack 1

 

29.03.2009 17:15:35

mbam-log-2009-03-29 (17-15-35).txt

 

Skanntype: Rask Skann

Objekter skannet: 61520

Tid tilbakelagt: 4 minute(s), 32 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 1

Filer infisert: 6

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\Program Files\POL (Keylogger.Ardamax) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\Program Files\POL\akv.cfg (Keylogger.Ardamax) -> Quarantined and deleted successfully.

C:\Program Files\POL\key.bin (Keylogger.Ardamax) -> Quarantined and deleted successfully.

C:\Program Files\POL\POL.001 (Keylogger.Ardamax) -> Quarantined and deleted successfully.

C:\Program Files\POL\POL.002 (Keylogger.Ardamax) -> Quarantined and deleted successfully.

C:\Program Files\POL\POL.005 (Keylogger.Ardamax) -> Quarantined and deleted successfully.

C:\Program Files\POL\POL.009 (Keylogger.Ardamax) -> Quarantined and deleted successfully.

 

 

HiJackThis fil:

[

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:17:16, on 10.03.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\WgaTray.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://one.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{5E92C6E7-141B-430B-8227-55CF0B99841B}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - 1\Norton\Norton2009Reset.exe (file missing)

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\Users\Admin\AppData\Local\Temp\F-Secure\BlackLight\fsblsrv.exe (file missing)

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe

 

--

End of file - 6745 bytes

 

 

Om du leser: HER! så vil det kanskje hjelpe meg/deg litt.

Endret 29. mars 2009 av MatiasMA

[norbat]

MatiasMA:

Forsøk og kjør en systemgjenoppretting til en dato før problemet oppsto. Tvilsomt at dette har med malware å gjøre (på tross av at malwarebyte tok en keylogger (som du antakelig har lagt inn selv? ) )

Endret 29. mars 2009 av norbat

[Potetåker123]

Ja, keyloggeren la jeg inn selv engang for lenge siden, og den har jeg fjernet også. MBAM fant tydeligvis noen rester.

 

Jeg kan prøve systemgjenoppretting igjen, men forrige gang jeg prøvde dette fikk jeg en eller annen error.. Jeg kan ta bilde om dette skjer igjen.

 

Takk, Norbat Bruker Avira Premium Security Suite nå, som så mange har anbefalt. Det funker!

[-Spartakus-]

Ved å konvertere til ntfs, så vil harddisk bli bedre utnyttet. I utgangspunktet er det ingen fare ved å foreta en konvertering, men det anbefales å ta backup av personlige data uansett.

 

Hvordan konvertere:

 

Klikk: start->kjør

Skriv: cmd

Fra ledetekst skriv følgende: convert c: /fs:ntfs

Hei.. har prøvd å konvertere harddisken min.. men når jeg har skrevet det du har skrevet at jeg skal skrive kommer det at jeg skal oppgi gjeldene volumetikett.. hva er det? hvor finner jeg det?

[Lucifer24]

Skriv dir rett i cmd. Første som kommer er volumet, altså navnet på disken. Står også i windows explorer

[Gjest Slettet-yJ8TyiQ9]

.

Endret 2. januar 2011 av Slettet-yJ8TyiQ9

[norbat]

opti1:

Loggen ser grei ut.

Du kan godt fixe følgende linjer:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O20 - AppInit_DLLs:

 

Var det bare en sjekk eller har mistanke om noe? Hvis, kjør gjennom veiledningen i 1.post og lag deg en ny tråd der du legge loggene.

[Rizzla]

Trenger hjelp for å friskmelde pc

https://www.diskusjon.no/index.php?showtopic=1096815

[Gjest Slettet-yJ8TyiQ9]

opti1:

Loggen ser grei ut.

Du kan godt fixe følgende linjer:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O20 - AppInit_DLLs:

 

Var det bare en sjekk eller har mistanke om noe? Hvis, kjør gjennom veiledningen i 1.post og lag deg en ny tråd der du legge loggene.

 

Var bare en sjekk for sikkerhetens skyld

[Gjest Slettet-yJ8TyiQ9]

Sorry for dobbelpost

 

Dette er loggen til pcen til mamma, vil du se igjennom denne også norbat? Igjen har jeg ikke mistanke om noe, men det skader ikke å sjekke.

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:02:30, on 12.04.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Avira\AntiVir Desktop\sched.exe

C:\Programfiler\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\Programfiler\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\HPQ\SHARED\HPQWMI.exe

C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Documents and Settings\Mette Kristine\Skrivebord\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [synTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=Q305&bd=pavilion&pf=laptop

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programfiler\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

 

--

End of file - 5376 bytes

 

 

 

 

[norbat]

opti1:

Ser grei ut

[Hagr]

Har fulgt guiden og her er min combofix-log.

 

ComboFix 09-04-14.09 - Administrator 14.04.2009 19:23.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.767.272 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

(((((((((((((((((((((((((   Files Created from 2009-03-14 to 2009-04-14  )))))))))))))))))))))))))))))))
.

2009-04-14 17:01 . 2009-04-06 13:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-04-14 17:01 . 2009-04-06 13:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 18:09 . 2009-04-13 18:09	--------	d-----w	c:\windows\Adobe® Flash® Player Plugin

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 17:14 . 2008-09-12 12:14	--------	d-----w	c:\documents and settings\Administrator\Application Data\uTorrent
2009-04-14 17:08 . 2008-09-10 14:19	--------	d-----w	c:\documents and settings\Administrator\Application Data\foobar2000
2009-04-14 17:01 . 2009-04-14 17:01	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-04-14 13:19 . 2009-04-14 13:19	--------	d-----w	c:\program files\HD Tune
2009-04-13 18:09 . 2009-04-13 18:09	--------	d-----w	c:\program files\Adobe® Flash® Player Plugin
2009-04-13 16:29 . 2008-09-25 11:22	--------	d-----w	c:\program files\Java
2009-03-19 02:05 . 2008-09-19 05:27	--------	d-----w	c:\program files\Microsoft SQL Server
2009-03-09 03:19 . 2009-01-04 17:18	410984	----a-w	c:\windows\system32\deploytk.dll
2009-02-09 11:13 . 2007-02-18 21:39	1846784	----a-w	c:\windows\system32\win32k.sys
2009-02-04 18:15 . 2008-07-30 19:50	10520	----a-w	c:\windows\system32\avgrsstx.dll
2008-10-27 06:19 . 2008-07-30 19:36	17280	----a-w	c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-07-30 18:49 . 2008-07-30 18:49	64200	----a-w	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"M-Audio Revo 5.1Taskbar Icon"="c:\windows\System32\Revo51Task.exe" [2008-03-18 229376]
"Revo51TaskbarApp"="c:\windows\system32\Revo51Task.exe" [2008-03-18 229376]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"D-Link AirPlus G DWL-G510"="c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-02 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-9-17 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-25 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42	72208	----a-w	c:\program files\common files\logitech\bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-04 18:15	10520	----a-w	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
2006-07-26 12:48	3305472	----a-w	c:\program files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 16:54	5674352	----a-w	c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2006-09-09 09:16	196608	----a-w	c:\program files\PowerISO\PWRISOVM.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

R3 SetupNTGLM7X;SetupNTGLM7X; [x]
R3 TVService;TVService;c:\program files\Team MediaPortal\MediaPortal TV Server\TVService.exe [2008-07-17 184320]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-04 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-02-04 107272]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-04 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-05-02 38176]
S3 REVO51;REVO51;c:\windows\system32\DRIVERS\revo51.sys [2008-03-18 137344]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/no/
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 19:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-920026266-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9d,3c,34,f2,00,4e,b2,01,38,08,aa,87,e3,43,2b,a1,ef,9d,81,52,35,07,cb,
  86,3f,15,a3,8c,f2,f5,b1,f2,10,68,27,35,61,0a,1f,07,da,01,4f,9a,47,f5,c1,4f,\
"??"=hex:fb,31,c3,dc,cf,2d,a1,0d,24,b9,9d,7a,fb,21,e2,75
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2796)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt  2009-04-14 17:25
ComboFix2.txt  2009-04-14 17:13

Pre-Run: 66 223 919 104 bytes free
Post-Run: 66 209 513 472 bytes free

132	--- E O F ---	2009-03-22 02:01

 

referanse: https://www.diskusjon.no/index.php?showtopi...;#entry13525751

 

Er det noen som kan lese noe fornuftig utifra dette?

 

Harald

[norbat]

Hagr:

Loggen ser grei ut.

[zoomzoom]

 

ComboFix 09-04-15.08 - eier 15.04.2009 14:59.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.958.363 [GMT 2:00]

Kjører fra: c:\users\eier\Desktop\ComboFix.exe

AV: F-Secure Client Security 7.12 *On-access scanning disabled* (Updated)

FW: F-Secure Client Security 7.12 *disabled*

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-15 til 2009-04-15 )))))))))))))))))))))))))))))))))

.

 

2009-04-09 09:01 . 2009-04-09 09:01 680 ----a-w c:\users\eier\AppData\Local\d3d9caps.dat

2009-03-23 09:53 . 2008-05-27 05:17 1671680 ----a-w c:\windows\system32\chsbrkr.dll

2009-03-23 09:53 . 2008-05-27 05:17 6103040 ----a-w c:\windows\system32\chtbrkr.dll

2009-03-23 09:53 . 2008-05-27 05:18 184832 ----a-w c:\windows\system32\SearchProtocolHost.exe

2009-03-23 09:53 . 2008-05-27 05:18 439808 ----a-w c:\windows\system32\SearchIndexer.exe

2009-03-23 09:53 . 2008-05-27 05:21 1418240 ----a-w c:\windows\system32\mssrch.dll

2009-03-23 09:53 . 2008-05-27 05:21 1582592 ----a-w c:\windows\system32\tquery.dll

2009-03-23 09:53 . 2008-05-27 05:18 670208 ----a-w c:\windows\system32\mssvp.dll

2009-03-23 09:53 . 2008-05-27 05:18 203776 ----a-w c:\windows\system32\mssphtb.dll

2009-03-23 09:53 . 2008-05-27 05:18 350208 ----a-w c:\windows\system32\mssph.dll

2009-03-22 12:36 . 2009-03-22 12:36 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-03-21 23:12 . 2009-03-21 23:12 -------- d-----w C:\PerfLogs

2009-03-19 17:11 . 2008-01-19 07:36 634880 ----a-w c:\windows\system32\localspl.dll

2009-03-19 17:10 . 2008-01-19 07:36 107008 ----a-w c:\windows\system32\rdpwsx.dll

2009-03-19 17:09 . 2008-01-19 07:36 274944 ----a-w c:\windows\system32\srrstr.dll

2009-03-19 17:08 . 2008-01-19 07:41 35384 ----a-w c:\windows\system32\drivers\kbdclass.sys

2009-03-19 17:07 . 2008-01-19 07:36 777216 ----a-w c:\windows\system32\slcc.dll

2009-03-19 17:06 . 2008-01-19 07:36 77824 ----a-w c:\windows\system32\odbccr32.dll

2009-03-19 17:05 . 2008-01-05 11:34 15181 ----a-w c:\windows\system32\gatherWirelessInfo.vbs

2009-03-19 17:05 . 2008-01-05 11:22 144909 ----a-w c:\windows\system32\fsmgmt.msc

2009-03-19 17:05 . 2008-01-05 11:39 150 ----a-w c:\windows\system32\RacUREx.xml

2009-03-19 17:05 . 2008-01-05 11:31 3 ----a-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf

2009-03-19 17:05 . 2008-01-05 11:31 145455 ----a-w c:\windows\system32\perfmon.msc

2009-03-19 17:05 . 2008-01-19 07:33 599552 ----a-w c:\windows\system32\vsp1cln.exe

2009-03-19 17:04 . 2008-01-19 07:36 357888 ----a-w c:\windows\system32\wbemcomn.dll

2009-03-19 17:03 . 2008-01-19 07:36 129536 ----a-w c:\windows\system32\sqmapi.dll

2009-03-19 17:03 . 2008-01-19 07:36 139264 ----a-w c:\windows\system32\SmiInstaller.dll

2009-03-19 17:03 . 2008-01-19 07:36 704512 ----a-w c:\windows\system32\SmiEngine.dll

2009-03-19 17:03 . 2008-01-19 07:36 218624 ----a-w c:\windows\system32\wdscore.dll

2009-03-19 17:03 . 2008-01-19 07:33 130560 ----a-w c:\windows\system32\PkgMgr.exe

2009-03-19 17:01 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll

2009-03-19 17:01 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll

2009-03-19 17:01 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll

2009-03-19 17:01 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll

2009-03-18 07:49 . 2009-03-18 07:49 269312 ----a-w c:\windows\system32\es.dll

2009-03-17 08:34 . 2009-03-18 17:33 -------- d-----w c:\users\eier\AppData\Local\Adobe

2009-03-16 19:14 . 2009-03-16 19:14 61440 ----a-w c:\windows\system32\winipsec.dll

2009-03-16 19:14 . 2009-03-16 19:14 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll

2009-03-16 19:14 . 2009-03-16 19:14 361984 ----a-w c:\windows\system32\IPSECSVC.DLL

2009-03-16 19:14 . 2009-03-16 19:14 272896 ----a-w c:\windows\system32\polstore.dll

2009-03-16 19:13 . 2009-03-16 19:13 1820 ----a-w c:\windows\system32\rasctrnm.h

2009-03-16 19:11 . 2009-03-16 19:11 94720 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll

2009-03-16 19:11 . 2009-03-16 19:11 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll

2009-03-16 19:11 . 2009-03-16 19:11 160768 ----a-w c:\windows\system32\PortableDeviceTypes.dll

2009-03-16 19:04 . 2009-03-16 19:04 827392 ----a-w c:\windows\system32\wininet.dll

2009-03-16 19:03 . 2009-03-16 19:03 1383424 ----a-w c:\windows\system32\mshtml.tlb

2009-03-16 18:55 . 2009-03-16 18:55 296960 ----a-w c:\windows\system32\gdi32.dll

2009-03-16 18:52 . 2009-03-16 18:52 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys

2009-03-16 18:50 . 2009-03-16 18:50 28672 ----a-w c:\windows\system32\Apphlpdm.dll

2009-03-16 18:50 . 2009-03-16 18:50 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll

2009-03-16 18:50 . 2009-03-16 18:50 1695744 ----a-w c:\windows\system32\gameux.dll

2009-03-16 18:49 . 2009-03-16 18:49 303616 ----a-w c:\windows\system32\wmpeffects.dll

2009-03-16 18:47 . 2009-03-16 18:47 2048 ----a-w c:\windows\system32\msxml3r.dll

2009-03-16 18:47 . 2009-03-16 18:47 1191936 ----a-w c:\windows\system32\msxml3.dll

2009-03-16 18:38 . 2009-03-16 18:38 2048 ----a-w c:\windows\system32\tzres.dll

2009-03-16 18:36 . 2009-03-16 18:36 428544 ----a-w c:\windows\system32\EncDec.dll

2009-03-16 18:36 . 2009-03-16 18:36 177664 ----a-w c:\windows\system32\mpg2splt.ax

2009-03-16 18:36 . 2009-03-16 18:36 80896 ----a-w c:\windows\system32\MSNP.ax

2009-03-16 18:36 . 2009-03-16 18:36 69632 ----a-w c:\windows\system32\Mpeg2Data.ax

2009-03-16 18:36 . 2009-03-16 18:36 57856 ----a-w c:\windows\system32\MSDvbNP.ax

2009-03-16 18:36 . 2009-03-16 18:36 293376 ----a-w c:\windows\system32\psisdecd.dll

2009-03-16 18:36 . 2009-03-16 18:36 217088 ----a-w c:\windows\system32\psisrndr.ax

2009-03-16 18:34 . 2009-03-16 18:34 8147456 ----a-w c:\windows\system32\wmploc.DLL

2009-03-16 18:34 . 2009-03-16 18:34 7680 ----a-w c:\windows\system32\spwmp.dll

2009-03-16 18:34 . 2009-03-16 18:34 4096 ----a-w c:\windows\system32\msdxm.ocx

2009-03-16 18:34 . 2009-03-16 18:34 4096 ----a-w c:\windows\system32\dxmasf.dll

2009-03-16 18:28 . 2009-03-16 18:28 2927104 ----a-w c:\windows\explorer.exe

2009-03-16 18:22 . 2009-03-16 18:22 1793536 ----a-w c:\windows\system32\NlsLexicons0045.dll

2009-03-16 18:22 . 2009-03-16 18:22 1808896 ----a-w c:\windows\system32\NlsLexicons0046.dll

2009-03-16 18:22 . 2009-03-16 18:22 1558016 ----a-w c:\windows\system32\NlsLexicons0049.dll

2009-03-16 18:22 . 2009-03-16 18:22 1411072 ----a-w c:\windows\system32\NlsLexicons0047.dll

2009-03-16 18:22 . 2009-03-16 18:22 1236992 ----a-w c:\windows\system32\NlsLexicons0020.dll

2009-03-16 18:22 . 2009-03-16 18:22 2136064 ----a-w c:\windows\system32\NlsLexicons0021.dll

2009-03-16 18:22 . 2009-03-16 18:22 1782272 ----a-w c:\windows\system32\NlsLexicons0039.dll

2009-03-16 18:17 . 2009-03-16 18:17 6656 ----a-w c:\windows\system32\kbd106n.dll

2009-03-16 18:17 . 2009-03-16 18:17 927288 ----a-w c:\windows\system32\winresume.exe

2009-03-16 18:17 . 2009-03-16 18:17 988216 ----a-w c:\windows\system32\winload.exe

2009-03-16 18:17 . 2009-03-16 18:17 40960 ----a-w c:\windows\system32\srclient.dll

2009-03-16 18:17 . 2009-03-16 18:17 378368 ----a-w c:\windows\system32\srcore.dll

2009-03-16 18:17 . 2009-03-16 18:17 318464 ----a-w c:\windows\system32\rstrui.exe

2009-03-16 18:17 . 2009-03-16 18:17 14848 ----a-w c:\windows\system32\srdelayed.exe

2009-03-16 18:17 . 2009-03-16 18:17 46592 ----a-w c:\windows\system32\setbcdlocale.dll

2009-03-16 18:17 . 2009-03-16 18:17 19000 ----a-w c:\windows\system32\kd1394.dll

2009-03-16 18:17 . 2009-03-16 18:17 615992 ----a-w c:\windows\system32\ci.dll

2009-03-16 18:12 . 2009-03-16 18:12 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll

2009-03-16 18:12 . 2009-03-16 18:12 712704 ----a-w c:\windows\system32\WindowsCodecs.dll

2009-03-16 18:12 . 2009-03-16 18:12 347136 ----a-w c:\windows\system32\WindowsCodecsExt.dll

2009-03-16 18:07 . 2009-03-16 18:07 37888 ----a-w c:\windows\system32\printcom.dll

2009-03-16 18:07 . 2009-03-16 18:07 443392 ----a-w c:\windows\system32\win32spl.dll

2009-03-16 18:06 . 2009-03-16 18:06 14848 ----a-w c:\windows\system32\wshrm.dll

2009-03-16 18:06 . 2009-03-16 18:06 113664 ----a-w c:\windows\system32\drivers\rmcast.sys

2009-03-16 18:04 . 2009-03-16 18:04 288768 ----a-w c:\windows\system32\drivers\srv.sys

2009-03-16 18:02 . 2009-03-16 18:02 268288 ----a-w c:\windows\system32\schannel.dll

2009-03-16 17:49 . 2009-03-16 17:49 622080 ----a-w c:\windows\system32\icardagt.exe

2009-03-16 17:49 . 2009-03-16 17:49 11264 ----a-w c:\windows\system32\icardres.dll

2009-03-16 17:49 . 2009-03-16 17:49 97800 ----a-w c:\windows\system32\infocardapi.dll

2009-03-16 17:49 . 2009-03-16 17:49 37384 ----a-w c:\windows\system32\infocardcpl.cpl

2009-03-16 17:49 . 2009-03-16 17:49 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-03-16 17:49 . 2009-03-16 17:49 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll

2009-03-16 17:49 . 2009-03-16 17:49 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll

2009-03-16 17:49 . 2009-03-16 17:49 326160 ----a-w c:\windows\system32\PresentationHost.exe

2009-03-16 17:39 . 2009-03-16 17:41 32768 ----a-w c:\windows\ocsetup_cbs_install_NetFx3.perf

2009-03-16 17:39 . 2009-03-16 17:41 16384 ----a-w c:\windows\ocsetup_cbs_install_NetFx3.dpx

2009-03-16 17:39 . 2009-03-16 17:41 17416192 ----a-w c:\windows\ocsetup_install_NetFx3.etl

2009-03-16 17:36 . 2009-03-16 17:36 96760 ----a-w c:\windows\system32\dfshim.dll

2009-03-16 17:36 . 2009-03-16 17:36 41984 ----a-w c:\windows\system32\netfxperf.dll

2009-03-16 17:36 . 2009-03-16 17:36 282112 ----a-w c:\windows\system32\mscoree.dll

2009-03-16 17:36 . 2009-03-16 17:36 83968 ----a-w c:\windows\system32\mscories.dll

2009-03-16 17:36 . 2009-03-16 17:36 158720 ----a-w c:\windows\system32\mscorier.dll

2009-03-16 17:28 . 2009-03-16 17:28 2868736 ----a-w c:\windows\system32\mf.dll

2009-03-16 17:28 . 2009-03-16 17:28 98816 ----a-w c:\windows\system32\mfps.dll

2009-03-16 17:28 . 2009-03-16 17:28 53248 ----a-w c:\windows\system32\rrinstaller.exe

2009-03-16 17:28 . 2009-03-16 17:28 24576 ----a-w c:\windows\system32\mfpmp.exe

2009-03-16 17:28 . 2009-03-16 17:28 2048 ----a-w c:\windows\system32\mferror.dll

2009-03-16 17:28 . 2009-03-16 17:28 996352 ----a-w c:\windows\system32\WMNetMgr.dll

2009-03-16 17:28 . 2009-03-16 17:28 94720 ----a-w c:\windows\system32\logagent.exe

2009-03-16 17:27 . 2009-03-16 17:27 84480 ----a-w c:\windows\system32\INETRES.dll

2009-03-16 17:27 . 2009-03-16 17:27 738304 ----a-w c:\windows\system32\inetcomm.dll

2009-03-16 17:27 . 2009-03-16 17:27 1645568 ----a-w c:\windows\system32\connect.dll

2009-03-16 17:27 . 2009-03-16 17:27 1314816 ----a-w c:\windows\system32\quartz.dll

2009-03-16 17:27 . 2009-03-16 17:27 2033152 ----a-w c:\windows\system32\win32k.sys

2009-03-16 17:26 . 2009-03-16 17:26 3601464 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-16 17:26 . 2009-03-16 17:26 3549240 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-16 17:26 . 2009-03-16 17:26 2048 ----a-w c:\windows\system32\msxml6r.dll

2009-03-16 17:26 . 2009-03-16 17:26 1334272 ----a-w c:\windows\system32\msxml6.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-15 12:57 . 2006-01-01 17:23 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2009-04-15 12:57 . 2006-01-01 17:23 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2009-04-15 12:57 . 2006-01-01 17:23 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2009-04-15 11:57 . 2009-04-15 11:57 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

2009-04-15 11:57 . 2009-04-15 11:57 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

2009-04-08 12:06 . 2006-11-21 05:16 459462 ----a-w c:\windows\System32\perfh014.dat

2009-04-08 12:06 . 2006-11-21 05:16 79722 ----a-w c:\windows\System32\perfc014.dat

2009-03-26 18:50 . 2006-01-01 01:25 -------- d-----w c:\program files\Common Files\Adobe

2009-03-21 23:27 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2009-03-21 23:24 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat

2009-03-21 23:24 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat

2009-03-21 23:24 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat

2009-03-21 23:17 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar

2009-03-21 23:17 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar

2009-03-21 23:17 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-03-21 23:17 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery

2009-03-21 23:17 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal

2009-03-21 23:17 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration

2009-03-21 23:17 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender

2009-03-21 23:12 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat

2009-03-21 16:58 . 2006-11-02 10:32 101888 ----a-w c:\windows\System32\ifxcardm.dll

2009-03-21 16:58 . 2006-11-02 10:32 82432 ----a-w c:\windows\System32\axaltocm.dll

2009-03-16 18:50 . 2009-03-16 18:50 2560 ----a-w c:\windows\AppPatch\AcRes.dll

2009-03-16 18:50 . 2009-03-16 18:50 2154496 ----a-w c:\windows\AppPatch\AcGenral.dll

2009-03-16 18:50 . 2009-03-16 18:50 460288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2009-03-16 18:50 . 2009-03-16 18:50 541696 ----a-w c:\windows\AppPatch\AcLayers.dll

2009-03-16 18:50 . 2009-03-16 18:50 52736 ----a-w c:\windows\AppPatch\iebrshim.dll

2009-03-16 18:50 . 2009-03-16 18:50 173056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2009-03-16 18:22 . 2009-03-16 18:21 5499904 ----a-w c:\windows\System32\NlsLexicons0022.dll

2009-03-16 17:26 . 2009-03-16 17:26 -------- d-----w c:\program files\MSXML 4.0

2009-03-16 16:57 . 2009-03-16 16:55 -------- d-----w c:\program files\F-Secure

2009-03-16 16:42 . 2006-01-01 01:48 -------- d-----w c:\program files\Java

2009-03-16 16:29 . 2006-01-01 01:00 -------- d-----w c:\programdata\Symantec

2009-03-16 16:29 . 2006-01-01 00:59 -------- d-----w c:\program files\Common Files\Symantec Shared

2006-01-01 17:38 . 2006-01-01 17:38 83432 ----a-w c:\users\eier\AppData\Local\GDIPFONTCACHEV1.DAT

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-28 176128]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-16 136600]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-06-19 182936]

"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-06-19 895584]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-26 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-26 7770112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-26 81920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{8FAD0BB9-6B92-46A0-B9F0-C9036904AED9}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{93526802-E298-44C0-84F7-E30AA7369D80}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{BF221A29-0772-4E69-AE7F-CCE7FF5B5D1B}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-06-19 39776]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-06-19 25184]

S1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure\HIPS\fshs.sys [2008-06-19 70752]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-06-19 34720]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-06-19 68736]

S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2008-06-19 12896]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-06-19 72288]

S3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2004-07-30 91830]

 

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.google.no/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=73&bd=PRESARIO&pf=laptop

LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-15 15:03

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-04-15 15:05

ComboFix-quarantined-files.txt 2009-04-15 13:05

 

Pre-Run: 75 511 218 176 byte ledig

Post-Run: 75 593 625 600 byte ledig

 

246 --- E O F --- 2009-04-14 09:03

 

 

 

Kunne noen sett gjennom denne? Min kjære lillesøster har en rekke dumme venner som trykker på linker, og nå flyter maskinen over av meldinger. Vi vet dog ikke om vi har blitt smittet enda, selv om jeg har truet med å brenne vekk fingeravtrykkene på alle fingerne hennes om hun trykket på dem

[Fin Skjorte]

@zoomzoom: Gjør som førsteposten i denne tråden sier og opprett egen tråd, som fremhevet!

 

Når du har gjennomført veiledningen under, oppretter du din egen tråd der du legger loggene. Det gjør du ved å velge 'Nytt Emne'-knappen. Det er viktig at du oppretter egen tråd da support ikke foretas i denne tråden.

[zoomzoom]

Jeg skulle ta en sånn liten spansk en, siden jeg så at andre hadde lagt ut loggen sin her jeg, ama. Men da skal jeg ræke meg til å lage en egen tråd.

[Vooon]

 

Malwarebytes' Anti-Malware 1.36

Databaseversjon: 1992

Windows 5.1.2600 Service Pack 2

 

17.04.2009 14:41:51

mbam-log-2009-04-17 (14-41-51).txt

 

Skanntype: Rask Skann

Objekter skannet: 63389

Tid tilbakelagt: 3 minute(s), 17 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:58:33, on 17.04.2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\Launch Manager\LaunchAp.exe

C:\Programfiler\Launch Manager\HotkeyApp.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Programfiler\Launch Manager\OSD.exe

C:\Programfiler\Launch Manager\Wbutton.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\D-Tools\daemon.exe

C:\Programfiler\Creative\Mouse Optical\mouse_2k.exe

C:\windows\hffext\hffsrv.exe

C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe

C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe

C:\Programfiler\Rainlendar2\Rainlendar2.exe

C:\Programfiler\Wallpaper Cycle\Change Wallpaper.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Programfiler\Winamp\winamp.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

E:\DC\HJ\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programfiler\Free Download Manager\iefdmcks.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LaunchAp] C:\Programfiler\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [HotkeyApp] C:\Programfiler\Launch Manager\HotkeyApp.exe

O4 - HKLM\..\Run: [CtrlVol] C:\Programfiler\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [LMgrOSD] C:\Programfiler\Launch Manager\OSD.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [CreativeMouse ] C:\Programfiler\Creative\Mouse Optical\mouse_2k.exe

O4 - HKLM\..\Run: [HFFSRV] c:\windows\hffext\hffsrv.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [Rainlendar2] C:\Programfiler\Rainlendar2\Rainlendar2.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Change Wallpaper.lnk = C:\Programfiler\Wallpaper Cycle\Change Wallpaper.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178178447161

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Google Update Service (gupdate1c98c42cd584610) (gupdate1c98c42cd584610) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe

 

--

End of file - 6132 bytes

 

 

 

Noen som har mulighet til å ta en titt på dette? Jeg sliter med ganske heavy lagging nå og da, spesielt når laptopen loader ikonene på skrivebordet, eller i en mappe, den ser også ut til å lagge en del når jeg forsøker å kjøre .exe-filer og windows-advarsel boksene kommer opp.

Jeg har tidligere kjørt processxp for å se om det er noe som suger minne eller cpu, så ikke noe unormalt.

[norbat]

Vooon:

Opprett en egen tråd der du legger loggene (klikk Nytt Emne-knappen). Denne tråden benyttes ikke til support

[Gjest Slettet-yJ8TyiQ9]

XPert Antivirus er også et falskt antivirus program.

 

Fant den på pcen til onkelen min, men fikk fjernet den.