hjelp med logg.pc slår seg av

[enga007]

Combofix log

 

 

Some hidden text

ComboFix 10-03-26.02 - netshop 26.03.2010 22:29:27.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.3327.2353 [GMT 1:00]

Kjører fra: c:\documents and settings\netshop\Skrivebord\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\netshop\Cookies\[email protected][2].txt

c:\documents and settings\netshop\eula.txt

c:\recycler\S-1-5-21-1465504553-321656348-4116555487-1004

c:\recycler\S-1-5-21-3074720433-4149045496-1517072548-1004

c:\windows\admintxt.txt

c:\windows\system32\hkjRBcdd.ini

c:\windows\system32\jbodgqsq.ini

c:\windows\system32\mpoqqqss.ini

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-02-26 til 2010-03-26 )))))))))))))))))))))))))))))))))

.

 

2010-03-26 18:49 . 2010-03-26 18:49 -------- d-----w- c:\documents and settings\netshop\Programdata\Malwarebytes

2010-03-26 18:48 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-26 18:48 . 2010-03-26 18:48 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2010-03-26 18:48 . 2010-03-26 19:21 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-03-26 18:48 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-25 19:47 . 2010-03-25 19:47 -------- d-----w- c:\programfiler\iPod

2010-03-25 19:47 . 2010-03-25 19:48 -------- d-----w- c:\programfiler\iTunes

2010-03-12 17:23 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-03-10 11:25 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-26 21:39 . 2007-03-02 17:16 -------- d-----w- c:\documents and settings\netshop\Programdata\Skype

2010-03-25 19:47 . 2007-12-15 20:48 -------- d-----w- c:\programfiler\Fellesfiler\Apple

2010-03-25 19:42 . 2010-03-25 19:42 72488 ----a-w- c:\documents and settings\All Users\Programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-03-25 19:41 . 2009-07-02 16:13 -------- d-----w- c:\programfiler\Safari

2010-03-25 19:38 . 2010-03-25 19:38 79144 ----a-w- c:\documents and settings\All Users\Programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2010-03-24 08:53 . 2006-09-05 19:05 -------- d-----w- c:\programfiler\Opera

2010-03-13 15:42 . 2007-02-26 21:41 -------- d-----w- c:\programfiler\Lx_cats

2010-03-07 17:36 . 2009-07-05 16:35 350544 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-03-07 17:36 . 2009-07-05 16:35 303456 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-03-01 17:43 . 2009-07-05 16:35 315736 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-03-01 17:43 . 2009-07-05 16:35 25440 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll

2010-03-01 17:43 . 2009-07-05 21:14 15688 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-01 17:43 . 2009-07-05 16:35 15688 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe

2010-03-01 17:43 . 2009-07-05 16:35 173408 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-03-01 17:41 . 2009-07-05 16:35 89952 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll

2010-03-01 17:41 . 2009-07-05 16:35 1630560 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\Resources.dll

2010-03-01 17:40 . 2009-07-05 16:35 254832 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-03-01 17:40 . 2009-07-05 16:35 45408 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-03-01 17:40 . 2009-07-05 16:35 671592 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-03-01 17:39 . 2009-09-21 16:36 3701760 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

2010-03-01 17:39 . 2009-07-05 16:35 566648 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-03-01 17:38 . 2009-07-05 16:35 567144 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-03-01 17:38 . 2009-07-05 16:35 2357064 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-03-01 17:38 . 2009-07-05 16:35 524632 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-03-01 17:37 . 2009-07-05 16:35 1029456 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-02-23 18:29 . 2010-02-23 18:28 -------- d-----w- c:\programfiler\NVIDIA Corporation

2010-02-23 18:28 . 2010-02-23 18:28 -------- d-----w- c:\documents and settings\All Users\Programdata\NVIDIA Corporation

2010-02-22 17:13 . 2010-02-22 16:52 -------- d-----w- c:\documents and settings\netshop\Programdata\Mount&Blade

2010-02-19 07:09 . 2006-09-05 20:17 -------- d-----w- c:\programfiler\McAfee

2010-02-10 11:56 . 2008-06-01 16:50 -------- d-----w- c:\programfiler\DC++

2010-01-30 18:47 . 2010-01-30 18:47 -------- d-----w- c:\documents and settings\All Users\Programdata\Cabela's Trophy Bucks Saves

2010-01-29 18:55 . 2010-01-29 18:55 -------- d-----w- c:\documents and settings\All Users\Programdata\WOP

2010-01-29 13:49 . 2007-03-02 17:15 -------- d-----w- c:\programfiler\Google

2010-01-26 19:02 . 2008-07-31 18:30 -------- d-----w- c:\programfiler\Fellesfiler\Adobe

2010-01-22 15:35 . 2010-01-22 15:40 38784 ----a-w- c:\documents and settings\netshop\Programdata\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-01-22 15:35 . 2010-01-22 15:37 38784 ----a-w- c:\documents and settings\Default User\Programdata\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll

2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-30 11:43 . 2007-04-18 17:31 138736 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-12-30 11:42 . 2007-04-18 17:31 188968 ----a-w- c:\windows\system32\PnkBstrB.exe

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="d:\steam\steam.exe" [2010-02-20 1217872]

"Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2007-02-22 25388584]

"Orb"="c:\programfiler\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]

"SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-06 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]

"WinampAgent"="c:\programfiler\Winamp\winampa.exe" [2008-01-15 37376]

"mcagent_exe"="c:\programfiler\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]

"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]

"Ad-Watch"="c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-11-10 417792]

"AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2010-02-15 141608]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^netshop^Start-meny^Programmer^Oppstart^AutoStart IR.lnk]

path=c:\documents and settings\netshop\Start-meny\Programmer\Oppstart\AutoStart IR.lnk

backup=c:\windows\pss\AutoStart IR.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^netshop^Start-meny^Programmer^Oppstart^OpenOffice.org 1.1.3.lnk]

path=c:\documents and settings\netshop\Start-meny\Programmer\Oppstart\OpenOffice.org 1.1.3.lnk

backup=c:\windows\pss\OpenOffice.org 1.1.3.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-01-15 15:14 147456 -c--a-w- c:\programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 14:40 155648 -c--a-w- c:\programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-01-12 01:01 32768 -c--a-w- c:\programfiler\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]

2005-02-25 14:54 131072 -c--a-w- c:\programfiler\Multimedia Card Reader\shwicon2k.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMP54Gv4SVC"=2 (0x2)

"NBService"=3 (0x3)

"gusvc"=3 (0x3)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"d:\\Spill\\hl.exe"=

"c:\\Programfiler\\Electronic Arts\\Battlefield 2142\\BF2142Pace.exe"=

"c:\\Programfiler\\Opera\\Opera.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Programfiler\\DC++\\DCPlusPlus.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\StubInstaller.exe"=

"c:\\Programfiler\\Fellesfiler\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"d:\\Steam\\Steam\\steamapps\\common\\football manager 2009\\fm.exe"=

"d:\\Steam\\steamapps\\common\\sid meier's civilization iv\\Civilization4.exe"=

"d:\\Steam\\steamapps\\common\\medieval ii total war\\Launcher.exe"=

"d:\\Steam\\steamapps\\common\\risk 2\\RiskII.exe"=

"d:\\Steam\\steamapps\\common\\wings of prey demo\\launcher.exe"=

"d:\\Steam\\steamapps\\common\\railroad tycoon 2 platinum\\RT2_PLAT.EXE"=

"d:\\Steam\\steamapps\\common\\cabela's trophy bucks\\Bin\\Ctb.exe"=

"d:\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=

"d:\\Steam\\steamapps\\common\\battlefield 2\\BF2.exe"=

"d:\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=

"d:\\Steam\\steamapps\\common\\company of heroes\\help.htm"=

"d:\\Steam\\steam.exe"=

"d:\\Steam\\steamapps\\common\\mount and blade\\runme.exe"=

"d:\\Steam\\steamapps\\common\\football manager 2010\\fm.exe"=

"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"22471:TCP"= 22471:TCP:BitComet 22471 TCP

"22471:UDP"= 22471:UDP:BitComet 22471 UDP

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [05.07.2009 17:36 64160]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [02.06.2009 18:52 130936]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [09.03.2009 20:06 1029456]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programfiler\McAfee\SiteAdvisor\McSACore.exe [11.09.2008 15:32 203280]

R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\hcw848nt.sys [30.08.2006 10:09 140440]

S2 gupdate1ca16c184a10608;Googles oppdateringstjeneste (gupdate1ca16c184a10608);c:\programfiler\Google\Update\GoogleUpdate.exe [06.08.2009 19:12 133104]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [11.07.2006 08:03 84608]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26.03.2010 19:48 38224]

S3 sdAuxService;PC Tools Auxiliary Service;c:\programfiler\Spyware Doctor\pctsAuxs.exe [02.06.2009 18:51 348752]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [11.09.2008 17:04 40448]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2010-03-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 17:38]

 

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-03-26 c:\windows\Tasks\Google Software Updater.job

- c:\programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-26 18:11]

 

2010-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-08-06 18:12]

 

2010-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-08-06 18:12]

 

2009-11-15 c:\windows\Tasks\McDefragTask.job

- c:\windows\system32\defrag.exe [2004-08-04 16:22]

 

2010-02-01 c:\windows\Tasks\McQcTask.job

- c:\programfiler\mcafee\mqc\QcConsol.exe [2006-09-05 10:22]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.fsc.no/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Download all links using BitComet - c:\programfiler\BitComet\BitComet.exe/AddAllLink.htm

IE: Download all videos using BitComet - c:\programfiler\BitComet\BitComet.exe/AddVideo.htm

IE: Download link using &BitComet - c:\programfiler\BitComet\BitComet.exe/AddLink.htm

.

- - - - TOMME PEKERE FJERNET - - - -

 

BHO-{29CC914D-B768-4983-BA90-3EF70A5D12AA} - c:\windows\system32\ddcBRjkh.dll

BHO-{4DC60874-50DA-4111-B015-0D52C2991E14} - c:\windows\system32\tuvWoonN.dll

WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)

HKCU-Run-MsnMsgr - c:\programfiler\MSN Messenger\MsnMsgr.Exe

HKCU-Run-updateMgr - c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKCU-Run-EA Core - c:\programfiler\Electronic Arts\EADM\Core.exe

HKLM-Run-nwiz - nwiz.exe

MSConfigStartUp-nwiz - nwiz.exe

MSConfigStartUp-swg - c:\programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

AddRemove-DivX Player_is1 - d:\downloads\ArtisanDVDPlayer\unins000.exe

AddRemove-NVIDIA Display Control Panel - c:\programfiler\NVIDIA Corporation\Uninstall\nvuninst.exe

AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe

AddRemove-Steam - c:\progra~1\Steam\UNWISE.EXE

AddRemove-Steam App 10620 - c:\programfiler\Steam\steam.exe

AddRemove-Steam App 16810 - c:\programfiler\Steam\steam.exe

AddRemove-Steam App 33560 - c:\programfiler\Steam\steam.exe

AddRemove-Vål'enga i mitt hjerte Screensaver - c:\programfiler\none\Vål'enga i mitt hjerte\Uninstall.exe

AddRemove-Winamp - c:\programfiler\Winamp\UninstWA.exe

AddRemove-Steam App 3900 - c:\programfiler\steam\steam.exe

AddRemove-Steam App 8800 - c:\programfiler\steam\steam.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-26 22:39

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-1248712101-406671931-7691188-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b2,c6,fd,6f,ab,ab,3a,aa,bf,f9,14,8c,77,b4,e6,fe,48,0e,70,67,34,18,47,

1a,22,c6,a2,19,03,9d,1e,66,e2,06,71,0a,02,6f,79,e7,1f,be,e8,b3,40,24,31,7a,\

"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

 

[HKEY_USERS\S-1-5-21-1248712101-406671931-7691188-1004\Software\SecuROM\License information*]

"datasecu"=hex:1a,f1,4f,a5,88,54,58,2b,18,3d,ca,55,33,a1,13,08,bf,d1,31,89,ec,

c7,5c,7a,97,e7,17,31,b8,a7,dd,7c,a4,8b,86,55,0b,c0,c2,ab,9b,6b,a2,b6,a2,ca,\

"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e,c5,3b,48,c4

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'explorer.exe'(1884)

c:\programfiler\McAfee\SiteAdvisor\saHook.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\programfiler\WinSCP\DragExt.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\xpsp3res.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\System32\SCardSvr.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\programfiler\Bonjour\mDNSResponder.exe

c:\programfiler\Java\jre6\bin\jqs.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\programfiler\fellesfiler\mcafee\mna\mcnasvc.exe

c:\progra~1\FELLES~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\McAfee\VIRUSS~1\mcshield.exe

c:\programfiler\McAfee\MPF\MPFSrv.exe

c:\programfiler\McAfee\MSK\MskSrver.exe

c:\windows\system32\PnkBstrA.exe

c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\programfiler\Skype\Plugin Manager\SkypePM.exe

c:\windows\system32\wbem\unsecapp.exe

c:\programfiler\iPod\bin\iPodService.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe

 

 

 

 

.

**************************************************************************

.

Tidspunkt ferdig: 2010-03-26 22:46:11 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2010-03-26 21:46

 

Pre-Run: 19 707 187 200 byte ledig

Post-Run: 20 097 814 528 byte ledig

 

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 41EDBE2C0F622AE36B743CA81A9B847C

 

 

 

 

 

 

 

Malwarebytes' Anti-Malware 1.44

Databaseversjon: 3919

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

26.03.2010 22:08:02

mbam-log-2010-03-26 (22-08-02).txt

 

Skanntype: Rask Skann

Objekter skannet: 22938

Tid tilbakelagt: 5 minute(s), 24 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

Endret 26. mars 2010 av enga007

[norbat]

Får du bsod (blåskjerm) i forbindelse med at pc'n slår seg av?

[MirusMentis]

Hva er det siste som står i eventviewer før restart?

[enga007]

kutter strømen, når jeg skal kjøre ad-aware, opdatere ad-aware. maskimen er ca,4 år gammel har ikke hatt noen problemer før. det er bare de 2 siste ukene som den har slått seg av, gjerne på kvelden, alt skrur seg av uten tastature det lyser fortsatt

[snippsat]

Loggene dine er bra.

 

Hva er temp på cpu/skjermkort.o.s.v?

Lenge siden du har gjort rent vifter.

 

Årsak er når den bare slår seg av er som regel temp eller dårlig psu.

[enga007]

viftene er rene. hvordan kan jeg ta tempen på cpu og skjermkort. skrur seg av ca 3/4 ganger i løpet av kvelden

[snippsat]

Bruk pc-wizard for og sjekke temp og spennninger.

http://pc-wizard-2009.en.softonic.com/

 

Det er litt viktig og ha kontroll på dette.

Det og teste for stabilthet er viktig selv om man ikke overklokker.

Da kan man peile seg inn på hva som er feil.

Noen verktøy her du kan se på.

 

Cpu-skjermkort test

http://www.ocbase.com/perestroika_en/index.php?Download

 

Minne test

http://www.memtest.org/

 

HDD test(Hd-tune 2.55(free))

http://www.hdtune.com/download.html