Kan noen lese loggene mine?

hegefrem · 1. januar 2009

Hei. Noen som kan tyde dette for meg?

Malwarebytes' Anti-Malware 1.31

Databaseversjon: 1589

Windows 5.1.2600 Service Pack 3

01.01.2009 15:13:07

mbam-log-2009-01-01 (15-13-07).txt

Skanntype: Rask Skann

Objekter skannet: 57695

Tid tilbakelagt: 4 minute(s), 21 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 1

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

ComboFix 08-12-31.01 - Hege 2009-01-01 15:20:49.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1022.572 [GMT 1:00]

Kjører fra: c:\documents and settings\Hege\Lokale innstillinger\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

E:\Autorun.inf

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-01 til 2009-01-01 )))))))))))))))))))))))))))))))))

.

2009-01-01 15:07 . 2009-01-01 15:07 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2009-01-01 15:07 . 2009-01-01 15:07 <DIR> d-------- c:\documents and settings\Hege\Programdata\Malwarebytes

2009-01-01 15:07 . 2009-01-01 15:07 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-01-01 15:07 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-01 15:07 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-31 19:24 . 2008-12-31 19:24 <DIR> d-------- c:\programfiler\Vista Start Menu

2008-12-31 19:24 . 2008-12-31 19:44 <DIR> d-------- c:\documents and settings\Hege\Programdata\Vista Start Menu

2008-12-30 15:45 . 2008-12-30 20:18 <DIR> d-------- c:\documents and settings\Hege\.housecall6.6

2008-12-21 22:20 . 2008-12-30 18:49 <DIR> d-------- c:\programfiler\Unlocker

2008-12-18 17:29 . 2008-12-18 17:29 <DIR> d-------- c:\programfiler\Bonjour

2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe

2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll

2008-12-11 00:21 . 2008-12-31 19:31 <DIR> d-------- c:\programfiler\SPAMfighter

2008-12-11 00:21 . 2008-12-11 00:21 <DIR> d-------- c:\documents and settings\Hege\Programdata\SPAMfighter

2008-12-10 19:50 . 2008-12-10 19:52 1,393 --a------ c:\windows\imsins.BAK

2008-12-10 18:36 . 2008-10-03 11:04 247,326 --------- c:\windows\system32\dllcache\strmdll.dll

2008-12-07 12:09 . 2008-12-29 15:25 <DIR> d-------- c:\programfiler\DVD Shrink

2008-12-07 12:09 . 2008-12-29 17:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\DVD Shrink

2008-12-06 22:57 . 2009-01-01 15:01 <DIR> dr-h----- c:\documents and settings\Hege\Siste

2008-12-01 15:16 . 2008-12-20 19:00 261 --a------ c:\windows\mp3merger.ini

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-01 14:28 --------- d-----w c:\documents and settings\All Users\Programdata\Kaspersky Lab

2009-01-01 14:26 540,704 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-01-01 14:26 4,523,040 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-01-01 14:26 38,512 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-01-01 14:26 3,976 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-01-01 14:13 --------- d-----w c:\documents and settings\Hege\Programdata\uTorrent

2008-12-25 21:30 --------- d-----w c:\programfiler\CCleaner

2008-12-19 18:13 --------- d-----w c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy

2008-12-19 18:12 --------- d-----w c:\programfiler\Spybot - Search & Destroy

2008-12-19 18:05 --------- d-----w c:\programfiler\Opera

2008-12-10 18:53 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help

2008-12-03 18:52 --------- d-----w c:\programfiler\Java

2008-11-27 18:01 --------- d-----w c:\documents and settings\Hege\Programdata\U3

2008-11-24 11:35 --------- d-----w c:\programfiler\iTunes

2008-11-24 11:35 --------- d-----w c:\programfiler\iPod

2008-11-24 11:35 --------- d-----w c:\programfiler\Fellesfiler\Apple

2008-11-24 11:35 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-24 11:33 --------- d-----w c:\programfiler\QuickTime

2008-11-23 15:28 --------- d-----w c:\programfiler\Creative

2008-11-20 08:47 --------- d-----w c:\programfiler\Microsoft CAPICOM 2.1.0.2

2008-11-13 14:43 --------- d-----w c:\programfiler\Yahoo!

2008-11-08 17:33 --------- d-----w c:\documents and settings\Hege\Programdata\Creative

2008-11-08 17:32 --------- d-----w c:\documents and settings\All Users\Programdata\Creative

2008-11-08 17:31 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-11-08 17:31 --------- d-----w c:\programfiler\Audible

2008-11-04 16:30 --------- d-----w c:\documents and settings\Hege\Programdata\NeroDCTemplates

2008-11-02 17:44 --------- d-----w c:\programfiler\HPQ

2008-11-02 17:44 --------- d-----w c:\programfiler\Fellesfiler\LightScribe

2008-11-02 17:44 --------- d-----w c:\documents and settings\All Users\Programdata\LightScribe

2008-11-02 16:13 --------- d-----w c:\programfiler\MediaMonkey

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"VistaStartMenu"="c:\programfiler\Vista Start Menu\VistaStartMenu.exe" [2008-10-08 2145792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="c:\programfiler\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"ALUAlert"=c:\programfiler\Symantec\LiveUpdate\ALUNOTIFY.EXE

"SynTPStart"=c:\programfiler\Synaptics\SynTP\SynTPStart.exe

"hpWirelessAssistant"=c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

"RecGuard"=c:\windows\SMINST\RecGuard.exe

"Cpqset"=c:\programfiler\HPQ\Default Settings\cpqset.exe

"eabconfg.cpl"=c:\programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

"QPService"="c:\programfiler\HP\QuickPlay\QPService.exe"

"ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

"SynTPEnh"=c:\programfiler\Synaptics\SynTP\SynTPEnh.exe

"HP Software Update"=c:\programfiler\Hp\HP Software Update\HPWuSchd2.exe

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe"

"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe"

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" -atboottime

"GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

"NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

"NeroFilterCheck"=c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"SPAMfighter Agent"="c:\programfiler\SPAMfighter\SFAgent.exe" update delay 60

"UnlockerAssistant"="c:\programfiler\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-10-19 32000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554770fb-9bc3-11dd-aed9-0014a5b3193b}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.hotmail.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

IE: Add to Banner Ad Blocker - c:\programfiler\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-01 15:28:35

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â

NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]

@Owner=S-1-5-21-2920605498-2806739091-4197362332-1006

"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â

NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]

@Security="Inherited"

"*"=dword:00000004

[HKEY_USERS\S-1-5-21-2920605498-2806739091-4197362332-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â

NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]

@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)

@Owner=S-1-5-21-2920605498-2806739091-4197362332-1006

@Allowed: (Full) (S-1-5-21-2920605498-2806739091-4197362332-1006)

@Allowed: (Full) (LocalSystem)

@Allowed: (Full) (Administrators)

@Allowed: (Read) (S-1-5-12)

"*"=dword:00000004

[HKEY_USERS\S-1-5-21-2920605498-2806739091-4197362332-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â

NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]

@Security="Inherited"

"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â

NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]

@Owner=S-1-5-21-2920605498-2806739091-4197362332-1006

"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â

NULL*¬ r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]

@Security="Inherited"

"*"=dword:00000004

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(1332)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3812)

c:\programfiler\Vista Start Menu\VistaStartMenu.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\programfiler\Bonjour\mDNSResponder.exe

c:\programfiler\Java\jre6\bin\jqs.exe

c:\programfiler\Fellesfiler\LightScribe\LSSrvc.exe

c:\programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

c:\programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\imapi.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-01-01 15:31:09 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-01-01 14:30:56

Pre-Run: 52 360 941 568 byte ledig

Post-Run: 54,089,101,312 byte ledig

208 --- E O F --- 2008-12-18 16:31:54

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:34:00, on 01.01.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Vista Start Menu\VistaStartMenu.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Opera\opera.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [AVP] "C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [VistaStartMenu] "C:\Programfiler\Vista Start Menu\VistaStartMenu.exe"

O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1224190828453

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Unknown owner - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe (file missing)

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: Norton Protection Center-tjeneste (NSCService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)

--

End of file - 7720 bytes

norbat · 1. januar 2009

Du har noen rester etter Symantec (Norton), så kjør Norton Removal Tool

Restart pc'n og post ny hjt-logg.

Loggene ser forøvrig greie ut. Ingen malware.

hegefrem · 1. januar 2009

Tusen takk Norbat, superraskt svar som alltid!!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:21:26, on 01.01.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Programfiler\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Vista Start Menu\VistaStartMenu.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe