kan noen dobbeltsjekke hjt-log?

[r2d290]

hallo

 

kan noen se gjennom om alt er som det skal her? jeg kan vel hvertfall fikse den "no name" linja, men er det no mer?

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:12, on 2008-01-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\fsgk32st.exe

C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FSMA32.EXE

C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\FSGK32.EXE

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FSMB32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FCH32.EXE

C:\Programfiler\Synergy\synergys.exe

D:\Programmer\RealVNC\VNC4\WinVNC4.exe

C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\fsqh.exe

C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FAMEH32.EXE

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Programfiler\Canal Digital Sikkerhetspakken\FSAUA\program\fsaua.exe

C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\fssm32.exe

C:\Programfiler\Canal Digital Sikkerhetspakken\FWES\Program\fsdfwd.exe

C:\Programfiler\Canal Digital Sikkerhetspakken\FSAUA\program\fsus.exe

C:\Programfiler\TortoiseSVN\bin\TSVNCache.exe

C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\fsav32.exe

C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\HP\QuickPlay\QPService.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FSM32.EXE

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE

C:\Programfiler\Canal Digital Sikkerhetspakken\FSGUI\fsguidll.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

D:\Programmer\RealVNC\VNC4\winvnc4.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

D:\PROGRA~1\FIREFOX\FIREFOX.EXE

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Eirik N\Skrivebord\hijackthis_199\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\Canal Digital Sikkerhetspakken\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AdobeUpdater] C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Run VNC Server.lnk = D:\Programmer\RealVNC\VNC4\winvnc4.exe

O4 - Startup: Skype.lnk = ?

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\canal digital sikkerhetspakken\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\canal digital sikkerhetspakken\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\canal digital sikkerhetspakken\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\programfiler\canal digital sikkerhetspakken\fsps\program\fslsp.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\fsgk32st.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programfiler\Canal Digital Sikkerhetspakken\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programfiler\Canal Digital Sikkerhetspakken\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Synergy Server - Unknown owner - C:\Programfiler\Synergy\synergys.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - D:\Programmer\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

 

 

 

 

edit: glemte å legge til hjt-log

Endret 23. januar 2008 av r2d290

[Programvare]

Bortsett fra at du glemte å poste hijackthis-logg ser det ganske greit ut

 

edit: Der ja

Endret 23. januar 2008 av Vintermåne

[r2d290]

legger til en combofix også. Hvis det hjelper for noe...

 

 

 

ComboFix 08-01-23.2 - Eirik N 2008-01-23 16:37:05.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.235 [GMT 1:00]

Running from: C:\Documents and Settings\Eirik N\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat

C:\Documents and Settings\Eirik N\Programdata\STEM32~1

C:\Documents and Settings\Eirik N\Programdata\STEM32~1\??stem32\

C:\Documents and Settings\Eirik N\Programdata\STEM32~1\rundll32.exe

E:\Autorun.inf

 

----- BITS: Possible infected sites -----

 

hxxp://javadl.sun.com

 

.

((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))

.

 

2008-01-23 16:36 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-01-23 16:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-22 20:30 . 2008-01-23 16:32 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-01-22 20:23 . 2008-01-22 20:23 <DIR> d-------- C:\Programfiler\CCleaner

2008-01-13 17:58 . 2008-01-13 17:58 <DIR> d-------- C:\Programfiler\Bonjour

2008-01-13 17:47 . 2008-01-13 17:47 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

2008-01-13 16:42 . 2008-01-13 16:42 <DIR> d-------- C:\Programfiler\PowerISO

2008-01-08 16:28 . 2008-01-08 16:28 <DIR> d-------- C:\Programfiler\Aspyr

2007-12-30 03:01 . 2007-12-30 03:01 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2007-12-29 04:47 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-12-29 04:47 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2007-12-29 04:47 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2007-12-28 12:02 . 2007-12-28 12:02 <DIR> d-------- C:\Programfiler\Windows Live Toolbar

2007-12-28 11:55 . 2007-12-28 12:00 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2007-12-28 11:54 . 2007-12-28 12:00 <DIR> d-------- C:\Programfiler\Windows Live

2007-12-26 15:28 . 2007-12-26 15:29 <DIR> d-------- C:\Programfiler\The Tournament Director 2

2007-12-26 13:01 . 2007-12-26 13:33 <DIR> d-------- C:\Programfiler\The Tournament Director

2007-12-23 17:06 . 2007-04-03 12:59 100,360 -ra------ C:\WINDOWS\system32\drivers\s616mgmt.sys

2007-12-23 17:06 . 2007-04-03 12:59 99,080 -ra------ C:\WINDOWS\system32\drivers\s616unic.sys

2007-12-23 17:06 . 2007-04-03 12:59 98,568 -ra------ C:\WINDOWS\system32\drivers\s616obex.sys

2007-12-23 17:06 . 2007-04-03 12:59 23,176 -ra------ C:\WINDOWS\system32\drivers\s616nd5.sys

2007-12-23 17:06 . 2007-04-03 12:59 11,016 -ra------ C:\WINDOWS\system32\drivers\s616cr.sys

2007-12-23 17:05 . 2007-04-03 12:59 108,680 -ra------ C:\WINDOWS\system32\drivers\s616mdm.sys

2007-12-23 17:05 . 2007-04-03 12:59 83,208 -ra------ C:\WINDOWS\system32\drivers\s616bus.sys

2007-12-23 17:05 . 2007-04-03 12:59 15,112 -ra------ C:\WINDOWS\system32\drivers\s616mdfl.sys

2007-12-23 17:05 . 2007-04-03 12:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616whnt.sys

2007-12-23 17:05 . 2007-04-03 12:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616wh.sys

2007-12-23 17:05 . 2007-04-03 12:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616cmnt.sys

2007-12-23 17:05 . 2007-04-03 12:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616cm.sys

2007-12-23 16:48 . 2007-12-23 16:59 <DIR> d-------- C:\Programfiler\MyPhoneExplorer

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-23 15:36 --------- d-----w C:\Programfiler\Java

2008-01-22 19:30 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-13 16:58 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2007-12-19 21:25 --------- d-----w C:\Programfiler\Canal Digital Sikkerhetspakken

2007-12-19 10:30 51,040 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys

2007-12-19 10:30 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys

2007-12-18 14:37 --------- d-----w C:\Programfiler\Synergy

2007-12-18 14:25 --------- d-----w C:\Programfiler\NSIS

2007-11-27 19:55 --------- d-----w C:\Programfiler\Winamp

2007-11-24 21:25 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-11-24 21:25 --------- d-----w C:\Programfiler\Google

2007-11-24 20:55 --------- d-----w C:\Programfiler\Skype

2007-11-24 20:55 --------- d-----w C:\Programfiler\Fellesfiler\Skype

2007-11-24 14:03 --------- d-----w C:\Programfiler\Creative

2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-07 09:30 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll

2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys

2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-25 16:57 8,460,800 ------w C:\WINDOWS\system32\dllcache\shell32.dll

2005-09-23 23:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]

@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]

@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]

@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]

@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]

@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]

@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]

@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

 

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]

2007-08-26 11:40 536576 --a------ C:\Programfiler\TortoiseSVN\bin\tortoisesvn.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-06 12:04 68856]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"AdobeUpdater"="C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-15 12:42 7331840]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-15 12:42 86016]

"nwiz"="nwiz.exe" [2005-12-15 12:42 1519616 C:\WINDOWS\system32\nwiz.exe]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 13:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 09:04 761945]

"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45 507904]

"QPService"="C:\Programfiler\HP\QuickPlay\QPService.exe" [2005-12-12 11:39 94208]

"eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 10:56 409600]

"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-06-29 13:48 233534]

"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]

"F-Secure Manager"="C:\Programfiler\Canal Digital Sikkerhetspakken\Common\FSM32.exe" [2007-04-26 18:12 183208]

"F-Secure TNB"="C:\Programfiler\Canal Digital Sikkerhetspakken\FSGUI\TNBUtil.exe" [2007-04-26 18:10 740208]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 07:16 528384]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

 

C:\Documents and Settings\Eirik N\Start-meny\Programmer\Oppstart\

Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

Run VNC Server.lnk - D:\Programmer\RealVNC\VNC4\winvnc4.exe [2007-01-29 18:47:39 852984]

Skype.lnk - C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\Skype.ico [2007-11-24 21:55:36 94334]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2005-08-16 10:56:00 577597]

HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 01:39:30 73728]

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

Source= C:\background\pics\1440\jessicaAlba1440x900.jpg

FriendlyName=

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]

Source= C:\background\index.html

FriendlyName=

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

Trusted 17fe

 

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-12-19 11:30]

R1 F-Secure HIPS;F-Secure HIPS;C:\Programfiler\Canal Digital Sikkerhetspakken\HIPS\fshs.sys [2007-04-26 18:11]

R2 Synergy Server;Synergy Server;C:\Programfiler\Synergy\synergys.exe [2006-04-02 21:20]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\minifilter\fsgk.sys [2007-04-26 18:07]

S4 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 18:08]

S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\Canal Digital Sikkerhetspakken\Anti-Virus\Win2K\FSrec.sys [2007-04-26 18:08]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0126b5eb-89eb-11dc-9a22-0016d4028363}]

\Shell\AutoRun\command - H:\wd_windows_tools\setup.exe

 

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2008-01-22 20:59:01 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-23 16:48:34

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe???????????L????|?????? ???B?????????????hLC????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\Programfiler\Synergy\synrgyhk.dll

.

 

 

[Programvare]

Ser da greit ut det der. Combofix tok med seg noen filer.

 

Du kan trykke fix checked på følgende i hjt:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

 

Kjører du Ccleaner?

[r2d290]

Kjører du Ccleaner?

 

 

 

Gjorde det i går... Er det noe galt siden du spør om det, eller var det bare et kontroll-spørsmål?

 

Hva mente du med at combofix tok med seg noen filer? At den fikset en del bra?

[Programvare]

Ja, Combofix slettet noe som ikke skulle være der. Ccleaner-spørsmålet var bare kontroll