[Cleared] Sjekk av logg fra HJT, Combofix og SAS.

KenBjork · 30. august 2008

Har en litt uggen følelse, men er usikker på om det er noe galt.

Så håper "team" norbat, snipsat ser innom Andre medlemmer også, for all del

På forhånd takk.

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:34:22, on 30.08.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\ASUS\AI Suite\AiNap\AiNap.exe

C:\Programfiler\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\V0470Mon.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

D:\spill\cs\steam.exe

C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\Programfiler\DAEMON Tools Lite\daemon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Logitech\SetPoint II\SetpointII.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Ai Nap] "C:\Programfiler\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Programfiler\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] C:\Programfiler\ASUS\AI Suite\CpuLevelUpHelp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.09\RivaTuner.exe" /S

O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Kenneth\Mine dokumenter\mu blinder\muBlinder.exe -startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "d:\spill\cs\steam.exe" -silent

O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: SetPointII.lnk = ?

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15102/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F5F29CFD-4A08-4AE0-B216-F48620C01AA8}: NameServer = 192.168.1.1

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 9331 bytes

Combo:

ComboFix 08-08-29.02 - Kenneth 2008-08-30 14:24:12.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1287 [GMT 2:00]

Running from: C:\Documents and Settings\Kenneth\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))

.

2008-08-30 14:01 . 2008-08-30 14:22 <DIR> dr-h----- C:\Documents and Settings\Kenneth\Siste

2008-08-27 17:32 . 2008-08-27 17:32 15,600 --a------ C:\WINDOWS\gdrv.sys

2008-08-25 20:38 . 2008-08-25 20:39 <DIR> d-------- C:\Programfiler\RivaTuner v2.09

2008-08-25 20:18 . 2008-08-25 20:18 <DIR> d-------- C:\WINDOWS\nview

2008-08-25 20:18 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-08-25 20:18 . 2008-08-30 06:44 186,097 --a------ C:\WINDOWS\system32\nvapps.xml

2008-08-25 20:18 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-08-25 20:11 . 2008-06-16 16:34 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-08-25 19:25 . 2008-08-25 19:26 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy

2008-08-25 19:25 . 2008-08-25 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-08-14 13:39 . 2008-05-01 16:38 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-14 13:38 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-07-25 16:17 . 2008-07-25 16:17 <DIR> d-------- C:\Programfiler\iTunes

2008-07-25 16:17 . 2008-07-25 16:17 <DIR> d-------- C:\Programfiler\iPod

2008-07-25 16:17 . 2008-07-25 16:17 <DIR> d-------- C:\Programfiler\Bonjour

2008-07-25 16:16 . 2008-07-25 16:16 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-07-11 16:49 . 2008-07-11 16:50 <DIR> d-------- C:\Programfiler\QuickTime

2008-07-11 16:49 . 2008-07-25 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-07-07 22:29 . 2008-07-07 22:29 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-29 16:11 --------- d-----w C:\Documents and Settings\Kenneth\Programdata\OpenOffice.org2

2008-08-26 17:10 --------- d-----w C:\Programfiler\SUPERAntiSpyware

2008-08-25 18:37 --------- d-----w C:\Programfiler\RivaTuner v2.06

2008-08-18 19:29 --------- d-----w C:\Documents and Settings\Kenneth\Programdata\Apple Computer

2008-07-26 16:01 --------- d-----w C:\Programfiler\Java

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-16 07:46 --------- d-----w C:\Programfiler\Creative

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-05-14 01:29 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll

2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 05:12 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-02 00:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll

2008-05-02 00:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll

2008-05-02 00:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll

2008-05-02 00:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll

2008-05-02 00:38 301,656 ----a-w C:\WINDOWS\system32\BtCoreIf.dll

2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe

2008-05-07 19:22 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008050720080508\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:22 15360]

"Steam"="d:\spill\cs\steam.exe" [2008-03-28 16:46 1271032]

"Creative Live! Cam Manager"="C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 11:30 151552]

"DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-26 19:10 1576176]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]

"Ai Nap"="C:\Programfiler\ASUS\AI Suite\AiNap\AiNap.exe" [2007-09-06 12:19 1426432]

"CPU Power Monitor"="C:\Programfiler\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-04 22:33 626176]

"Cpu Level Up help"="C:\Programfiler\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-09-11 11:32 880640]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"V0470Mon.exe"="C:\WINDOWS\V0470Mon.exe" [2007-06-04 02:01 32768]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]

"RivaTunerStartupDaemon"="C:\Programfiler\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 20:25 2707456]

"muBlinder"="C:\Documents and Settings\Kenneth\Mine dokumenter\mu blinder\muBlinder.exe" [2008-03-27 19:29 1406464]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]

"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 09:22 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-28 07:37:22 805392]

SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 07:41 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-08-26 19:10 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Documents and Settings\\Kenneth\\Mine dokumenter\\utorrent\\utorrent.exe"=

"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

R3 VF0470Vid;Live! Cam Notebook (VF0470);C:\WINDOWS\system32\DRIVERS\V0470Vid.sys [2007-05-09 02:00]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Kenneth\Programdata\Mozilla\Firefox\Profiles\rr2jkow6.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://sol.no

FF -: plugin - C:\Programfiler\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-30 14:26:04

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-30 14:27:36

ComboFix-quarantined-files.txt 2008-08-30 12:27:08

Pre-Run: 5,274,968,064 byte ledig

Post-Run: 5,366,697,984 byte ledig

160 --- E O F --- 2008-08-14 13:57:12

SAS

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 08/30/2008 at 02:18 PM

Application Version : 4.20.1046

Core Rules Database Version : 3546

Trace Rules Database Version: 1535

Scan type : Quick Scan

Total Scan Time : 00:15:54

Memory items scanned : 495

Memory threats detected : 0

Registry items scanned : 398

Registry threats detected : 0

File items scanned : 13393

File threats detected : 0

Endret 30. august 2008 av KenBjork

norbat · 30. august 2008

Loggene dine ser rene ut. Ingen tegn på noe malware.

KenBjork · 30. august 2008

Tusen takk, norbat.

Da er jeg bare overfølsom

Ha en fin helg. :fun:

norbat · 30. august 2008

r2d290 · 30. august 2008

Hvis jeg får tilføye noe?

Combofix må avinstalleres.

Gå til Start > Kjør

Skriv følgende i boksen:

combofix /u

PS: legg merke til mellomrommet mellom X og /u

Trykk Enter.

Denne kommandoen vil:

Fjerne følgende:
- ComboFix og dets tilhørende filer og mapper.
  VundoFix backups, hvis de eksisterer.
  Mappen C:\Deckard, hvis den eksisterer
  Mappen C:\OtMoveIt, hvis den eksisterer
[*] Nullstille klokke-instillingene.

[*] Skjule filetternavn hvis det er nødvendig.

[*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

[*] Nullstille systemgjennoprettingspunkter.

Du kan avinstallere HijackThis:

Start HijackThis, velg None of the above, just start the program.

Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert.

SAS bør du beholde, men hvis du ønsker å kvitte deg med det, kan du gjøre det fra legg til/fjern programmer

KenBjork · 30. august 2008

Ok will do, but not now. Drunk

Can i ask why btw? (Tenker på det du sier om combpfiks)

God dag, r2d290. Da har jeg gjort som du nevnt og tatt bort Combofix og HijackThis.

SAS bruker jeg "jevnlig" så den er her.

Takk skal dere ha.

Endret 31. august 2008 av KenBjork

Logg inn

[Cleared] Sjekk av logg fra HJT, Combofix og SAS.

Anbefalte innlegg

KenBjork

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

KenBjork

Lenke til kommentar

norbat

Lenke til kommentar

r2d290

Lenke til kommentar

KenBjork

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Skal man selv avbryte sykemelding om man blir bedre under sykemelding? Selv om arbeidsgiver er grunnen 1 2 3

Feil politikk å sende penger til Ukraina 1 2 3 4 5

Hvem er aktive 0 medlemmer