[Løst] Hjelp til virus ? Sjekke logger.

G3 · 11. juli 2008

Jeg har tidligere fått stor hjelp her inne før, og forsøker igjen.

Sitter på en venninne sin maskin nå, og det er som å jobbe i sirup. CPU rusler på 100% hele tiden. Kjører XP.

Kan en dyktig sjel se på disse loggene :-)

Poster først Combofix loggen :

ComboFix 08-07-10.1 - Bruker1 2008-07-11 21:16:14.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.500 [GMT 2:00]

Running from: C:\Documents and Settings\Bruker1\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\oeminfo.ini

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\WanPacket.dll

C:\WINDOWS\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))

.

2008-07-11 20:51 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-07-11 20:51 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-07-11 20:51 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-07-11 20:51 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-07-11 20:51 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe

2008-07-11 20:51 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe

2008-07-11 20:51 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-07-11 20:51 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-07-11 20:51 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-07-11 20:51 . 2008-07-11 20:51 4,218 --a------ C:\WINDOWS\system32\tmp.reg

2008-07-09 16:50 . 2008-07-09 16:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-07-09 16:47 . 2008-07-09 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NOS

2008-07-09 16:46 . 2008-07-09 16:47 <DIR> d-------- C:\Programfiler\NOS

2008-06-21 18:21 . 2008-06-21 18:21 <DIR> d-------- C:\Programfiler\Sun

2008-06-21 18:20 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-06-21 18:17 . 2008-06-21 18:17 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-06-21 12:53 . 2008-06-21 12:53 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-06-21 12:53 . 2008-06-21 12:53 <DIR> d-------- C:\Documents and Settings\Bruker1\Programdata\SUPERAntiSpyware.com

2008-06-21 12:53 . 2008-06-21 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-06-21 00:04 . 2008-06-21 00:04 <DIR> d--h----- C:\$AVG8.VAULT$

2008-06-20 20:57 . 2008-06-14 19:36 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-20 19:49 . 2008-06-20 19:49 246,784 --------- C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 19:49 . 2008-06-20 19:49 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 19:33 . 2008-06-20 19:33 <DIR> d-------- C:\WINDOWS\system32\no

2008-06-20 19:33 . 2008-06-20 19:33 <DIR> d-------- C:\WINDOWS\system32\bits

2008-06-20 19:33 . 2008-06-20 19:33 <DIR> d-------- C:\WINDOWS\l2schemas

2008-06-20 19:09 . 2008-06-20 19:09 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-06-20 18:22 . 2008-06-20 18:22 <DIR> d-------- C:\WINDOWS\EHome

2008-06-20 17:24 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys

2008-06-20 17:23 . 2004-08-03 22:41 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys

2008-06-20 17:23 . 2004-08-03 22:29 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys

2008-06-20 17:23 . 2004-08-03 22:29 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys

2008-06-20 17:23 . 2004-08-03 22:29 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys

2008-06-20 17:23 . 2004-08-03 22:29 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys

2008-06-20 17:23 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys

2008-06-20 16:31 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-20 13:51 . 2008-06-20 13:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 13:40 . 2008-06-20 13:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 13:08 . 2008-06-20 13:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-19 21:28 . 2008-06-19 21:28 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-06-19 21:28 . 2008-06-19 21:28 <DIR> d-------- C:\Programfiler\AVG

2008-06-19 21:28 . 2008-06-19 21:28 <DIR> d-------- C:\Documents and Settings\Bruker1\Programdata\AVGTOOLBAR

2008-06-19 21:28 . 2008-06-19 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8

2008-06-19 21:28 . 2008-07-05 10:06 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-06-19 21:28 . 2008-07-05 10:12 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-06-19 21:28 . 2008-07-05 10:06 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-06-18 16:45 . 2008-06-18 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TEMP

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:36 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-09 18:43 --------- d-----w C:\Programfiler\LimeWire

2008-06-08 11:41 --------- d-----w C:\Programfiler\Fellesfiler\Adobe(2)

2008-06-08 11:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\Adobe(2)

2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:56 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll

2008-05-09 10:56 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll

2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:56 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll

2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:56 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll

2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

2008-05-09 10:56 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe

2008-05-07 05:12 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:12 1,291,264 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2008-04-23 20:22 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-04-22 07:43 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-04-22 07:43 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin

2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 16:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll

2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll

2008-04-14 16:19 97,792 ----a-w C:\WINDOWS\system32\dllcache\chtmbx.dll

2008-04-14 15:53 2,190,720 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 15:53 2,067,584 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 15:49 79,360 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll

2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 15:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 15:39 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-14 07:23 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 07:22 987,136 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 07:22 423,936 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-13 18:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 18:40 389,120 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 18:37 2,909,184 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-13 18:35 189,440 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dLL

2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 16:43 70,144 ----a-w C:\WINDOWS\system32\dllcache\pintlphr.exe

2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2008-04-14 18:23 1695232]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-05 20:49 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"epm-dm"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 15:59 212992]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 16:17 102491]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 16:16 692315]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]

"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392]

"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.EXE" [2001-10-09 17:10 818176]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 20:39 471040]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-18 20:09 94208]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-18 20:10 114688]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-18 20:06 77824]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]

"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]

"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-05 10:13 1232152]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 20:27 15600128 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= C:\PROGRA~2\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

--a------ 2008-05-28 10:33 1506544 C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-04-05 20:49 68856 C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 10:06]

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 10:09]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-05 10:12]

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-05 10:07]

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-updateMgr - c:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-11 21:21:46

Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE

C:\PROGRAMFILER\INTEL\WIRELESS\BIN\EVTENG.EXE

C:\PROGRAMFILER\INTEL\WIRELESS\BIN\S24EVMON.EXE

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE

C:\PROGRAMFILER\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

C:\WINDOWS\SYSTEM32\LEXBCES.EXE

C:\WINDOWS\SYSTEM32\LEXPPS.EXE

C:\PROGRAMFILER\AVG\AVG8\AVGWDSVC.EXE

C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE

C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE

C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE

C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE

C:\PROGRAMFILER\FELLESFILER\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\PROGRAMFILER\INTEL\WIRELESS\BIN\REGSRVC.EXE

C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\PROGRAMFILER\AVG\AVG8\AVGRSX.EXE

.

**************************************************************************

.

Completion time: 2008-07-11 21:26:17 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-11 19:25:46

Pre-Run: 32,692,830,208 byte ledig

Post-Run: 32,637,059,072 byte ledig

250 --- E O F --- 2008-07-09 19:28:17

Og her er SAS loggen :

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 07/11/2008 at 08:25 PM

Application Version : 4.15.1000

Core Rules Database Version : 3502

Trace Rules Database Version: 1493

Scan type : Complete Scan

Total Scan Time : 02:15:52

Memory items scanned : 658

Memory threats detected : 0

Registry items scanned : 6073

Registry threats detected : 0

File items scanned : 21668

File threats detected : 16

Adware.Tracking Cookie

C:\Documents and Settings\Bruker1\Cookies\bruker1@advertising[1].txt

C:\Documents and Settings\Bruker1\Cookies\bruker1@doubleclick[1].txt

C:\Documents and Settings\Bruker1\Cookies\[email protected][3].txt

C:\Documents and Settings\Bruker1\Cookies\bruker1@adtech[1].txt

C:\Documents and Settings\Bruker1\Cookies\bruker1@indextools[2].txt

C:\Documents and Settings\Bruker1\Cookies\[email protected][1].txt

C:\Documents and Settings\Bruker1\Cookies\bruker1@tribalfusion[2].txt

C:\Documents and Settings\Bruker1\Cookies\[email protected][3].txt

C:\Documents and Settings\Bruker1\Cookies\bruker1@casalemedia[2].txt

C:\Documents and Settings\Bruker1\Cookies\[email protected][1].txt

C:\Documents and Settings\Bruker1\Cookies\[email protected][2].txt

C:\Documents and Settings\Bruker1\Cookies\bruker1@imrworldwide[2].txt

C:\Documents and Settings\Bruker1\Cookies\bruker1@tradedoubler[1].txt

C:\Documents and Settings\Bruker1\Cookies\[email protected][1].txt

Og her er loggen fra HJT :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:39:34, on 11.07.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\acer\Empowering Technology\ePower\epm-dm.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\WINDOWS\system32\LXSUPMON.EXE

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Acer\Empowering Technology\admtray.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

--

End of file - 10990 bytes

Endret 15. juli 2008 av G3

norbat · 11. juli 2008

Loggene ser greie ut.

Har du kjørt ccleaner og renset ut temp-filer?

G3 · 11. juli 2008

Legger inn en HJT logg til, siden den lå på skrivebordet :

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:17:37, on 11.07.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\acer\Empowering Technology\ePower\epm-dm.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\WINDOWS\system32\LXSUPMON.EXE

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Acer\Empowering Technology\admtray.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\AVG\AVG8\avgrsx.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Documents and Settings\Bruker1\Skrivebord\Hijackthis\HijackThis.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/