[Løst]sjekke combofix log

[PHP_Yoghurt]

Klikk for å se/fjerne spoilerteksten nedenfor

ComboFix 08-11-07.01 - Eier 2008-11-08 14:45:17.1 - NTFSx86

 

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1103 [GMT 1:00]

 

Running from: k:\documents and settings\Eier\Skrivebord\ComboFix.exe

 

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

.

 

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

 

 

C:\install.exe

 

 

 

.

 

((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))

 

.

 

 

 

2008-11-08 14:41 . 2008-11-08 14:41 dr-h----- k:\documents and settings\Eier\Siste

 

2008-11-04 14:41 . 2006-06-09 11:04 278,528 --a------ k:\windows\system32\cmdiag.cpl

 

2008-10-29 21:51 . 2006-06-09 11:04 278,528 --a------ k:\windows\system32\cmdiag.new

 

2008-10-29 21:51 . 2005-04-13 11:17 163,840 --a------ k:\windows\system32\cmabout.dll

 

2008-10-29 21:51 . 2006-07-11 11:03 84,608 --a------ k:\windows\system32\drivers\cxbu0wdm.sys

 

2008-10-29 21:51 . 2006-03-20 13:53 61,440 --a------ k:\windows\system32\chksvrn.dll

 

2008-10-29 21:51 . 2001-04-27 09:39 41,926 --a------ k:\windows\system32\ok.bmp

 

2008-10-29 21:51 . 2006-07-04 08:17 10,229 --a------ k:\windows\system32\cmdiag.ini

 

2008-10-29 21:51 . 2006-02-03 10:42 142 --a------ k:\windows\system32\cmabout.ini

 

2008-10-29 21:50 . 2008-10-29 21:50 d-------- k:\programfiler\Buypass

 

2008-10-24 18:40 . 2008-10-24 18:40 d-------- k:\documents and settings\Eier\Programdata\CyberLink

 

2008-10-24 14:01 . 2008-10-15 17:38 337,408 -----c--- k:\windows\system32\dllcache\netapi32.dll

 

2008-10-19 15:24 . 2008-10-19 15:24 18,448 --a------ k:\windows\system32can4d

 

2008-10-15 16:32 . 2008-09-08 11:41 333,824 -----c--- k:\windows\system32\dllcache\srv.sys

 

2008-10-15 16:31 . 2008-08-14 14:27 2,190,976 -----c--- k:\windows\system32\dllcache\ntoskrnl.exe

 

2008-10-15 16:31 . 2008-08-14 14:27 2,147,328 -----c--- k:\windows\system32\dllcache\ntkrnlmp.exe

 

2008-10-15 16:31 . 2008-08-14 14:27 2,067,840 -----c--- k:\windows\system32\dllcache\ntkrnlpa.exe

 

2008-10-15 16:31 . 2008-08-14 14:27 2,025,984 -----c--- k:\windows\system32\dllcache\ntkrpamp.exe

 

2008-10-15 16:31 . 2008-09-15 16:29 1,846,400 -----c--- k:\windows\system32\dllcache\win32k.sys

 

 

 

.

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

2008-11-08 13:44 --------- d---a-w k:\documents and settings\All Users\Programdata\TEMP

 

2008-11-08 13:39 --------- d-----w k:\programfiler\Spyware Doctor

 

2008-11-08 12:25 --------- d-----w k:\documents and settings\Eirik Eidsberget\Programdata\uTorrent

 

2008-11-04 15:03 --------- d-----w k:\documents and settings\Eirik Eidsberget\Programdata\LimeWire

 

2008-11-04 13:40 33,160 ----a-w k:\windows\system32\drivers\INFCACHE.1

 

2008-10-29 15:39 --------- d--h--w k:\programfiler\InstallShield Installation Information

 

2008-10-28 13:29 --------- d-----w k:\programfiler\alaplaya

 

2008-10-24 17:48 --------- d-----w k:\documents and settings\Eier\Programdata\Auslogics

 

2008-09-17 18:46 --------- d-----w k:\programfiler\PowerISO

 

2008-09-17 18:36 --------- d-----w k:\programfiler\Gutterball2_at

 

2008-09-16 18:22 --------- d-----w k:\documents and settings\All Users\Programdata\POP3Profiles

 

2008-09-16 18:20 --------- d-----w k:\programfiler\Ubisoft

 

2008-09-15 15:29 1,846,400 ----a-w k:\windows\system32\win32k.sys

 

2008-09-15 13:15 --------- d-----w k:\programfiler\LimeWire

 

2008-09-14 19:39 --------- d-----w k:\documents and settings\Eier\Programdata\Creative

 

2008-09-13 21:24 --------- d-----w k:\documents and settings\Gjest\Programdata\Creative

 

2008-09-12 18:27 --------- d-----w k:\programfiler\Audible

 

2008-09-12 13:25 --------- d-----w k:\documents and settings\Eirik Eidsberget\Programdata\Creative

 

2008-09-11 16:01 --------- d-----w k:\documents and settings\Eier\Programdata\Xfire

 

2008-09-11 15:55 --------- d-----w k:\programfiler\GamesCampus

 

2008-09-11 12:47 --------- d-----w k:\documents and settings\All Users\Programdata\Creative

 

2008-09-11 12:34 --------- d-----w k:\programfiler\Creative

 

2008-09-11 12:29 --------- d--h--w k:\programfiler\Creative Installation Information

 

2008-09-11 12:27 --------- d-----w k:\programfiler\Fellesfiler\Creative

 

2008-09-09 12:39 81,288 ----a-w k:\windows\system32\drivers\iksyssec.sys

 

2008-09-09 12:39 66,952 ----a-w k:\windows\system32\drivers\iksysflt.sys

 

2008-09-09 12:39 40,840 ----a-w k:\windows\system32\drivers\ikfilesec.sys

 

2008-09-08 10:41 333,824 ----a-w k:\windows\system32\drivers\srv.sys

 

2008-08-26 08:30 826,368 ----a-w k:\windows\system32\wininet.dll

 

2008-08-14 13:27 2,147,328 ----a-w k:\windows\system32\ntoskrnl.exe

 

2008-08-14 13:27 2,025,984 ----a-w k:\windows\system32\ntkrnlpa.exe

 

2005-06-07 19:58 765,952 ----a-w k:\documents and settings\Eier\CRLDS3D.DLL

 

2008-07-09 21:51 32,768 --sha-w k:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008070920080710\index.dat

 

.

 

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

*Note* empty entries & legit default entries are not shown

 

REGEDIT4

 

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"CTFMON.EXE"="k:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

"swg"="k:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 68856]

 

"RemoteCenter"="k:\programfiler\Creative\MediaSource\RemoteControl\RcMan.exe" [2003-11-21 143360]

 

"RegistryMechanic"="k:\programfiler\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

 

"msnmsgr"="k:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-10-18 5724184]

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"SunJavaUpdateSched"="k:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

 

"OpwareSE2"="k:\programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

 

"Adobe Photo Downloader"="k:\programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

 

"Adobe Reader Speed Launcher"="k:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

 

"CTSysVol"="k:\programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

 

"CTDVDDET"="k:\programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]

 

"SBDrvDet"="k:\programfiler\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]

 

"UpdReg"="k:\windows\UpdReg.EXE" [2000-05-11 90112]

 

"TkBellExe"="k:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-08-06 185896]

 

"CTCheck"="k:\programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]

 

"PWRISOVM.EXE"="k:\programfiler\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]

 

"Snarvei til egenskapsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 k:\windows\system32\HdAShCut.exe]

 

"SoundMan"="SOUNDMAN.EXE" [2006-07-21 k:\windows\SOUNDMAN.EXE]

 

"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 k:\windows\ALCWZRD.EXE]

 

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 k:\windows\KHALMNPR.Exe]

 

"CTHelper"="CTHELPER.EXE" [2006-08-11 k:\windows\CTHELPER.EXE]

 

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 k:\windows\system32\CTXFIHLP.EXE]

 

 

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

 

"CTFMON.EXE"="k:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

 

 

k:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

 

Logitech Desktop Messenger.lnk - k:\programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-28 67128]

 

Logitech SetPoint.lnk - k:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-08-02 805392]

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

 

2008-05-02 01:42 72208 k:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

 

@=""

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

 

"AntiVirusOverride"=dword:00000001

 

 

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

 

"%windir%\\system32\\sessmgr.exe"=

 

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

"k:\\Programfiler\\Messenger\\msmsgs.exe"=

 

"k:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

 

"k:\\Programfiler\\LimeWire\\LimeWire.exe"=

 

"k:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

 

"k:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

 

"k:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

 

"k:\\Programfiler\\uTorrent\\uTorrent.exe"=

 

 

 

R0 DiMaint;Eicon Maintenance Driver;k:\windows\system32\DRIVERS\DISDN\dimaint.sys [2001-08-17 91305]

 

R1 pctfw2;pctfw2;k:\windows\system32\drivers\pctfw2.sys [2008-08-05 160792]

 

R2 DiCapi;Eicon CAPI 2.0-driver;k:\windows\system32\DRIVERS\DISDN\capi20.sys [2001-08-17 164923]

 

R2 PfDetNT;PfDetNT;k:\windows\system32\drivers\PfModNT.sys [2006-08-11 8192]

 

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet-kort;k:\windows\system32\DRIVERS\AN983.sys [2004-08-03 36224]

 

R3 cxbu0wdm;CardMan 3x21;k:\windows\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 84608]

 

S3 DiWan;Eicon-driver for alle DIVA PnP-kort;k:\windows\system32\DRIVERS\DISDN\Diwan.sys [2001-08-17 952007]

 

S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;k:\windows\system32\DRIVERS\sccmusbm.sys [2001-08-17 23936]

 

 

 

*Newly Created Service* - PROCEXP90

 

.

 

Contents of the 'Scheduled Tasks' folder

 

 

 

2008-11-08 k:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

 

- k:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

 

.

 

- - - - ORPHANS REMOVED - - - -

 

 

 

HKCU-RunOnce-Shockwave Updater - k:\windows\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; Creative ZENcast v2.00.13)

 

 

 

 

 

.

 

------- Supplementary Scan -------

 

.

 

FireFox -: Profile - k:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\ryo6gksu.default\

 

.

 

 

 

**************************************************************************

 

 

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

 

Rootkit scan 2008-11-08 14:47:31

 

Windows 5.1.2600 Service Pack 3 NTFS

 

 

 

scanning hidden processes ...

 

 

 

scanning hidden autostart entries ...

 

 

 

scanning hidden files ...

 

 

 

scan completed successfully

 

hidden files: 0

 

 

 

**************************************************************************

 

.

 

Completion time: 2008-11-08 14:48:20

 

ComboFix-quarantined-files.txt 2008-11-08 13:48:11

 

 

 

Pre-Run: 212,618,502,144 byte ledig

 

Post-Run: 214,982,225,920 byte ledig

 

 

 

153 --- E O F --- 2008-10-24 15:09:23

 

 

 

ser det bra ut?

 

hijackthis:

 

Klikk for å se/fjerne spoilerteksten nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:52:14, on 08.11.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

K:\WINDOWS\System32\smss.exe

K:\WINDOWS\system32\winlogon.exe

K:\WINDOWS\system32\services.exe

K:\WINDOWS\system32\lsass.exe

K:\WINDOWS\system32\Ati2evxx.exe

K:\WINDOWS\system32\svchost.exe

K:\WINDOWS\System32\svchost.exe

K:\WINDOWS\system32\svchost.exe

K:\WINDOWS\system32\Ati2evxx.exe

K:\WINDOWS\system32\spoolsv.exe

K:\Programfiler\Bonjour\mDNSResponder.exe

K:\WINDOWS\system32\CTsvcCDA.exe

K:\WINDOWS\system32\svchost.exe

K:\WINDOWS\system32\MsPMSPSv.exe

K:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

K:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

K:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

K:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

K:\Programfiler\PowerISO\PWRISOVM.EXE

K:\WINDOWS\system32\ctfmon.exe

K:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

K:\Programfiler\Creative\MediaSource\RemoteControl\RcMan.exe

K:\Programfiler\Registry Mechanic\RegMech.exe

K:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

K:\Programfiler\Logitech\SetPoint\SetPoint.exe

K:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

K:\WINDOWS\system32\imapi.exe

K:\WINDOWS\explorer.exe

K:\Programfiler\Internet Explorer\IEXPLORE.EXE

K:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

K:\Documents and Settings\Eier\Skrivebord\jklljlj.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - K:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - K:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - k:\programfiler\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - K:\Programfiler\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - K:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - k:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - K:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - K:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "K:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [OpwareSE2] "K:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "K:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "K:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CTSysVol] K:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] K:\Programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [sBDrvDet] K:\Programfiler\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] K:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [TkBellExe] "K:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CTCheck] K:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] K:\Programfiler\PowerISO\PWRISOVM.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] K:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [RemoteCenter] K:\Programfiler\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [RegistryMechanic] K:\Programfiler\Registry Mechanic\RegMech.exe /H

O4 - HKCU\..\Run: [msnmsgr] "K:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-21-507921405-1409082233-682003330-1005\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\ctfmon.exe (User 'Eirik Eidsberget')

O4 - HKUS\S-1-5-21-507921405-1409082233-682003330-1005\..\Run: [CTSyncU.exe] "K:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" (User 'Eirik Eidsberget')

O4 - HKUS\S-1-5-21-507921405-1409082233-682003330-1006\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\ctfmon.exe (User 'Bente Eidsberget')

O4 - HKUS\S-1-5-21-507921405-1409082233-682003330-501\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\ctfmon.exe (User 'Gjest')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] K:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-21-507921405-1409082233-682003330-1005 Startup: Alaplaya Launcher.lnk = K:\Programfiler\alaplaya\launcher\AlaplayaLauncher.exe (User 'Eirik Eidsberget')

O4 - Global Startup: Logitech Desktop Messenger.lnk = K:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = K:\Programfiler\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &Windows Live Search - res://K:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://K:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://K:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://K:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://K:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://K:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Programfiler\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204738684201

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205836033281

O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://asp.photoprintit.de/microsite/18/de...PSUploader4.cab

O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab

O18 - Protocol: alaplaya - {60E6FD61-FA26-4706-BF07-C55B3A49E66C} - K:\WINDOWS\system32\alading.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - K:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - K:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - K:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - K:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - K:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - K:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - K:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - K:\Programfiler\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - K:\Programfiler\Spyware Doctor\pctsSvc.exe

 

--

End of file - 10797 bytes

[/spoilrt]

Endret 8. november 2008 av PHP_Yoghurt

[raWrz]

seeeeer greit ut men vent på noen andre som hvet hundre ganger mer enn meg

[PHP_Yoghurt]

seeeeer greit ut men vent på noen andre som hvet hundre ganger mer enn meg

[norbat]

Ser greit ut. Var det bare en sjekk elle har du mistanke om noe?

[PHP_Yoghurt]

Ser greit ut. Var det bare en sjekk elle har du mistanke om noe?

 

 

Pappa, sin data.

Han får vist trojanere slike "backdoor" greier ofte

 

Det er SpyWareDoctor som han bruker, som merker dem.

[snippsat]

Det er SpyWareDoctor som han bruker, som merker dem

Ja det kan være falsk posetiv fra spywaredoctor.

Finner SpyWareDoctor noe fjerner den det eller så gir den plassering som du må poste.(logg)

Så tar vi en vurdering av det

 

Det er omtrent helt sikkerhet at at det ikke er trojaner nå.

Dette ville combofix loggen avslørt.

Det er kraftig verktøy og når norbat har sett over loggen er du ren.

 

Ettsom combofix slettet noe,gjør du dette.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Surf trygt.

Endret 9. november 2008 av SNIPPSAT

[PHP_Yoghurt]

Når vi kjørte combofix på pc'en hans, så sa spywaredoctor at combofix var en farlig trojaner

Så avsluttet vi spywaredoctor så fungerte det..

Endret 9. november 2008 av PHP_Yoghurt