Kan noen som har peiling se på loggene mine (combofix, hjt)?

[Mr. Ty]

Har en mistanke om at pc-en er litt infisert:

 

Combofix:

 

ComboFix 08-09-05.02 - asdf 2008-09-06 20:54:41.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.442 [GMT 2:00]

Running from: C:\Documents and Settings\asdf\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))

.

 

2008-09-06 13:55 . 2008-09-06 13:55 <DIR> d-------- C:\WINDOWS\LastGood

2008-09-05 23:13 . 2008-09-05 23:13 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-09-05 23:13 . 2008-09-05 23:13 <DIR> d-------- C:\Documents and Settings\asdf\Programdata\SUPERAntiSpyware.com

2008-09-05 23:13 . 2008-09-05 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-09-05 22:58 . 2003-08-25 18:06 115,808 --a------ C:\WINDOWS\system32\iuctl.dll

2008-09-05 22:58 . 2003-08-25 18:14 7,781 --a------ C:\WINDOWS\system32\iuctl.cat

2008-09-05 22:58 . 2003-08-25 18:12 1,096 --a------ C:\WINDOWS\system32\iuctl.inf

2008-09-05 22:18 . 2008-09-05 22:18 <DIR> d-------- C:\Programfiler\TMXCorp

2008-09-05 16:41 . 2004-08-03 22:32 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime

2008-09-05 16:40 . 2001-10-09 14:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll

2008-09-05 16:39 . 2001-10-09 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-09-05 16:38 . 2004-08-04 01:03 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll

2008-09-05 16:36 . 2008-09-05 16:36 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-09-05 16:36 . 2008-09-05 16:36 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-09-05 16:36 . 2008-09-05 16:36 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-09-05 16:36 . 2008-09-05 16:36 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest

2008-09-05 16:36 . 2008-09-05 16:36 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2008-09-05 16:36 . 2008-09-05 16:36 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-09-05 14:48 . 2001-10-09 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe

2008-09-05 14:47 . 2004-08-04 01:03 501,248 --a--c--- C:\WINDOWS\system32\dllcache\clbcatq.dll

2008-09-05 14:47 . 2004-08-04 01:03 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll

2008-09-05 14:04 . 2004-08-04 01:54 1,086,058 -ra------ C:\WINDOWS\SETD5.tmp

2008-09-05 14:04 . 2004-08-04 02:01 1,014,193 -ra------ C:\WINDOWS\SETD2.tmp

2008-09-05 14:04 . 2004-08-04 01:54 14,043 -ra------ C:\WINDOWS\SETE1.tmp

2008-09-05 11:24 . 2008-09-05 15:02 10,752 --a------ C:\WINDOWS\DCEBoot.exe

2008-08-11 21:41 . 2008-08-11 21:41 170,868,003 --a------ C:\t3ik.7

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-06 18:59 --------- d-----w C:\Documents and Settings\asdf\Programdata\uTorrent

2008-09-06 11:54 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll

2008-09-06 11:54 722,472 ----a-w C:\WINDOWS\system32\kdfmgr.exe

2008-09-06 11:54 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll

2008-09-06 11:54 192,512 ----a-w C:\WINDOWS\system32\kdfvmgr.exe

2008-09-05 21:13 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-09-05 19:26 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLdu.DAT

2008-08-31 20:18 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-08-29 20:44 --------- d-----w C:\Programfiler\Fellesfiler\Nikon

2008-08-29 20:43 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL

2008-08-21 11:34 --------- d-----w C:\Programfiler\Opera

2008-08-15 10:54 --------- d-----w C:\Programfiler\PPMate

2008-08-14 14:09 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-08-04 14:05 --------- d-----w C:\Programfiler\MSXML 4.0

2008-08-03 21:18 --------- d-----w C:\Documents and Settings\asdf\Programdata\ArcSoft

2008-08-03 21:00 --------- d-----w C:\Documents and Settings\asdf\Programdata\Nikon

2008-08-03 20:54 --------- d-----w C:\Programfiler\Nikon

2008-08-03 20:54 --------- d-----w C:\Programfiler\Fellesfiler\muvee Technologies

2008-08-03 20:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nikon

2008-08-03 20:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\Ultima_T15

2008-08-03 20:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\EnterNHelp

2008-08-03 20:52 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-08-03 20:51 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-08-03 20:51 --------- d-----w C:\Programfiler\ArcSoft

2008-08-02 22:18 --------- d-----w C:\Programfiler\Java

2008-08-01 20:39 --------- d-----w C:\Documents and Settings\Gjest\Programdata\Publish Providers

2008-08-01 20:39 --------- d-----w C:\Documents and Settings\Gjest\Programdata\DivX

2008-08-01 20:38 --------- d-----w C:\Documents and Settings\Gjest\Programdata\Sony

2008-07-31 23:14 --------- d-----w C:\Programfiler\Nokia

2008-07-31 23:12 --------- d-----w C:\Programfiler\Nokia PC Suite 6

2008-07-29 11:21 --------- d-----w C:\Programfiler\Last.fm

2008-07-26 11:39 --------- d-----w C:\Documents and Settings\Gjest\Programdata\ATI

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys

2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys

2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys

2008-07-17 16:32 --------- d-----w C:\Programfiler\ImTOO

2008-07-11 23:17 --------- d-----w C:\Documents and Settings\asdf\Programdata\DivX

2008-07-11 17:59 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-07-09 21:46 --------- d-----w C:\Programfiler\DivX

2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-06-11 00:07 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll

2008-06-11 00:07 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe

2008-06-11 00:07 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe

2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll

2007-02-21 10:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll

2007-12-17 12:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"Active Desktop Calendar"="C:\Programfiler\XemiComputers\Active Desktop Calendar\ADC.exe" [2008-02-14 3723264]

"Gadu-Gadu"="C:\Programfiler\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

"Google Update"="C:\Documents and Settings\asdf\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 110592]

"Wireless Console 2"="C:\Programfiler\Wireless Console 2\wcourier.exe" [2005-10-17 987136]

"ASUS Live Update"="C:\Programfiler\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]

"D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]

"ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]

"ATKMEDIA"="C:\Programfiler\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]

"ACU"="C:\Programfiler\Atheros\ACU.exe" [2007-10-23 376921]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-10-10 36352]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"UfSeAgnt.exe"="C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]

"Power_Gear"="C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 413696]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 267048]

"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-03-21 544768]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-04-26 185896]

"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 C:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]

 

C:\Documents and Settings\asdf\Start-meny\Programmer\Oppstart\

CCC.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BlueSoleil.lnk - C:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-09 1167360]

Nikon Monitor.lnk - C:\Programfiler\Fellesfiler\Nikon\Monitor\NkMonitor.exe [2008-04-10 479232]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.yv12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"C:\\Programfiler\\aMSN\\bin\\wish.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"=

 

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 24576]

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 16269]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 30208]

R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 27520]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-06 1260672]

R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]

S3 SinoTPM;Driver For SINOSUN Trusted Platform Module;C:\WINDOWS\system32\DRIVERS\SinoTpm.sys [2006-06-12 34048]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{922c9018-ed5e-11dc-b982-001b11be7f30}]

\Shell\AutoRun\command - G:\setupSNK.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\asdf\Programdata\Mozilla\Firefox\Profiles\e5b68wkt.default\

FF -: plugin - C:\Documents and Settings\asdf\Lokale innstillinger\Programdata\Google\Update\1.2.131.11\npGoogleOneClick5.dll

FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Programfiler\Opera\program\plugins\npdivx32.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-06 20:59:08

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Programfiler\XemiComputers\Active Desktop Calendar\MouseHook.dll

.

Completion time: 2008-09-06 21:01:02

ComboFix-quarantined-files.txt 2008-09-06 19:00:50

ComboFix2.txt 2008-04-13 15:09:18

 

Pre-Run: 28,236,910,592 byte ledig

Post-Run: 30,117,191,680 byte ledig

 

207 --- E O F --- 2008-08-14 14:09:53

 

 

HJT:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:05:49, on 06.09.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\StkCSrv.exe

C:\Programfiler\Trend Micro\BM\TMBMSRV.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe

C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Programfiler\ASUS\ATK Media\DMEDIA.EXE

C:\Programfiler\Winamp\winampa.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\sm56hlpr.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\XemiComputers\Active Desktop Calendar\ADC.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Documents and Settings\asdf\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Programfiler\Fellesfiler\Nikon\Monitor\NkMonitor.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe

C:\Programfiler\Trend Micro\TrendSecure\TSCFCommander.exe

C:\Programfiler\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe

C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe

C:\Programfiler\Opera\opera.exe

C:\Programfiler\uTorrent\uTorrent.exe

C:\Programfiler\aMSN\bin\wish.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\asdf\Skrivebord\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [Wireless Console 2] C:\Programfiler\Wireless Console 2\wcourier.exe

O4 - HKLM\..\Run: [ASUS Live Update] C:\Programfiler\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Programfiler\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [ACU] C:\Programfiler\Atheros\ACU.exe -nogui

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [Power_Gear] C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programfiler\XemiComputers\Active Desktop Calendar\ADC.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programfiler\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\asdf\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: CCC.lnk = ?

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: Nikon Monitor.lnk = C:\Programfiler\Fellesfiler\Nikon\Monitor\NkMonitor.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1220630631826

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205095031109

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Atheros konfigurasjonstjeneste (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Unknown owner - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programfiler\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)

 

--

End of file - 10962 bytes

 

 

[norbat]

Gå til nettstedet http://virusscan.jotti.org/ og last opp følgende fil for sjekk:

C:\WINDOWS\DCEBoot.exe

 

Gi tilbakemelding om det ble funnet noe på fila.

[Mr. Ty]

Fant ingenting.

[norbat]

Da lar vi den være.

 

Du kan bruke utforsker til å finne og slett følgende filer:

C:\WINDOWS\SETD5.tmp

C:\WINDOWS\SETD2.tmp

C:\WINDOWS\SETE1.tmp

 

Kan ikke se noe knyttet til malware i loggnee dine. Hva er det som gjør at du mistenker malware?

[Mr. Ty]

Hm, vet ikke helt hvordan malware funker og hva det gjør, men har i hvert fall problem med at det ikke kommer lyd fra noen av nettleserene mine, windows update funker ikke og litt andre ting (lagde en tråd om problemene her). Tenkte kanskje det var noe virusgreier som gjorde dette ...