Knott^ Skrevet 2. august 2008 Del Skrevet 2. august 2008 (endret) Hei Får opp denne meldingen hvergang jeg starter PC'en: RunDLL; C:\Windows\system32\hgvmjiyq.ddl Bilde: Her er logg fra hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:28:40, on 02.08.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\TBPanel.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Steam\Steam.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\NETGEAR\WPN111\wpn111.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Logitech\SetPoint II\SetpointII.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Xfire\xfire.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Jesus\Desktop\lol\test.exe.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Gainward] C:\Windows\TBPanel.exe /A O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hGVmjIYQ.dll,#1 O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunServices: [Windows Updater] winExplore.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: RocketDock.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: UberIcon.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Startup: Y'z Shadow.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: SetPointII.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 9802 bytes Endret 2. august 2008 av Knott^ Lenke til kommentar
snippsat Skrevet 2. august 2008 Del Skrevet 2. august 2008 Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
norbat Skrevet 2. august 2008 Del Skrevet 2. august 2008 (endret) Punkt 1: Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hGVmjIYQ.dll,#1 O4 - HKLM\..\RunServices: [Windows Updater] winExplore.exe Punkt 2: Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemskann', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på Vis resultat-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Restart pc'n Punkt 3: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt), så ser vi om det er noe mer som bør gjøres. Edit: Ble dobbelpost. Blir hipp som happ hva du gjør:) Endret 2. august 2008 av norbat Lenke til kommentar
Knott^ Skrevet 2. august 2008 Forfatter Del Skrevet 2. august 2008 Last Combofix ned ,legg på skrivebordet.Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Kjørte combofix i 15-20min, men det skjedde ingenting så jeg restarta Skal det være et vindu oppe hele tiden eller hvordan fåregår det? kom også opp en advarsel om at kun 1 av 100 pcer greidet det eller noe sånt Lenke til kommentar
norbat Skrevet 2. august 2008 Del Skrevet 2. august 2008 Det blir stående et commando-vindu der du vil se at combofix kjører gjennom en del punkt (stage 1 - 48). Er pc'n veldig infisert, så kan det godt ta noe tid. Meldingen i starter sier du bare ja/yes til. Lenke til kommentar
Knott^ Skrevet 2. august 2008 Forfatter Del Skrevet 2. august 2008 (endret) Det blir stående et commando-vindu der du vil se at combofix kjører gjennom en del punkt (stage 1 - 48). Er pc'n veldig infisert, så kan det godt ta noe tid. Meldingen i starter sier du bare ja/yes til. den boksen var der bare i 1min så forsvant den. Så 15 min etter restarta jeg, visste ikke om den kjørte eller om den var ferdig. Når den starta opp fikk jeg bluescreen. Starta opp på nytt og kom inn på windows. Har hatt uvanlig mange bluescreens den siste uken. Kan dette "viruset" være skylden i det? Resultatet av Malwarebytes: Malwarebytes' Anti-Malware 1.24 Database versjon: 1017 Windows 6.0.6001 Service Pack 1 00:25:48 2008-08-03 mbam-log-8-3-2008 (00-25-48).txt Skanntype: Rask Skann Objekter skannet: 37586 Tid tilbakelagt: 2 minute(s), 44 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 41 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{860b20f5-12c2-44ee-befe-7cd167a7a98e} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{016998bb-c153-4bc9-8ea0-d8ebab843641} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1d33825d-31d6-4064-920c-af1a11acf5d9} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1d436319-1b6f-4116-a2ae-479b5e5f58f7} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{23202b12-d1f9-41ef-b684-e0e0c025c5e4} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3c8d07ad-db5c-444b-984e-6b619e3f90e0} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{778c6547-2567-4177-ba41-63e420843e29} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7b79f338-0a8d-44af-a809-4e34b47e0bf8} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7d9745a5-5c08-441c-b809-264bba43cb19} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a3c744fa-9a23-4ac2-b167-658458764982} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b68de76d-f354-4a0d-96de-b3c4726b0874} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c29d7379-4f31-4b46-971f-7c94b15c709e} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cce1768a-3fff-49c4-8c48-2daed860d118} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e2cb4866-da3d-4158-af12-e296fb8de109} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e85fff2f-d5c5-43df-85e8-2258857f596c} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e9b4ddb2-a1db-49c1-a1d3-05cc43b12e10} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fd849917-2cc9-4e7a-a7bf-6e825315a749} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{4946cbc5-dc18-4c7a-bc4d-299203c80602} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{310d53a0-f736-4a2f-858e-860cfd30ad61} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ask.scanner (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ask.scanner.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3ec8e606-d9b3-4f96-b59d-9bd6ee759846} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{788f2351-b5ed-4dc2-88c3-5ae0aa81c537} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{805566b6-754f-4fac-8b1d-68e0db3a4558} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{99a01fb5-d73c-47da-bac2-5952b4387100} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a70fcdd6-d563-4bab-abbf-b8d93b64c815} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c712933c-36ad-48ac-b866-61b4fea83559} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{dbf8ffd6-e75a-48d8-9be3-08724b848002} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ask.threatcollection (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ask.threatcollection.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{dfb5633d-510e-46b2-8711-5f4697b8e69e} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e8fb9c05-26c0-4032-b906-9f5ee172e94e} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f20ea7ae-99f3-4723-bd78-7910eb00f086} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ask.enginelistener (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ask.enginelistener.1 (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{fc7cfd2a-d27d-4eb1-9435-42e76072434a} (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\AntiSpyKit.EXE (Rogue.AntiSpyKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Endret 2. august 2008 av Knott^ Lenke til kommentar
norbat Skrevet 2. august 2008 Del Skrevet 2. august 2008 'Virus' kan forårsake bluescreen (gjerne i form av rootkit). Prøv og følg veiledningen gitt over (hjt, mbam og combofix). Lenke til kommentar
Knott^ Skrevet 2. august 2008 Forfatter Del Skrevet 2. august 2008 'Virus' kan forårsake bluescreen (gjerne i form av rootkit). Prøv og følg veiledningen gitt over (hjt, mbam og combofix). Skal ta den comboen nå Får denne feilmeldingen: driver_irql_not_less_or equal Lenke til kommentar
Knott^ Skrevet 2. august 2008 Forfatter Del Skrevet 2. august 2008 Sorry dobbeltpost. Når jeg prøver å kjøre combo, så kommer det en feilmelding om at kommando ett eller annet sluttet å funke, så lukker det blå vinduet seg, og jeg kan ikke bruke innternett før restart av maskina :S Ennyhow, så kommer ikke den feilmeldingen mer Er alt i orden da? Tror kanskje det var den malware greia som fiksa den Lenke til kommentar
norbat Skrevet 2. august 2008 Del Skrevet 2. august 2008 Hjt ordnet feilmeldingen. Hvis det er problemer med combofix, så kan du gjøre følgende: Hent Decard,legg på skrivebord. Kjør dss.exe og følge veiledningen. Når scanningen er ferdig, åpnes det en logg (main.txt) som du kopierer og limer inn i din neste post. Lenke til kommentar
Knott^ Skrevet 3. august 2008 Forfatter Del Skrevet 3. august 2008 Hjt ordnet feilmeldingen. Hvis det er problemer med combofix, så kan du gjøre følgende: Hent Decard,legg på skrivebord. Kjør dss.exe og følge veiledningen. Når scanningen er ferdig, åpnes det en logg (main.txt) som du kopierer og limer inn i din neste post. Deckard's System Scanner v20071014.68 Run by Jesus on 2008-08-03 10:06:46 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 8: 2008-08-02 19:38:02 UTC - RP648 - ComboFix created restore point 7: 2008-08-02 18:12:56 UTC - RP647 - Uniblue RegistryBooster 6: 2008-08-01 20:14:23 UTC - RP645 - Planlagt kontrollpunkt 5: 2008-08-01 08:04:37 UTC - RP644 - Windows Update 4: 2008-07-31 11:16:31 UTC - RP643 - Installed iTunes -- First Restore Point -- 1: 2008-07-24 00:09:56 UTC - RP640 - Windows Defender Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Jesus.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:09, on 2008-08-03 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\TBPanel.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Steam\Steam.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\System32\rundll32.exe C:\Program Files\NETGEAR\WPN111\wpn111.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Logitech\SetPoint II\SetpointII.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Xfire\xfire.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Jesus\Desktop\dss.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Jesus.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Gainward] C:\Windows\TBPanel.exe /A O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: RocketDock.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: UberIcon.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Startup: Y'z Shadow.lnk = C:\Windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: SetPointII.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 9681 bytes -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - regedit.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 giveio - c:\windows\system32\giveio.sys R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver> R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver> R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3> R2 TBPanel - c:\windows\system32\drivers\tbpanel.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver> S3 Cardex - \??\c:\windows\system32\drivers\tbpanel.sys S3 RivaTuner32 - \??\c:\program files\rivatuner v2.06\rivatuner32.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Bonjour Service (Bonjour-tjeneste) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21} Description: Logitech GamePanel-enheter Device ID: ROOT\SIDESHOW000 Manufacturer: Logitech Inc Name: Logitech GamePanel-enheter PNP Device ID: ROOT\SIDESHOW000 Service: WUDFRd -- Scheduled Tasks ------------------------------------------------------------- 2008-08-02 23:39:00 254 --a------ C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job 2008-08-02 23:37:32 446 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{48794E05-D6C4-440F-9172-085C209F4727}.job -- Files created between 2008-07-03 and 2008-08-03 ----------------------------- 2008-08-03 10:09:22 0 d-------- C:\Program Files\Trend Micro 2008-08-03 00:34:53 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-08-03 00:34:49 0 d-------- C:\327882R2FWJFW 2008-08-03 00:19:34 0 d-------- C:\Users\All Users\Malwarebytes 2008-08-03 00:19:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-02 21:36:10 68096 --a------ C:\Windows\zip.exe 2008-08-02 21:36:10 49152 --a------ C:\Windows\VFind.exe 2008-08-02 21:36:10 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-08-02 21:36:10 98816 --a------ C:\Windows\sed.exe 2008-08-02 21:36:10 80412 --a------ C:\Windows\grep.exe 2008-08-02 21:36:10 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-08-02 21:35:53 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-07-31 15:38:53 0 d-------- C:\Program Files\Handbrake 2008-07-31 13:16:45 0 d-------- C:\Program Files\iPod 2008-07-31 13:16:44 0 d-------- C:\Program Files\iTunes 2008-07-31 13:16:29 0 d-------- C:\Program Files\Bonjour 2008-07-31 13:15:44 0 d-------- C:\Users\All Users\Apple Computer 2008-07-31 13:15:44 0 d-------- C:\Program Files\QuickTime 2008-07-31 13:14:15 0 d-------- C:\Program Files\Apple Software Update 2008-07-31 13:13:17 0 d-------- C:\Users\All Users\Apple 2008-07-31 13:13:17 0 d-------- C:\Program Files\Common Files\Apple 2008-07-24 23:59:34 0 d-------- C:\Program Files\Windows Live Safety Center -- Find3M Report --------------------------------------------------------------- 2008-08-03 10:07:05 462646 --a------ C:\Windows\system32\perfh014.dat 2008-08-03 10:07:05 81302 --a------ C:\Windows\system32\perfc014.dat 2008-08-03 10:01:25 0 d-------- C:\Program Files\Steam 2008-08-03 00:19:36 0 d-------- C:\Users\Jesus\AppData\Roaming\Malwarebytes 2008-08-03 00:03:01 0 d-------- C:\Users\Jesus\AppData\Roaming\dvdcss 2008-08-02 20:10:42 0 d-------- C:\Users\Jesus\AppData\Roaming\Uniblue 2008-07-31 23:06:28 0 d-------- C:\Users\Jesus\AppData\Roaming\SharePod 2008-07-31 15:49:51 0 d-------- C:\Program Files\Winamp 2008-07-31 15:23:30 0 d-------- C:\Program Files\Common Files\Steam 2008-07-31 15:05:57 0 d-------- C:\Users\Jesus\AppData\Roaming\uTorrent 2008-07-31 13:17:04 0 d-------- C:\Users\Jesus\AppData\Roaming\Apple Computer 2008-07-31 13:13:17 0 d-------- C:\Program Files\Common Files 2008-07-24 19:19:21 0 d-------- C:\Users\Jesus\AppData\Roaming\Xfire 2008-07-22 20:47:34 0 d-------- C:\Program Files\Xfire 2008-07-20 00:19:46 0 d-------- C:\Users\Jesus\AppData\Roaming\Winamp 2008-07-09 21:30:48 0 d-------- C:\Program Files\Windows Mail 2008-06-21 00:46:46 0 d-------- C:\Users\Jesus\AppData\Roaming\My Games 2008-06-21 00:40:45 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-21 00:40:17 0 d-------- C:\Program Files\Firaxis Games 2008-06-18 14:42:44 0 d-------- C:\Users\Jesus\AppData\Roaming\Mozilla 2008-06-15 13:48:42 0 d-------- C:\Users\Jesus\AppData\Roaming\Web Page Maker 2008-06-15 13:43:21 0 d-------- C:\Program Files\Web Page Maker 2008-06-14 15:08:10 0 d-------- C:\Program Files\NETGEAR 2008-06-12 20:59:15 0 d-------- C:\Program Files\Opera 2008-06-08 18:44:39 0 d-------- C:\Program Files\Sierra Entertainment 2008-06-08 18:23:58 0 d-------- C:\Program Files\Electronic Arts 2008-06-07 21:21:09 0 d-------- C:\Program Files\Warcraft III 2008-05-31 18:07:14 22961 --a------ C:\Windows\War3Unin.dat 2008-05-31 17:51:10 2829 --a------ C:\Windows\War3Unin.pif 2008-05-31 17:51:10 126976 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller> 2008-05-30 15:32:23 174 --ahs---- C:\Program Files\desktop.ini 2008-05-22 14:28:23 1 --a------ C:\Windows\system32\SI.bin 2008-05-20 18:43:27 21840 --a------ C:\Windows\system32\SIntfNT.dll 2008-05-20 18:43:26 17212 --a------ C:\Windows\system32\SIntf32.dll 2008-05-20 18:43:26 12067 --a------ C:\Windows\system32\SIntf16.dll 2008-05-20 18:42:54 34745 --a------ C:\Windows\DIIUnin.dat 2008-05-20 18:40:20 2829 --a------ C:\Windows\DIIUnin.pif 2008-05-20 18:40:20 94208 --a------ C:\Windows\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller> 2008-05-20 16:52:03 268 -r-h----- C:\Users\Jesus\AppData\Roaming\External Build System -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38] "JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 14:44] "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 07:37 C:\Windows\RtHDVCpl.exe] "Gainward"="C:\Windows\TBPanel.exe" [2007-03-02 08:10] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 C:\Windows\KHALMNPR.Exe] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06] "NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-06-27 16:40] "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 01:30] "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 02:08] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 23:33] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-12 02:06] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-12 02:06] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-12 02:06] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [] "Steam"="c:\program files\steam\steam.exe" [2008-03-28 15:23] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 10:30] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-05-22 20:52] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33] "Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [] C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) "EnableUIADesktopToggle"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{1C2DA439-4680-4E85-A22D-EB2385FABF80}"= C:\Windows\system32\hGVmjIYQ.dll [ ] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "C:\Program Files\Winamp\winampa.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cee424de-a69d-11dc-8b3c-001a927d164d}] AutoRun\command- K:\Autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-08-03 10:11:37 ------------ Lenke til kommentar
norbat Skrevet 3. august 2008 Del Skrevet 3. august 2008 Loggen ser grei ut. Fant MBAM noe? Sjekk i Vista om den sier noe om hva som evt. forårsaker ustabiliteten: Alle programmer->Vedlikehold->Problemrapporter og løsninger. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå