HJT logg.. noen som kan hjelpe? Msn virus !Update!

JaBre · 20. januar 2008

Har dummet meg litt ut ved å klikke på en lite hyggelig link på msn, og det ser ikke ut til at jeg er den eneste.

Kjørte gjennom langversjonen i denne tråden.

Legger ved logger fra SAS, Combofix, HJT og Rootchk, og hadde satt meget stor pris på om noen kunne hjulpet meg med å finne ut om svineriet er borte eller ikke.

SAS

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 01/20/2008 at 04:56 PM

Application Version : 3.9.1008

Core Rules Database Version : 3384

Trace Rules Database Version: 1378

Scan type : Complete Scan

Total Scan Time : 00:56:03

Memory items scanned : 613

Memory threats detected : 0

Registry items scanned : 6441

Registry threats detected : 28

File items scanned : 43830

File threats detected : 5

Unclassified.Oreans32

HKLM\System\ControlSet001\Services\oreans32

C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS

HKLM\System\ControlSet002\Services\oreans32

HKLM\System\CurrentControlSet\Services\oreans32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#DeviceDesc

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#Capabilities

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000#Driver

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000\LogConf

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000\Control

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32000\Control#ActiveService

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

BearShare File Sharing Client

C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\BEARSHARE.LNK

C:\DOCUMENTS AND SETTINGS\JAN\DESKTOP\MAPPEN\PROGRAM\BEARSHARE.LNK

Adware.Vundo-Variant

C:\SYSTEM VOLUME INFORMATION\_RESTORE{68B6A745-4098-4995-A90B-954EAA6460CC}\RP725\A0100536.DLL

Combofix

ComboFix 08-01-20.1 - Jan 2008-01-20 17:02:43.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.491 [GMT 1:00]

Running from: C:\Documents and Settings\Jan\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\awtrrst.dll

C:\WINDOWS\system32\awtusqq.dll

C:\WINDOWS\system32\fccaxyx.dll

C:\WINDOWS\system32\hgghgge.dll

C:\WINDOWS\system32\jkkhgfc.dll

C:\WINDOWS\system32\nnnmmmm.dll

.

((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))

.

2008-01-20 17:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-20 15:57 . 2008-01-20 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-01-20 15:56 . 2008-01-20 15:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-01-20 15:56 . 2008-01-20 15:56 <DIR> d-------- C:\Documents and Settings\Jan\Application Data\SUPERAntiSpyware.com

2008-01-20 14:29 . 2008-01-20 14:29 <DIR> d-------- C:\Program Files\Lavasoft

2008-01-20 14:29 . 2008-01-20 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-20 14:28 . 2008-01-20 15:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-20 14:23 . 2008-01-20 16:57 <DIR> d-------- C:\eed23ccd64a1e8be6b50f94ccbd636

2008-01-06 15:16 . 2008-01-06 15:16 <DIR> d-------- C:\Program Files\Pidgin

2008-01-06 15:16 . 2008-01-16 02:16 <DIR> d-------- C:\Documents and Settings\Jan\Application Data\.purple

2008-01-01 15:06 . 2008-01-01 15:10 <DIR> d-------- C:\Program Files\Photomatix

2007-12-26 14:28 . 2007-12-26 14:28 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment

2007-12-26 14:21 . 2007-12-31 13:57 <DIR> d-------- C:\Program Files\World of Warcraft

2007-12-25 01:44 . 2007-12-25 01:44 <DIR> d-------- C:\Documents and Settings\Jan\Application Data\EPSON

2007-12-24 23:26 . 2007-12-24 23:26 <DIR> d-------- C:\Program Files\EPSON Print CD

2007-12-24 23:26 . 2007-12-24 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\UDL

2007-12-24 23:25 . 2007-12-24 23:25 <DIR> d-------- C:\Documents and Settings\Jan\Application Data\InstallShield

2007-12-24 23:25 . 2006-10-20 00:10 501,912 --a------ C:\WINDOWS\system32\PICSDK2.dll

2007-12-24 23:23 . 2006-08-10 03:02 75,264 --a------ C:\WINDOWS\system32\E_FLBBOE.DLL

2007-12-24 23:23 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBOE.DLL

2007-12-24 23:23 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL

2007-12-24 23:23 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-12-24 23:23 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2007-12-24 23:21 . 2007-12-24 23:26 <DIR> d-------- C:\Program Files\EPSON

2007-12-24 23:21 . 2007-12-24 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON

2007-12-24 23:21 . 2007-12-24 23:21 26 --a------ C:\WINDOWS\CDE SPR360.ini

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-20 16:23 --------- d-----w C:\Program Files\BOINC

2008-01-20 16:02 --------- d-----w C:\Documents and Settings\Jan\Application Data\Launchy

2008-01-20 14:31 --------- d-----w C:\Program Files\BearShare

2008-01-20 14:00 --------- d-----w C:\Documents and Settings\Jan\Application Data\Hamachi

2008-01-16 01:16 --------- d-----w C:\Documents and Settings\Jan\Application Data\.purple

2008-01-12 14:13 --------- d-----w C:\Documents and Settings\Jan\Application Data\dvdcss

2008-01-06 14:16 --------- d-----w C:\Documents and Settings\Jan\Application Data\.gaim

2008-01-01 13:52 --------- d-----w C:\Program Files\FinePixViewer

2007-12-24 22:29 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-24 22:28 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-12-16 16:20 --------- d-----w C:\Program Files\Mozilla Thunderbird

2007-12-15 00:02 --------- d-----w C:\Program Files\MSECache

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-11-29 22:33 --------- d-----w C:\Program Files\Flagship Studios

2007-11-25 23:30 --------- d-----w C:\Program Files\PENTAX

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-11-30 15:22 1266936]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]

"EPSON Stylus Photo R360 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.exe" [2006-05-29 05:00 139264]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 03:04 59392]

"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-04-07 01:16 631364]

"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 16:12 131072]

"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 17:22 266240]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-16 10:47 5562368]

"nwiz"="nwiz.exe" [2005-05-16 10:47 1495040 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-16 10:47 86016]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 19:41 33792]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14 36975]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-25 01:48 180269]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-14 14:40 155648]

"UnlockerAssistant"="C:\Documents and Settings\Jan\Desktop\Programmer\Unlocker\UnlockerAssistant.exe" [2006-03-03 09:39 6144]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"StartupMonitor"="C:\Program Files\SNP Software\StartupMonitor\StartupMonitor.exe" [2006-07-10 05:16 183296]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 05:32 61440]

"Windows Taskmanager"="svchost.exe" [2004-08-10 13:00 14336 C:\WINDOWS\system32\svchost.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-02 18:26:08 113664]

Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-05-30 23:00:09 294912]

Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-04-07 03:56:13 520192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2006-01-07 15:45]

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2006-01-07 15:45]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-20 17:23:17

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\Documents and Settings\Jan\Desktop\Programmer\Unlocker\UnlockerHook.dll

.

Completion time: 2008-01-20 17:26:46 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-20 16:26:44

.

2008-01-12 13:53:38 --- E O F ---

HJT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:28:58, on 20.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Documents and Settings\Jan\Desktop\Programmer\Unlocker\UnlockerAssistant.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\SNP Software\StartupMonitor\StartupMonitor.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\FinePixViewer\QuickDCF2.exe

C:\Program Files\Launchy\Launchy.exe

C:\Program Files\BOINC\boincmgr.exe

C:\Program Files\BOINC\boinc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Jan\Desktop\HJT\Test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [unlockerAssistant] C:\Documents and Settings\Jan\Desktop\Programmer\Unlocker\UnlockerAssistant.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [startupMonitor] "C:\Program Files\SNP Software\StartupMonitor\StartupMonitor.exe"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"

O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [EPSON Stylus Photo R360 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOE.EXE /FU "C:\WINDOWS\TEMP\E_S88.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Exif Launcher 2.lnk = ?

O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v906/Navigram.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 10296 bytes

Rootchk

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh

20.01.2008 17:34:19,59

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-20 17:34:37

Windows 5.1.2600 Service Pack 2

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive ...

IPC error: 2 The system cannot find the file specified.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:a8,0d,05,33,d1,14,10,25,0a,cc,c1,18,b2,77,a4,63,4a,50,7a,90,e3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001]

"a0"=hex:20,01,00,00,ab,44,ee,0b,00,78,28,68,67,eb,d1,96,ad,0c,fb,0c,fd,..

"khjeh"=hex:19,0d,8e,76,8b,d4,14,e1,8a,ed,9b,34,02,94,fb,e8,a9,79,1b,40,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40]

"khjeh"=hex:d7,16,53,9b,26,29,a2,22,b3,b2,03,60,7b,0d,1f,64,78,c4,1d,c0,b1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:a8,0d,05,33,d1,14,10,25,0a,cc,c1,18,b2,77,a4,63,4a,50,7a,90,e3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001]

"a0"=hex:20,01,00,00,ab,44,ee,0b,00,78,28,68,67,eb,d1,96,ad,0c,fb,0c,fd,..

"khjeh"=hex:19,0d,8e,76,8b,d4,14,e1,8a,ed,9b,34,02,94,fb,e8,a9,79,1b,40,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA40000001Jf40]

"khjeh"=hex:d0,2c,c4,62,c6,c1,de,9a,c1,15,07,b8,6a,82,64,48,ca,8e,2c,d1,3d,..

scanning hidden registry entries ...

scanning hidden files ...

IPC error: 2 The system cannot find the file specified.

hidden processes: 0

hidden services: 0

hidden files: 0

Hadde vært meget takknemlig dersom noen kunne tatt en titt på disse

Endret 20. januar 2008 av JaBre

snippsat · 20. januar 2008

Start hjt merk så fixed.

O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe

Restart.

Combofix skal ha tatt filen.

C:\WINDOWS\svchost.exe

Post ny hjt-logg.

Endret 20. januar 2008 av SNIPPSAT

JaBre · 20. januar 2008

Takk!

Har gjort som du sa og her er ny logg

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:52:47, on 20.01.2008