Kan noen hjelpe med med HIJACKLog fra min PC?

[steinage]

Kan noen hjelpe meg med å tolke denne her : (har "flust" av feilmeldinger med svchost.exe)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:48:20, on 15.10.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\WINDOWS\P1370Mon.exe

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TomTom HOME\TomTomHOME.exe

D:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Creative\Shared Files\CamTray.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe

C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe

C:\Program Files\Mamut Teamwork\Mamut Teamwork\Mamut Teamwork.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE

D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nelfo.no/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nelfo.no/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [AirCardEnabler] "C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [P1370Mon.exe] C:\WINDOWS\P1370Mon.exe

O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

O4 - HKLM\..\Run: [PrnSys Executable] D:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Mamut Teamwork.lnk = ?

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe

O4 - Global Startup: Phone Connection Monitor.lnk = ?

O8 - Extra context menu item: &Konverter koblingsmål til Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1105\nb-no\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Konverter koblingsmål til eksisterende PDF-fil - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konverter til eksisterende PDF-fil - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konverter valgte koblinger til Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konverter valgte koblinger til eksisterende PDF-fil - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Konverterer utvalg til Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konverterer utvalg til eksisterende PDF-fil - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://login.nho.no

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 14840 bytes

[norbat]

Prøv følgende:

 

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Kjør også noen runder med 'Saker' 'Register', til det ikke finner flere feil.

 

 

Hent deretter Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

 

Post loggfilen fra combofix (vanligvis c:\combofix.txt)

Endret 17. oktober 2007 av norbat

[steinage]

Kjør noen runder med "saker" oppfattet jeg ikke hva var....

sikkert noe i CCleaner... men hva ?

 

Takker for hjelp så langt.... fant mye som ble slettet med Ccleaner.

Endret 17. oktober 2007 av steinage

[norbat]

Sorry, i den nye versjonen heter det 'Register'.

[steinage]

Sorry, i den nye versjonen heter det 'Register'.

Da skal jeg vel rette feilene også da....

 

Kjørte combofix... her er loggen :

 

ComboFix 07-10-17.8 - SAG 2007-10-17 21:51:59.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.403 [GMT 2:00]

Running from: C:\Documents and Settings\SAG\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\SAG\err.log

C:\WINDOWS\system32\cfx32.ocx

C:\WINDOWS\system32\odyEvent.dll

 

.

((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))

.

 

2007-10-17 21:50 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-17 21:24 <DIR> d-------- C:\Program Files\CCleaner

2007-10-17 19:59 <DIR> d-------- C:\Program Files\MSN Messenger

2007-10-17 19:41 <DIR> d-------- C:\Program Files\SpywareBlaster

2007-10-15 22:31 <DIR> d-------- C:\Program Files\RegistryFix

2007-10-15 18:33 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\OkiData

2007-10-08 19:43 <DIR> d-------- C:\Documents and Settings\SAG\Application Data\Ahead

2007-10-08 19:11 <DIR> d-------- C:\Documents and Settings\SAG\Application Data\Download Manager

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-17 19:50 --------- d-----w C:\Documents and Settings\SAG\Application Data\Skype

2007-10-17 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-10-17 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2007-10-15 19:59 --------- d-----w C:\Program Files\Microsoft ActiveSync

2007-10-15 17:49 --------- d-----w C:\Program Files\Mamut

2007-10-08 14:31 --------- d-----w C:\Documents and Settings\SAG\Application Data\AdobeUM

2007-09-06 17:02 --------- d-----w C:\Program Files\ELKOmatic

2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-09-03 09:30 --------- d-----w C:\Program Files\Common Files\Skype

2007-08-21 06:03 --------- d-----w C:\Program Files\Java

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 16:21]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-22 17:34]

"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 10:37 C:\WINDOWS\RTHDCPL.EXE]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-03 02:15]

"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-06-08 10:20]

"IndicatorUtility"="C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-08-09 11:53]

"LoadFujitsuQuickTouch"="C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe" [2005-03-24 15:44]

"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-03-24 15:41]

"AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 15:58 C:\WINDOWS\AGRSMMSG.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"OdTray.exe"="C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 16:14]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

"AirCardEnabler"="C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe" [2006-01-20 15:24]

"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 C:\WINDOWS\KHALMNPR.Exe]

"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20:44]

"P1370Mon.exe"="C:\WINDOWS\P1370Mon.exe" [2006-06-20 02:00]

"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52]

"PrnSys Executable"="D:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe" [2004-05-28 22:47]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-25 21:54]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 12:04]

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 12:00]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 19:55]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45]

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 18:00]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

 

C:\Documents and Settings\SAG\Start Menu\Programs\Startup\

Mamut Teamwork.lnk - C:\Documents and Settings\SAG\Application Data\Microsoft\Installer\{B1A0C792-C497-44AD-8030-A46A9D4A2792}\_26e91eb.exe [2006-05-23 09:56:05]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1044-F000-7760-000000000002}\SC_Acrobat.exe [2006-05-12 09:18:13]

 

R0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys

R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys

R2 SSIPDDP;SSIPDDP Parallel port device driver;\??\C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS

R3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys

R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys

R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys

S3 ACGPRS;Sierra Wireless 3G Adapter;C:\WINDOWS\system32\DRIVERS\acgprs.sys

S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys

S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys

S3 P1370Aud;Creative WebCam Audio Control;\??\C:\WINDOWS\system32\Drivers\P1370Aud.sys

S3 P1370Aul;PD1370 Lower Filter Driver;\??\C:\WINDOWS\system32\Drivers\P1370Aul.sys

S3 P1370Vfx;P1370Vfx;C:\WINDOWS\system32\DRIVERS\P1370Vfx.sys

S3 P1370VID;Live! Cam Voice;C:\WINDOWS\system32\DRIVERS\P1370Vid.sys

S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys

S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

 

.

Contents of the 'Scheduled Tasks' folder

"2007-10-10 20:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-17 21:56:20

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-10-17 21:59:22 - machine was rebooted

.

--- E O F ---

[steinage]

Her er ny LOG fra combofix.... : (Hva forteller denne ?)

ComboFix 07-10-17.8 - SAG 2007-10-17 22:11:21.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.410 [GMT 2:00]

Running from: C:\Documents and Settings\SAG\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))

.

 

2007-10-17 21:50 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-17 21:24 <DIR> d-------- C:\Program Files\CCleaner

2007-10-17 19:59 <DIR> d-------- C:\Program Files\MSN Messenger

2007-10-17 19:41 <DIR> d-------- C:\Program Files\SpywareBlaster

2007-10-15 22:31 <DIR> d-------- C:\Program Files\RegistryFix

2007-10-15 18:33 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\OkiData

2007-10-08 19:43 <DIR> d-------- C:\Documents and Settings\SAG\Application Data\Ahead

2007-10-08 19:11 <DIR> d-------- C:\Documents and Settings\SAG\Application Data\Download Manager

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-17 20:12 --------- d-----w C:\Documents and Settings\SAG\Application Data\Skype

2007-10-17 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-10-17 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2007-10-15 19:59 --------- d-----w C:\Program Files\Microsoft ActiveSync

2007-10-15 17:49 --------- d-----w C:\Program Files\Mamut

2007-10-08 14:31 --------- d-----w C:\Documents and Settings\SAG\Application Data\AdobeUM

2007-09-06 17:02 --------- d-----w C:\Program Files\ELKOmatic

2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-09-03 09:30 --------- d-----w C:\Program Files\Common Files\Skype

2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll

2007-08-21 06:03 --------- d-----w C:\Program Files\Java

2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll

2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll

2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-08-20 10:04 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll

2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll

2007-08-20 10:04 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll

2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-08-17 10:21 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-08-17 10:20 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll

2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 16:21]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-22 17:34]

"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 10:37 C:\WINDOWS\RTHDCPL.EXE]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-03 02:15]

"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-06-08 10:20]

"IndicatorUtility"="C:\AddOn\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-08-09 11:53]

"LoadFujitsuQuickTouch"="C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe" [2005-03-24 15:44]

"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-03-24 15:41]

"AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 15:58 C:\WINDOWS\AGRSMMSG.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"OdTray.exe"="C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 16:14]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

"AirCardEnabler"="C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe" [2006-01-20 15:24]

"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 C:\WINDOWS\KHALMNPR.Exe]

"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20:44]

"P1370Mon.exe"="C:\WINDOWS\P1370Mon.exe" [2006-06-20 02:00]

"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52]

"PrnSys Executable"="D:\Program Files\HP\Digital Imaging\HP Print Screen\PrnSys.exe" [2004-05-28 22:47]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-25 21:54]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 12:04]

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 12:00]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 19:55]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45]

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 18:00]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

 

C:\Documents and Settings\SAG\Start Menu\Programs\Startup\

Mamut Teamwork.lnk - C:\Documents and Settings\SAG\Application Data\Microsoft\Installer\{B1A0C792-C497-44AD-8030-A46A9D4A2792}\_26e91eb.exe [2006-05-23 09:56:05]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1044-F000-7760-000000000002}\SC_Acrobat.exe [2006-05-12 09:18:13]

 

R0 esff;esff;C:\WINDOWS\system32\drivers\esff.sys

R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys

R2 SSIPDDP;SSIPDDP Parallel port device driver;\??\C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS

R3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys

R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys

R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys

S3 ACGPRS;Sierra Wireless 3G Adapter;C:\WINDOWS\system32\DRIVERS\acgprs.sys

S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys

S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys

S3 P1370Aud;Creative WebCam Audio Control;\??\C:\WINDOWS\system32\Drivers\P1370Aud.sys

S3 P1370Aul;PD1370 Lower Filter Driver;\??\C:\WINDOWS\system32\Drivers\P1370Aul.sys

S3 P1370Vfx;P1370Vfx;C:\WINDOWS\system32\DRIVERS\P1370Vfx.sys

S3 P1370VID;Live! Cam Voice;C:\WINDOWS\system32\DRIVERS\P1370Vid.sys

S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys

S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

 

.

Contents of the 'Scheduled Tasks' folder

"2007-10-10 20:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-17 22:13:04

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-10-17 22:13:41

C:\ComboFix2.txt ... 2007-10-17 21:59

.

--- E O F ---

[norbat]

Loggen ser grei ut.

 

Plages du fortsatt med svchost?

[steinage]

NEI

NÅ er PC-en stabil... ingen feilmeldinger.... t.o.m. de feilene som kom med Generic host process Win32 services er blitt borte...

 

Tror du at problemene er løst nå ???

 

I så fall takker og bukker jeg så mye... Ha en fin kveld videre

[norbat]

Det hjelper å rydde litt , men om dette er nok til å gjøre PC-en stabil over tid er usikkert. Du får rope ut hvis problemene begynner igjen.

[steinage]

TAKK.....for det....

 

Kan noe av disse meldingene over her komme av NOEN direktemeldinger på MSN fra min datter ? (Legger ved en slik melding) MSN til henne "øste" ut slike meldinger.....

 

Vil denne prosessen som jeg har gjort her, rette opp feilene som ligger på min datter's PC også ??

 

Igjen takknemlig for gode svar.......

[norbat]

Hvis din datters msn pøser ut de meldingen du nevner, har hun fått en orm som du kan fjerne ved å gjøre følgende:

 

Last ned, pakk ut og kjør: MSNFix

 

Deretter kjører du en runde med Combofix og poster loggen den lager.

[steinage]

Ny dag nye muligheter sies det.........!! Ny dag ble bare en fortsettelse av de samme feilmeldingene som nevnt over... (svchost.exe)

HVA NÅ..... noen som har gode råd..??

[norbat]

Ja, hadde en liten mistanke om at det bare var et midlertidig opphold...

 

Det er ingen ting som tyder på at du har noen form for infeksjoner (virus, spyware etc.). Vi kan sjekke om det er noen systemfiler som er i ulage:

 

Klikk: Start->Kjør

Skriv: sfc /scannow (mellomrom mellom sfc og / )

Mulig du trenger XP-CD-en.

 

Er det noe spesielt program du bruker når disse svchost meldingen kommer?

Endret 18. oktober 2007 av norbat

[steinage]

Kjørte sfc /scannow uten at noen melding kom..... bare avsluttet når den var ferdig. Ligger det en log en plass ?

 

Svchost.exe meldingene kom med en gang jeg startet PC-en igjen i dag.... stod på i hele natt uten at noen meldinger kom. Avsluttet og reiste på jobb.... og da begynte "moroa" igjen... akkurat som før.

 

Starter som sagt med en gang PC-en starter...og før alle oppgaver er ferdig startet også..... Generic host meldingen kom også.... Den sier noen har sammenheng med HP skriver som jeg har i nettverk hjemme, over D-link trådløs router....

 

Har du noen forslag til videre feilsøking ? Hadde tidligere i år en sånn "reklamevirus" problem... ble villedet til å foreta en installasjon av et program (windows "like" update... av noe slag...kan finne ut hva det het)

 

Kan det være noe som henger igjen etter det ?

[norbat]

De loggene jeg har sett fra deg, tyder ikke på at det ligger noe igjen (av betydning).

 

Du kunne ha sjekket i 'hendelseslisten' om den sier noe om hva som evt. kan forårsake disse feilmeldingene.

 

Kontrollpanel->Administrative verktøy->Hendelsesliste

 

Det kan også være en ide å avinstallere de programmene du ikke bruker.

Videre kan det være greit å sjekke om det finnes oppdaterte drivere til hardwaren (skriver, skjermkort etc.)

 

EDIT: sfc gir sjelden noen melding om den har rettet noe eller ei og det lages ikke noe logg.

Endret 18. oktober 2007 av norbat

[steinage]

HEI igjen....

Driver til HP 7410 all-in-one har jeg forsøkt å oppdatere, men meldingene ble ikke borte.

 

Andre program kan jeg sjekke.... men bruker nok det meste....

 

legger ved skjermbilde fra EventViewer... eller kan de hentes som tekstfil kanskje ?

[norbat]

Hvis du dobbeltklikker på noen av errorene i f.eks. application-lista, så burde det komme litt mer info om hva dette gjelder.

[steinage]

Her er den øverste feilen....

[norbat]

Det sa dessverre ikke meg så mye. Er de andre errorene likelydende?

 

Edit: Vi kunne ha sjekke for rootkit: Last ned Rootchk. Kjør programmet og etter noen strakser, vil det dukke opp en logg. Hvis den forteller at den har funnet noe, post gjerne loggen.

Endret 18. oktober 2007 av norbat

[steinage]

SE her..

 

Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x009f96bc.

 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

teksten i description ser lik på alle de øverste i hvert fall....