[Løst] mine HJT-, combofix- og SAS - logger.

anderso · 6. januar 2008

Hei!

Nå har jeg kjørt igjennom den lange versjonen, og loggene

finner du under:

SAS- LOGG:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 01/06/2008 at 02:05 AM

Application Version :

Core Rules Database Version : 3374

Trace Rules Database Version: 1369

Scan type : Complete Scan

Total Scan Time : 01:31:15

Memory items scanned : 974

Memory threats detected : 0

Registry items scanned : 8624

Registry threats detected : 0

File items scanned : 79086

File threats detected : 2

Adware.Tracking Cookie

C:\Users\Anders\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

Unclassified.Unknown Origin/System

C:\WINDOWS\SYSTEM32\DMKGF.EXE

COMBOFIX LOGG:

ComboFix 08-01-04.1 - Anders 2008-01-06 13:22:10.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.933 [GMT 1:00]

Running from: C:\Users\Anders\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))

.

2008-01-06 15:32 . 2008-01-06 15:32 68,654 --a------ C:\Windows\System32\dmqvj.exe

2008-01-06 13:02 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe

2008-01-06 00:31 . 2008-01-06 00:31 <DIR> d-------- C:\Users\Anders\AppData\Roaming\SUPERAntiSpyware.com

2008-01-06 00:31 . 2008-01-06 00:31 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-01-06 00:31 . 2008-01-06 00:31 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-01-05 15:53 . 2008-01-05 15:53 11 --a------ C:\AuResult.ini

2008-01-04 21:44 . 2008-01-05 15:59 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys

2008-01-04 18:02 . 2008-01-05 16:53 <DIR> d-------- C:\HJT

2008-01-04 12:20 . 2008-01-04 12:20 <DIR> d-------- C:\Users\All Users\Lavasoft

2008-01-04 12:20 . 2008-01-04 12:20 <DIR> d-------- C:\ProgramData\Lavasoft

2008-01-04 12:20 . 2008-01-04 12:20 <DIR> d-------- C:\Program Files\Lavasoft

2008-01-04 11:57 . 2008-01-04 11:57 <DIR> d-------- C:\Users\Anders\AppData\Roaming\PC Tools

2008-01-04 11:57 . 2007-10-18 00:16 79,688 --a------ C:\Windows\System32\drivers\iksyssec.sys

2008-01-04 11:57 . 2007-10-18 00:15 62,280 --a------ C:\Windows\System32\drivers\iksysflt.sys

2008-01-04 11:57 . 2007-10-18 00:14 41,288 --a------ C:\Windows\System32\drivers\ikfilesec.sys

2008-01-04 11:57 . 2007-10-18 00:16 29,000 --a------ C:\Windows\System32\drivers\kcom.sys

2008-01-04 11:56 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll

2008-01-03 09:47 . 2008-01-03 09:47 268 --ah----- C:\sqmdata07.sqm

2008-01-03 09:47 . 2008-01-03 09:47 244 --ah----- C:\sqmnoopt07.sqm

2008-01-02 23:48 . 2008-01-02 23:48 268 --ah----- C:\sqmdata06.sqm

2008-01-02 23:48 . 2008-01-02 23:48 244 --ah----- C:\sqmnoopt06.sqm

2008-01-01 22:45 . 2008-01-01 22:45 <DIR> d-------- C:\Users\Anders\AppData\Roaming\Lavasoft

2007-12-30 00:05 . 2007-12-30 00:05 268 --ah----- C:\sqmdata05.sqm

2007-12-30 00:05 . 2007-12-30 00:05 244 --ah----- C:\sqmnoopt05.sqm

2007-12-29 13:36 . 2007-12-29 13:36 <DIR> d-------- C:\Users\All Users\Minnetonka Audio Software

2007-12-29 13:36 . 2007-12-29 13:36 <DIR> d-------- C:\ProgramData\Minnetonka Audio Software

2007-12-29 13:36 . 2007-12-29 13:36 1,025 --a------ C:\Windows\System32\sysprs7.tgz

2007-12-29 13:36 . 2007-12-29 13:36 1,025 --a------ C:\Windows\System32\sysprs7.dll

2007-12-29 13:36 . 2007-12-29 13:36 1,025 --a------ C:\Windows\System32\clauth2.dll

2007-12-29 13:36 . 2007-12-29 13:36 1,025 --a------ C:\Windows\System32\clauth1.dll

2007-12-29 13:36 . 2008-01-04 22:34 219 --a------ C:\Windows\System32\lsprst7.tgz

2007-12-29 13:36 . 2008-01-04 22:34 205 --a------ C:\Windows\System32\lsprst7.dll

2007-12-29 13:36 . 2008-01-04 22:34 87 --a------ C:\Windows\System32\ssprs.tgz

2007-12-29 13:36 . 2008-01-04 22:34 73 --a------ C:\Windows\System32\ssprs.dll

2007-12-28 16:44 . 2008-01-04 22:36 <DIR> d-------- C:\Users\Anders\Premiere

2007-12-26 02:54 . 2007-12-26 02:54 268 --ah----- C:\sqmdata04.sqm

2007-12-26 02:54 . 2007-12-26 02:54 244 --ah----- C:\sqmnoopt04.sqm

2007-12-26 01:33 . 2007-12-26 01:33 <DIR> d-------- C:\Program Files\Common Files\Control Panels

2007-12-26 01:30 . 2007-12-26 01:30 <DIR> d-------- C:\Users\All Users\ALM

2007-12-26 01:30 . 2007-12-26 01:30 <DIR> d-------- C:\ProgramData\ALM

2007-12-25 19:30 . 2007-03-07 19:54 29,272 --a------ C:\Windows\System32\AdobePDF.dll

2007-12-25 19:16 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll

2007-12-25 19:16 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe

2007-12-25 01:53 . 2007-12-25 01:53 97 --a------ C:\Windows\WirelessFTP.INI

2007-12-24 01:17 . 2007-12-26 01:51 <DIR> d-------- C:\Users\All Users\FLEXnet

2007-12-24 01:17 . 2007-12-26 01:51 <DIR> d-------- C:\ProgramData\FLEXnet

2007-12-24 01:13 . 2007-12-24 01:13 <DIR> d-------- C:\Program Files\Bonjour

2007-12-24 01:06 . 2007-12-24 01:06 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2007-12-23 21:25 . 2007-12-23 21:25 0 --a------ C:\Windows\ToDisc.INI

2007-12-18 10:20 . 2007-12-18 10:20 <DIR> d-------- C:\Program Files\MetodeData

2007-12-18 10:20 . 1996-09-11 15:33 48,640 --a------ C:\Windows\System32\INETWH32.dll

2007-12-18 10:18 . 1996-07-18 13:06 297,472 --a------ C:\Windows\uninst.exe

2007-12-17 17:24 . 2008-01-06 02:11 54,156 --ah----- C:\Windows\QTFont.qfn

2007-12-17 17:24 . 2007-12-17 17:24 1,409 --a------ C:\Windows\QTFont.for

2007-12-17 17:23 . 2007-12-17 17:24 <DIR> d-------- C:\Program Files\iTunes

2007-12-17 17:23 . 2007-12-17 17:23 <DIR> d-------- C:\Program Files\iPod

2007-12-17 17:22 . 2007-12-17 17:22 <DIR> d-------- C:\Program Files\QuickTime

2007-12-15 18:17 . 2007-12-15 18:17 0 --a------ C:\Windows\tosOBEX.INI

2007-12-15 15:10 . 2007-12-15 15:10 0 --a------ C:\Windows\System32\video.avs

2007-12-15 15:08 . 2007-12-15 15:08 <DIR> d-------- C:\Program Files\Acala DVD 3gp Ripper

2007-12-15 15:08 . 2004-01-27 20:50 1,024,000 --a------ C:\Windows\System32\3ivx.dll

2007-12-15 15:08 . 2004-01-27 20:51 290,816 --a------ C:\Windows\System32\3ivxDSDecoder.ax

2007-12-15 14:24 . 2007-12-15 14:24 249,856 --------- C:\Windows\Setup1.exe

2007-12-15 14:24 . 2007-12-15 14:24 73,216 --a------ C:\Windows\ST6UNST.EXE

2007-12-15 00:18 . 2007-12-15 13:54 <DIR> d-------- C:\Program Files\Applied_Insights

2007-12-15 00:18 . 2007-01-02 02:13 323,047 --a------ C:\Windows\System32\aipicx8.hlp

2007-12-15 00:18 . 1996-03-23 15:24 212,480 --a------ C:\Windows\pcdlib32.dll

2007-12-15 00:05 . 2007-12-15 00:13 <DIR> d-------- C:\Users\Anders\AppData\Roaming\NCH Swift Sound

2007-12-15 00:04 . 2007-12-15 00:14 <DIR> d-------- C:\Users\Anders\AppData\Roaming\NCH Software

2007-12-15 00:04 . 2007-12-15 00:06 <DIR> d-------- C:\Users\All Users\NCH Swift Sound

2007-12-15 00:04 . 2007-12-15 00:15 <DIR> d-------- C:\Users\All Users\NCH Software

2007-12-15 00:04 . 2007-12-15 00:06 <DIR> d-------- C:\ProgramData\NCH Swift Sound

2007-12-15 00:04 . 2007-12-15 00:15 <DIR> d-------- C:\ProgramData\NCH Software

2007-12-15 00:04 . 2007-12-15 00:15 <DIR> d-------- C:\Program Files\NCH Swift Sound

2007-12-14 23:57 . 2007-12-15 00:01 <DIR> d-------- C:\Program Files\3D Desktop Recorder

2007-12-14 23:55 . 2007-12-14 23:55 <DIR> d-------- C:\Windows\System32\URTTEMP

2007-12-14 23:30 . 2006-10-17 22:29 487,479 --a------ C:\Windows\System32\SkinMagic.dll

2007-12-14 19:47 . 2008-01-06 13:28 <DIR> d-------- C:\Program Files\Norman

2007-12-14 19:47 . 2007-07-09 10:50 19,000 --a------ C:\Windows\System32\drivers\nvcv32mf.sys

2007-12-14 18:13 . 2007-12-23 21:35 <DIR> d-------- C:\Program Files\DC++

2007-12-12 23:58 . 2007-12-12 23:58 1,327,104 --a------ C:\Windows\System32\quartz.dll

2007-12-12 23:58 . 2007-12-12 23:58 223,232 --a------ C:\Windows\System32\WMASF.DLL

2007-12-12 23:58 . 2007-12-12 23:58 9,728 --a------ C:\Windows\System32\LAPRXY.DLL

2007-12-12 23:58 . 2007-12-12 23:58 2,048 --a------ C:\Windows\System32\asferror.dll

2007-12-12 23:56 . 2007-12-12 23:56 130,048 --a------ C:\Windows\System32\drivers\srv2.sys

2007-12-12 23:56 . 2007-12-12 23:56 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys

2007-12-12 23:56 . 2007-12-12 23:56 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

2007-12-12 23:56 . 2007-12-12 23:56 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys

2007-12-12 23:54 . 2007-12-12 23:55 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe

2007-12-12 23:54 . 2007-12-12 23:54 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe

2007-12-12 23:54 . 2007-12-12 23:54 2,048 --a------ C:\Windows\System32\tzres.dll

2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\Windows\System32\QuickTimeVR.qtx

2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\Windows\System32\QuickTime.qts

2007-12-10 19:08 . 2007-12-10 19:08 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2007-12-06 23:45 . 2007-12-06 23:45 268 --ah----- C:\sqmdata03.sqm

2007-12-06 23:45 . 2007-12-06 23:45 244 --ah----- C:\sqmnoopt03.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-05 23:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-01-04 15:11 --------- d-----w C:\Users\Anders\AppData\Roaming\LimeWire

2008-01-03 08:51 --------- d-----w C:\Program Files\Clue

2007-12-26 00:33 --------- d-----w C:\Program Files\Common Files\Adobe

2007-12-15 13:50 --------- d-----w C:\Users\Anders\AppData\Roaming\dvdcss

2007-12-15 13:00 --------- d-----w C:\Program Files\OpenOffice.org 2.2

2007-12-15 12:59 --------- d-----w C:\Users\Anders\AppData\Roaming\OpenOffice.org2

2007-12-15 12:56 --------- d-----w C:\ProgramData\Symantec

2007-12-15 12:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-12-14 18:58 --------- d-----w C:\Program Files\DAEMON Tools

2007-12-14 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-14 18:33 --------- d-----w C:\Program Files\DAEMON Tools Pro

2007-12-12 22:59 --------- d-----w C:\ProgramData\Microsoft Help

2007-12-12 22:57 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-12-12 22:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-12-12 22:57 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-11-26 22:22 --------- d-----w C:\Users\Anders\AppData\Roaming\Symantec

2007-11-23 07:54 --------- d-----w C:\Users\Anders\AppData\Roaming\Clue

2007-11-22 09:10 --------- d-----w C:\Program Files\MagicISO

2007-11-21 16:57 --------- d-----w C:\Users\Anders\AppData\Roaming\PeerNetworking

2007-11-21 08:07 --------- d-----w C:\Program Files\RCrawler

2007-11-20 21:30 --------- d-----w C:\Users\Anders\AppData\Roaming\DAEMON Tools Pro

2007-11-20 20:44 --------- d-----w C:\Program Files\Mudbox

2007-11-20 19:44 --------- d-----w C:\Program Files\Western Digital Technologies

2007-11-20 17:54 --------- d-----w C:\Users\Anders\AppData\Roaming\DesktopSMS

2007-11-20 15:22 --------- d-----w C:\Program Files\LimeWire

2007-11-20 09:49 --------- d-----w C:\Program Files\Photo Story 3 for Windows

2007-11-20 09:08 --------- d-----w C:\Program Files\IrfanView

2007-11-20 08:54 --------- d-----w C:\Program Files\GanttProject

2007-11-18 02:03 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2007-11-17 02:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2007-11-17 02:05 68,654 ----a-w C:\Windows\System32\dmxar.exe

2007-11-17 02:05 68,654 ----a-w C:\Windows\System32\dmvip.exe

2007-11-17 02:05 68,654 ----a-w C:\Windows\System32\dmmay.exe

2007-11-17 02:05 68,654 ----a-w C:\Windows\System32\dmjlz.exe

2007-11-17 02:05 68,654 ----a-w C:\Windows\System32\dmfsd.exe

2007-11-17 02:05 68,654 ------w C:\Windows\System32\dmkgf.exe

2007-11-17 02:05 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2007-11-17 02:05 542,720 ----a-w C:\Windows\System32\sysmain.dll

2007-11-17 02:05 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2007-11-17 02:05 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2007-11-17 02:05 299,008 ----a-w C:\Windows\System32\wlansec.dll

2007-11-17 02:05 289,280 ----a-w C:\Windows\System32\wlanmsm.dll

2007-11-17 02:05 28,344 ----a-w C:\Windows\system32\drivers\battc.sys

2007-11-17 02:05 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys

2007-11-17 02:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2007-11-17 02:05 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys

2007-11-17 02:05 2,923,520 ----a-w C:\Windows\explorer.exe

2007-11-17 02:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2007-11-17 02:05 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys

2007-11-17 02:03 8,704 ----a-w C:\Windows\System32\hcrstco.dll

2007-11-17 02:03 8,704 ----a-w C:\Windows\System32\hccoin.dll

2007-11-17 02:03 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys

2007-11-17 02:03 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys

2007-11-17 02:03 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys

2007-11-17 02:03 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys

2007-11-17 02:03 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys

2007-11-17 02:03 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys

2007-11-17 02:02 --------- d-----w C:\Program Files\Windows Mail

2007-11-01 20:59 87,040 ----a-w C:\Windows\System32\msoert2.dll

2007-11-01 20:59 39,424 ----a-w C:\Windows\System32\ACCTRES.dll

2007-11-01 20:59 205,824 ----a-w C:\Windows\System32\msoeacct.dll

2007-11-01 20:57 86,016 ----a-w C:\Windows\System32\icfupgd.dll

2007-11-01 20:57 61,952 ----a-w C:\Windows\System32\cmifw.dll

2007-11-01 20:57 396,800 ----a-w C:\Windows\System32\MPSSVC.dll

2007-11-01 20:57 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll

2007-11-01 20:57 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll

2007-11-01 20:57 16,896 ----a-w C:\Windows\System32\wfapigp.dll

2007-11-01 20:56 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2007-11-01 20:56 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2007-11-01 20:56 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2007-11-01 20:56 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2007-11-01 20:56 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2007-11-01 20:56 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2007-11-01 20:56 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2007-11-01 20:53 57,856 ----a-w C:\Windows\System32\SLUINotify.dll

2007-11-01 20:53 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll

2007-11-01 20:53 39,936 ----a-w C:\Windows\System32\slcinst.dll

2007-11-01 20:53 351,232 ----a-w C:\Windows\System32\SLUI.exe

2007-11-01 20:53 33,280 ----a-w C:\Windows\System32\slwmi.dll

2007-11-01 20:53 268,288 ----a-w C:\Windows\System32\mcbuilder.exe

2007-11-01 20:53 223,232 ----a-w C:\Windows\System32\SLC.dll

2007-11-01 20:53 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe

2007-11-01 20:53 186,368 ----a-w C:\Windows\System32\SLLUA.exe

2007-11-01 20:53 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

2007-11-01 20:51 5,120 ----a-w C:\Windows\System32\wmi.dll

2007-11-01 20:51 152,576 ----a-w C:\Windows\System32\imagehlp.dll

2007-10-11 02:06 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2007-10-11 02:06 7,680 ----a-w C:\Windows\System32\spwmp.dll

2007-10-11 02:05 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2007-10-11 02:05 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2007-10-11 02:02 84,480 ----a-w C:\Windows\System32\INETRES.dll

2007-10-11 02:02 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2007-10-11 02:02 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2007-09-02 16:53 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]

"TOSCDSPD"="TOSCDSPD.EXE" []

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

"SUPERAntiSpyware"="C:\Users\Anders\Desktop\SUPERAntiSpyware.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-05 15:21 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 10:14 4444160 C:\Windows\RtHDVCpl.exe]

"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192]

"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]

"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 15:57 509496]

"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 16:32 538744]

"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 17:14 34352]

"HWSetup"="\HWSetup.exe" [ ]

"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 20:42 438272]

"NDSTray.exe"="NDSTray.exe" []

"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 12:48 577536]

"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 13:25 1507328]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 16:40 413696]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-19 15:49 861744]

"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 12:05 571024]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]

"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [ ]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

"Acrobat Assistant 8.0"="E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 22:14 624248]

"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]

"dmfsd.exe"="C:\Windows\system32\dmfsd.exe" [2007-11-17 03:05 68654]

"dmkgf.exe"="C:\Windows\system32\dmkgf.exe" [2007-11-17 03:05 68654]

"dmjlz.exe"="C:\Windows\system32\dmjlz.exe" [2007-11-17 03:05 68654]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Users\Anders\Desktop\SASSEH.DLL [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Users\Anders\Desktop\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 16:25]

R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-27 20:13]

R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]

R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-05-17 20:12]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 18:04]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-16 00:16]

R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2007-07-09 10:50]

R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2007-07-12 11:38]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]

R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-12-25 17:35]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50]

R3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32]

R3 UVCFTR;UVCFTR;C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-03-12 21:47]

S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []

S2 Windows Management Service;Windows Management Service;C:\Windows\system32\dmqvj.exe [2007-11-17 03:05]

S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40]

S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f909b523-9743-11dc-9549-001b381736f8}]

\shell\AutoRun\command - G:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

.

HJT LOGG:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:38, on 2008-01-06

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Ati2evxx.exe

C:\Program Files\Norman\Npm\Bin\eLogsvc.exe

C:\Program Files\Norman\Npm\Bin\Zanda.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Norman\Npm\bin\NJEEVES.EXE

C:\Program Files\Norman\Nvc\bin\nvcoas.exe

C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\conime.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Norman\Npm\Bin\Zlh.exe

C:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Norman\Nvc\BIN\NIP.EXE

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Norman\Nvc\bin\cclaw.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\System32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis - hovedfil.exe

C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.80.1:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 3.3.3.3;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [screenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [dmfsd.exe] C:\Windows\system32\dmfsd.exe

O4 - HKLM\..\Run: [dmkgf.exe] C:\Windows\system32\dmkgf.exe

O4 - HKLM\..\Run: [dmjlz.exe] C:\Windows\system32\dmjlz.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Users\Anders\Desktop\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NO (file missing)

O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - file:///C:/Users/Anders/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/xplugCam[1].gadget/en-US/xplug.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{12D10D13-CF40-4348-B287-8D162B459B9D}: NameServer = 85.255.115.36,85.255.112.151

O17 - HKLM\System\CCS\Services\Tcpip\..\{556827D9-D83D-4887-858E-F9248657D218}: NameServer = 85.255.115.36,85.255.112.151

O17 - HKLM\System\CCS\Services\Tcpip\..\{789B2738-9023-435D-BEA6-D34E7E4073FD}: NameServer = 85.255.115.36,85.255.112.151

O17 - HKLM\System\CCS\Services\Tcpip\..\{D66CEA8D-3327-4965-86F8-BDCB4F0D4C6D}: NameServer = 85.255.115.36,85.255.112.151

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.36 85.255.112.151

O17 - HKLM\System\CS1\Services\Tcpip\..\{12D10D13-CF40-4348-B287-8D162B459B9D}: NameServer = 85.255.115.36,85.255.112.151

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.36 85.255.112.151

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Users\Anders\Desktop\SASWINLO.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Windows Management Service - Unknown owner - C:\Windows\system32\dmqvj.exe

--

End of file - 16111 bytes

ROOTKIT LOGG:

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh

2008-01-06 15:41:29.18

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-06 15:41:32

Windows 6.0.6000

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys0125a0f7925]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"h0"=dword:00000001

"hdf12"=hex:6b,d1,c1,2c,30,fa,0d,e7,fa,cc,e9,9e,8a,6d,01,d6,7c,79,5f,90,fe,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:af,b0,d0,9c,5d,06,7d,f0,47,11,8d,d5,45,77,97,97,2a,55,6c,b0,66,..

"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001]

"a0"=hex:20,01,00,00,af,31,6c,c8,d4,c5,99,51,c3,69,bc,d0,51,98,88,39,31,..

"khjeh"=hex:67,7f,8c,d4,72,95,5a,80,84,da,4b,ee,7d,60,08,51,19,44,9e,12,50,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40]

"khjeh"=hex:a4,c3,f8,35,0c,c7,78,49,50,5f,06,cf,ea,ad,32,0e,93,62,b9,14,a1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys0125a0f7925]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"h0"=dword:00000001

"hdf12"=hex:6b,d1,c1,2c,30,fa,0d,e7,fa,cc,e9,9e,8a,6d,01,d6,7c,79,5f,90,fe,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:af,b0,d0,9c,5d,06,7d,f0,47,11,8d,d5,45,77,97,97,2a,55,6c,b0,66,..

"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001]

"a0"=hex:20,01,00,00,af,31,6c,c8,d4,c5,99,51,c3,69,bc,d0,51,98,88,39,31,..

"khjeh"=hex:67,7f,8c,d4,72,95,5a,80,84,da,4b,ee,7d,60,08,51,19,44,9e,12,50,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40]

"khjeh"=hex:c4,9c,47,87,1b,8d,f1,a3,d7,0c,b0,18,da,e0,ab,fe,bf,9f,60,50,bb,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\xV4\22]

"CacheSizeInMB"=dword:00000000

"CacheStatus"=dword:00000002

"USBVersion"=dword:00020000

"ReadSpeedKBs"=dword:00000000

"WriteSpeedKBs"=dword:00000000

"PhysicalDeviceSizeMB"=dword:00012a1c

"RecommendedCacheSizeMB"=dword:00000000

"HasSlowRegions"=dword:00000000

"DoRetestDevice"=dword:00000000

"DeviceStatus"=dword:00000001

"LastTestedTime"=hex(b):00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\F\xc6j[]

"CacheSizeInMB"=dword:00000000

"CacheStatus"=dword:00000002

"USBVersion"=dword:00020000

"ReadSpeedKBs"=dword:00000000

"WriteSpeedKBs"=dword:00000000

"PhysicalDeviceSizeMB"=dword:0001bf26

"RecommendedCacheSizeMB"=dword:00000000

"HasSlowRegions"=dword:00000000

"DoRetestDevice"=dword:00000000

"DeviceStatus"=dword:00000001

"LastTestedTime"=hex(b):00,00,00,00,00,00,00,00

scanning hidden files ...

hidden processes: 0

hidden services: 0

hidden files: 0

Endret 7. januar 2008 av anderso

norbat · 6. januar 2008

Før vi gjør noe manuelt, prøv og gjør følgende (er litt usikker på om programmet fungerer i Vista):

Hent Fixwareout

Legg filen på skrivebordet og dobbeltklikk på den. Klikk Next -> Install.

Sjekk at det er avkrysset i 'Run fixit'.

Klikk Finish og fixet vil starte. Følg instruksjonen.

Restart PC-en når du blir bedt om det. Oppstarten vil ta litt lengre tid en normalt .....

Når PC-en har restartet følger du bare instruksjonen som kommer på skjermen.

Åpne så kommandovinduet (skriv cmd i kjør/søk feltet). Fra ledetekst skriver du:

sc stop Windows Management Service (Trykk: Enter)

sc delete Windows Management Service (Trykk: Enter)

Lukk vinduet.

Deretter kjører du HJT, sett merke framfor følgende linjer (de du finner) og klikk 'Fix checked':

------------------------