Crazy_Man Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 plx check HJT logg Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 15:01:08, on 09.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe D:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe D:\Programfiler\Folding@Home SMP\smpd.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe D:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Programfiler\VideoLAN\VLC\vlc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe D:\Programfiler\HijackThis\OMG liek leet program.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [amd_dc_opt] D:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "D:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - D:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programfiler\Creative\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - D:\Programfiler\Folding@Home SMP\smpd.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6347 bytes SAS logg Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 12/09/2007 at 01:21 PM Application Version : 3.9.1008 Core Rules Database Version : 3330 Trace Rules Database Version: 1331 Scan type : Complete Scan Total Scan Time : 00:37:21 Memory items scanned : 367 Memory threats detected : 0 Registry items scanned : 5205 Registry threats detected : 0 File items scanned : 38918 File threats detected : 5 Adware.Tracking Cookie C:\Documents and Settings\Torgeir\Cookies\[email protected][2].txt C:\Documents and Settings\Torgeir\Cookies\torgeir@serving-sys[1].txt C:\Documents and Settings\Torgeir\Cookies\torgeir@tradedoubler[1].txt C:\Documents and Settings\Torgeir\Cookies\torgeir@atdmt[1].txt C:\Documents and Settings\Torgeir\Cookies\[email protected][2].txt Combofix logg Klikk for å se/fjerne innholdet nedenfor ComboFix 07-12-09.1 - Torgeir 2007-12-09 14:57:22.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1406 [GMT 1:00] Running from: D:\Nedlastning\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))) . 2007-12-09 14:52 . 2007-12-09 14:52 <DIR> dr-h----- C:\Documents and Settings\Torgeir\Siste 2007-12-07 00:27 . 2007-12-07 00:26 23,736 --a------ C:\WINDOWS\system32\LMImirr.dll 2007-12-03 19:21 . 2007-12-03 19:21 <DIR> d---s---- C:\Documents and Settings\Torgeir\UserData 2007-11-13 18:39 . 2007-11-13 18:39 0 --a------ C:\WINDOWS\ativpsrm.bin 2007-11-13 18:37 . 2004-09-15 21:10 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-11-13 18:29 . 2007-11-13 18:29 <DIR> d-------- C:\Programfiler\Radeon Omega Drivers 2007-11-13 18:29 . 2007-11-13 18:36 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe 2007-11-09 18:44 . 2007-12-01 20:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-11-09 18:44 . 2007-11-09 18:44 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-09 13:55 --------- d-----w C:\Documents and Settings\Torgeir\Programdata\AVG7 2007-12-09 11:36 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7 2007-12-08 19:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-08 19:55 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-12-07 23:51 --------- d-----w C:\Documents and Settings\Torgeir\Programdata\Xfire 2007-12-07 22:07 9,407,860 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2007-12-07 19:27 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-07 19:06 --------- d-----w C:\Documents and Settings\Torgeir\Programdata\uTorrent 2007-12-06 23:26 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll 2007-12-06 23:26 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll 2007-12-06 23:26 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll 2007-12-06 23:26 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll 2007-11-28 18:42 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-11-26 19:57 --------- d-----w C:\Documents and Settings\Torgeir\Programdata\teamspeak2 2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2007-11-13 19:02 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2007-11-13 17:27 --------- d-----w C:\Programfiler\ATI Technologies 2007-11-09 20:51 22,328 ----a-w C:\Documents and Settings\Torgeir\Programdata\PnkBstrK.sys 2007-11-09 20:50 674,600 ----a-w C:\WINDOWS\system32\pbsvc.exe 2007-11-09 20:50 66,872 ----a-w C:\WINDOWS\system32\pnkbstra.exe 2007-11-08 14:20 --------- d-----w C:\Programfiler\Fellesfiler\Borland Shared 2007-11-08 14:16 --------- d-----w C:\Documents and Settings\Torgeir\Programdata\Softouch 2007-11-08 14:16 --------- d-----w C:\Documents and Settings\All Users\Programdata\Softouch 2007-11-06 22:29 --------- d-----w C:\Documents and Settings\Torgeir\Programdata\U3 2007-11-05 16:16 40,616 ----a-w C:\Documents and Settings\Torgeir\Programdata\GDIPFONTCACHEV1.DAT 2007-10-30 15:40 --------- d-----w C:\Documents and Settings\Torgeir\Programdata\AdobeUM 2007-10-24 20:59 --------- d-----w C:\Programfiler\Fellesfiler\Futuremark Shared 2007-10-19 01:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\Trymedia 2007-10-14 19:25 --------- d-----w C:\Programfiler\AGEIA Technologies 2007-10-13 11:34 --------- d-----w C:\Documents and Settings\Torgeir\Programdata\InstallShield Installation Information 2007-10-11 09:55 27,672 ----a-r C:\WINDOWS\system32\drivers\Entech.sys 2007-10-09 17:01 --------- d-----w C:\Documents and Settings\Torgeir\Programdata\Apple Computer 2007-09-29 04:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-09-29 04:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-09-29 04:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-09-29 03:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-09-29 03:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-09-29 03:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-09-29 03:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-09-29 03:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-09-29 03:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-09-29 03:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-09-29 03:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-09-29 03:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-09-29 03:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-09-29 03:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-09-29 03:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-09-29 03:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-09-29 03:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-09-29 03:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-08-25 00:00 126,453 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_25_01_27_40_small.dmp.zip 2007-08-22 09:07 132,343 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_21_18_04_43_small.dmp.zip 2007-08-21 06:29 131,095 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_21_02_30_48_small.dmp.zip 2007-08-21 06:29 128,595 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_21_01_38_26_small.dmp.zip 2007-05-01 13:43 124,905 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_30_22_55_59_small.dmp.zip 2007-04-30 14:48 125,250 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_30_03_11_57_small.dmp.zip 2007-04-29 20:10 256,033 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_29_00_29_28_small.dmp.zip 2007-04-18 21:33 1 ----a-w C:\Documents and Settings\Torgeir\SI.bin 2007-04-16 04:55 23,033,038 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_15_23_59_08_full.dmp.zip 2007-04-13 22:26 22,875,522 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_13_19_58_36_full.dmp.zip 2007-04-10 16:24 22,987,206 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_10_18_23_09_full.dmp.zip . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32] "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-25 13:00] "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2003-04-25 13:00] "C6501Sound"="RunDll32 c6501.cpl" [] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-22 15:16] "ZoneAlarm Client"="D:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05] "amd_dc_opt"="D:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 15:49] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 C:\WINDOWS\KHALMNPR.Exe] "QuickTime Task"="D:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 05:24] "AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 C:\WINDOWS\system32\atiptaxx.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-22 15:16] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - D:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-04-25 22:20:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-12-07 00:26 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^system.config.bat] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Torgeir^Start-meny^Programmer^Oppstart^FAH504-Console.exe.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Torgeir^Start-meny^Programmer^Oppstart^Folding@Home 5.03.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Torgeir^Start-meny^Programmer^Oppstart^winFAH-GPU-beta4.exe.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] d:\Programfiler\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] 2007-04-17 13:03 63048 --a------ D:\Programfiler\LogMeIn\x86\LogMeInSystray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Programfiler\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Programfiler\MSN Messenger\MsnMsgr.Exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy] copyfstq.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] D:\Programfiler\Valve\Steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2006-05-03 02:56 36975 --a------ C:\Programfiler\Java\jre1.5.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "FAH@D:+Programfiler+Folding@Home+FAH504-Console.exe"=2 (0x2) "Spooler"=2 (0x2) "usnjsvc"=3 (0x3) "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "btwdins"=2 (0x2) R1 atitray;atitray;\??\C:\Programfiler\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.sys R2 LMIInfo;LogMeIn Kernel Information Provider;\??\D:\Programfiler\LogMeIn\x86\RaInfo.sys R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;D:\Programfiler\Folding@Home SMP\smpd.exe R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys S3 LUsbKbd;Logitech SetPoint USB Filter Driver;C:\WINDOWS\system32\drivers\LUsbKbd.sys S3 rtl8029;Realtek RTL8029(AS)-basert PCI Ethernet-kort NT-driver;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys S4 FAH@D:+Programfiler+Folding@Home+FAH504-Console.exe;FAH@D:+Programfiler+Folding@Home+FAH504-Console.exe;D:\Programfiler\Folding@Home\FAH504-Console.exe -svcstart [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66c33c5f-8c8a-11dc-a245-0018f380dc2f}] \Shell\AutoRun\command - J:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2007-11-08 10:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\DOCUME~1\Torgeir\LOKALE~1\Temp\xkfrvofs.dll . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-09 14:58:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** "ServiceDll"="C:\WINDOWS\System32\es.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@C:+Documents and Settings+Torgeir+Skrivebord+FAH5.91beta3-console.exe] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@D:+Programfiler+Folding@Home+FAH504-Console.exe] . Completion time: 2007-12-09 14:59:10 C:\ComboFix-quarantined-files.txt ... 2007-10-03 22:25 C:\ComboFix2.txt ... 2007-10-03 22:25 . --- E O F --- Tusen takk Lenke til kommentar
norbat Skrevet 9. desember 2007 Del Skrevet 9. desember 2007 Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Sjekk at fila C:\DOCUME~1\Torgeir\LOKALE~1\Temp\xkfrvofs.dll ikke lengre ligger der. Ut over dette ser loggene dine fine ut. Opplever du noe spesielt? Lenke til kommentar
Crazy_Man Skrevet 9. desember 2007 Forfatter Del Skrevet 9. desember 2007 Da var den fila borte det var en Bsod jeg fikk igår, men jeg tror den kom fra minnet da Memtesten jeg tok senere idag klikka Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå