Trenger en sjekk av HJT-logg ++

[sandemas]

Tok en liten sjekk av maskina for å være på den sikre siden. Vet aldri hva som dumper inn.

 

Kjørte først VundoFix, men den rapporterte ingen feil.

 

Kjørte deretter ComboFix og fikk denne loggen:

 

 

ComboFix 08-01-23.2 - Jonny 2008-01-24 17:54:43.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1572 [GMT 1:00]

Running from: C:\Documents and Settings\Jonny\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Documents and Settings\Jonny\Programdata\inst.exe

 

.

((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))

.

 

2008-01-24 17:46 . 2008-01-24 17:46 <DIR> d-------- C:\Programfiler\CCleaner

2008-01-24 17:39 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-24 17:29 . 2008-01-24 17:29 <DIR> d-------- C:\VundoFix Backups

2008-01-17 10:44 . 2008-01-18 13:08 77 --a------ C:\WINDOWS\Spatial

2008-01-17 10:44 . 2008-01-18 13:06 76 --a------ C:\WINDOWS\Verbal

2008-01-17 10:44 . 2008-01-18 13:08 76 --a------ C:\WINDOWS\Memory

2008-01-17 10:44 . 2008-01-18 13:08 75 --a------ C:\WINDOWS\Logic

2008-01-17 10:44 . 2008-01-17 10:44 72 --a------ C:\WINDOWS\Numerical

2008-01-17 10:43 . 2008-01-18 13:06 460 --a------ C:\WINDOWS

2008-01-17 10:43 . 2008-01-18 13:06 74 --a------ C:\WINDOWS\Times New Roman

2008-01-17 10:06 . 2008-01-18 13:09 <DIR> d-------- C:\Programfiler\Mindscape

2008-01-16 16:49 . 2008-01-16 16:49 68,096 --a------ C:\WINDOWS\ScUnin.exe

2008-01-16 16:49 . 2008-01-16 16:49 11,028 --a------ C:\WINDOWS\scunin.dat

2008-01-16 16:49 . 2008-01-16 16:49 967 --a------ C:\WINDOWS\ScUnin.pif

2008-01-15 03:04 . 2008-01-15 03:04 <DIR> d-------- C:\WINDOWS\Hidden Secrets - The Nightmare

2008-01-15 02:54 . 2008-01-15 02:54 <DIR> d-------- C:\WINDOWS\Dream Day - First Home

2008-01-15 02:52 . 2008-01-15 02:52 <DIR> d--h----- C:\WINDOWS\PIF

2008-01-12 15:18 . 2008-01-12 15:18 <DIR> d-------- C:\Programfiler\uTorrent

2008-01-11 13:53 . 2008-01-24 04:37 <DIR> d-------- C:\WINDOWS\Ny mappe

2008-01-09 16:31 . 2008-01-18 13:03 <DIR> d-------- C:\Programfiler\GetRight Arcade

2008-01-09 16:08 . 2008-01-18 04:20 <DIR> d-------- C:\Programfiler\GetRight

2008-01-09 14:02 . 2008-01-09 14:02 1,355 --a------ C:\WINDOWS\imsins.BAK

2008-01-08 17:15 . 2008-01-16 23:01 <DIR> d-------- C:\Programfiler\PowerISO

2008-01-08 02:00 . 2008-01-08 02:00 <DIR> d-------- C:\WINDOWS\system32\AGEIA

2008-01-08 02:00 . 2008-01-08 02:00 <DIR> d-------- C:\Programfiler\AGEIA Technologies

2008-01-07 20:17 . 2008-01-07 20:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-07 20:17 . 2008-01-07 20:17 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-05 14:22 . 2008-01-05 14:22 <DIR> d-------- C:\Programfiler\RivaTuner v2.06

2008-01-02 21:24 . 2008-01-02 21:24 <DIR> d-------- C:\Programfiler\SystemRequirementsLab

2008-01-02 02:14 . 2008-01-02 02:14 <DIR> d-------- C:\Programfiler\VideoLAN

2008-01-01 19:11 . 2008-01-01 19:11 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2008-01-01 16:39 . 2008-01-01 17:04 <DIR> d-------- C:\Programfiler\Cyanide

2007-12-31 21:09 . 2007-12-31 21:09 <DIR> d-------- C:\Programfiler\Stardock

2007-12-31 14:04 . 2007-12-31 14:04 <DIR> d-------- C:\Programfiler\OpenAL

2007-12-29 18:39 . 2007-12-29 18:39 4,096 --a------ C:\WINDOWS\d3dx.dat

2007-12-29 18:35 . 2007-12-29 18:56 <DIR> d-------- C:\Programfiler\PC Wizard 2008

2007-12-29 18:35 . 2007-09-15 15:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl

2007-12-29 13:58 . 2007-12-29 13:58 <DIR> d-------- C:\Programfiler\Webroot

2007-12-29 13:58 . 2007-07-19 22:54 1,521,464 --a------ C:\WINDOWS\WRSetup.dll

2007-12-29 13:58 . 2007-07-19 22:42 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys

2007-12-29 13:58 . 2007-07-19 22:42 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2007-12-29 13:58 . 2007-07-19 22:42 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys

2007-12-29 13:58 . 2007-07-19 22:42 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys

2007-12-27 05:20 . 2007-12-27 05:20 304 --a------ C:\WINDOWS\game.ini

2007-12-25 08:48 . 2007-07-03 18:10 148,776 --a------ C:\WINDOWS\system32\ImageDrive.cpl

2007-12-25 04:18 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2007-12-25 04:18 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-12-25 04:18 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2007-12-25 04:18 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2007-12-25 04:07 . 2007-12-25 04:08 <DIR> d-------- C:\Programfiler\Canon

2007-12-25 04:06 . 2007-12-25 04:06 <DIR> d-------- C:\Programfiler\Fellesfiler\Canon

2007-12-25 03:52 . 2007-12-25 03:52 <DIR> d-------- C:\Programfiler\Netscape

2007-12-24 13:06 . 2008-01-16 17:46 <DIR> d-------- C:\Program Files

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-24 16:50 --------- d-----w C:\Programfiler\SUPERAntiSpyware

2008-01-24 16:47 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-18 14:46 --------- d-----w C:\Programfiler\MP3Gain

2008-01-18 14:06 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-01-14 00:44 --------- d-----w C:\Programfiler\HDD Health

2008-01-12 14:19 --------- d-----w C:\Programfiler\BitLord

2007-12-31 13:04 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2007-12-31 13:04 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2007-12-23 19:53 --------- d-----w C:\Programfiler\Opera

2007-12-22 20:02 --------- d-----w C:\Programfiler\Futuremark

2007-12-21 08:40 --------- d-----w C:\Programfiler\Fraps

2007-12-21 07:31 --------- d-----w C:\Programfiler\Lavasoft

2007-12-21 07:11 --------- d-----w C:\Programfiler\Wisdom-soft ScreenHunter 5 Free

2007-12-17 03:12 --------- d-----w C:\Programfiler\DAEMON Tools

2007-12-09 18:56 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2007-12-09 18:56 --------- d-----w C:\Programfiler\Windows Live

2007-12-08 21:59 --------- d-----w C:\Programfiler\Axesstel

2007-12-08 03:43 --------- d-----w C:\Programfiler\Fellesfiler\NSV

2007-12-08 03:06 --------- d-----w C:\Programfiler\Winamp

2007-12-08 02:47 --------- d-----w C:\Programfiler\Windows Media Connect 2

2007-12-08 01:35 --------- d-----w C:\Programfiler\Google

2007-12-08 01:04 --------- d-----w C:\Programfiler\Java

2007-12-07 10:44 --------- d-----w C:\Programfiler\LimeWire

2007-12-07 10:36 --------- d-----w C:\Programfiler\Fellesfiler\Java

2007-12-07 09:33 --------- d-----w C:\Programfiler\Alwil Software

2007-12-05 01:53 356,352 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE

2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-12-05 00:41 356,352 -c--a-w C:\WINDOWS\system32\nvudisp.exe

2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll

2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll

2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe

2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe

2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll

2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe

2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll

2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe

2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll

2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll

2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2007-11-27 06:34 2,189,864 ----a-w C:\WINDOWS\TBPanel.exe

2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-24_17.42.53,56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-24 16:48:05 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe

+ 2008-01-24 16:48:05 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-01-24 16:48:05 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2008-01-24 16:51:53 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7dc.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-08 02:06 171448]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 07:54 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]

"amd_dc_opt"="C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 15:49 77824]

"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-11-27 07:34 2189864]

"CTHelper"="CTHELPER.EXE" [2005-06-18 07:01 16384 C:\WINDOWS\CTHELPER.EXE]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 11:31 29696 C:\WINDOWS\KHALMNPR.Exe]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 33280 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 33280 C:\WINDOWS\system32\rundll32.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\KEM.exe [2007-07-21 16:57:08 581632]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Jonny^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk]

path=C:\Documents and Settings\Jonny\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]

--------- 2006-08-07 09:06 700416 C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 07:00 33648 C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-09-12 02:13 282624 C:\Programfiler\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2005-01-12 02:01 32768 C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe

 

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 22:42]

R2 windowndns;Window Domain Services;C:\Program Files\Internet Explorer\svchost.exe [2008-01-13 19:19]

R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys [2004-06-08 11:36]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-24 17:57:05

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\Programfiler\Logitech\SetPoint\lgscroll.dll

.

 

 

 

Kjørte der igjen SAS og fikk denne loggen:

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 01/24/2008 at 06:36 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3386

Trace Rules Database Version: 1380

 

Scan type : Complete Scan

Total Scan Time : 00:35:21

 

Memory items scanned : 441

Memory threats detected : 0

Registry items scanned : 7141

Registry threats detected : 0

File items scanned : 43936

File threats detected : 96

 

Adware.Tracking Cookie

C:\Documents and Settings\Jonny\Cookies\[email protected][3].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@casalemedia[1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@realmedia[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@linksynergy[2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@tradedoubler[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@fastclick[1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@tribalfusion[2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@doubleclick[3].txt

C:\Documents and Settings\Jonny\Cookies\jonny@adtech[1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@specificclick[2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@advertising[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@revenue[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@nextstat[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@adrevolver[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@trafficmp[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@burstnet[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@atwola[1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@serving-sys[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@indexstats[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@adbrite[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@mediaplex[2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][4].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@atdmt[2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@revsci[1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@inet-traffic[2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@maxserving[1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@2o7[2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@indextools[2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@partypoker[2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@yadro[2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@hitbox[2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@tacoda[2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@toplist[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@imrworldwide[2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@eyewonder[2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@zedo[1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@questionmarket[2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@apmebf[1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@clicktorrent[2].txt

C:\Documents and Settings\Jonny\Cookies\jonny@gostats[1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@rambler[1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@clickaider[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@list[1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@adecn[2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@statcounter[2].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][1].txt

C:\Documents and Settings\Jonny\Cookies\jonny@doubleclick[1].txt

C:\Documents and Settings\Jonny\Cookies\[email protected][2].txt

 

 

 

Kjørte så CCleaner og avsluttet med HJT og fikk denne loggen:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:49, on 2008-01-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\CTHELPER.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Logitech\SetPoint\KEM.exe

C:\Programfiler\Logitech\SetPoint\KHALMNPR.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Internet Explorer\svchost.exe

C:\Programfiler\Canon\CAL\CALMAIN.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programfiler\GetRight\xx2gr.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe"

O4 - HKLM\..\Run: [Gainward] "C:\WINDOWS\TBPanel.exe" /A

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\KEM.exe

O8 - Extra context menu item: Download with GetRight - C:\Programfiler\GetRight\GRdownload.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Programfiler\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: Window Domain Services (windowndns) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe

 

--

End of file - 8520 bytes

 

 

 

Hvis det er noen som vil sjekke disse loggene og fortelle meg om det er noe som bør fjernes, hadde jeg blitt glad.

[snippsat]

Finn denne filen.

Ha på vis filer og skjulte mapper.

 

C:\Program Files\Internet Explorer\svchost.exe

 

Scann filen med en av disse to.

http://virusscan.jotti.org/

http://www.virustotal.com/

 

Gi tilbakemelding.

Endret 24. januar 2008 av SNIPPSAT

[r2d290]

du må fixe følgende linje i hjt . Sett en X foran følgende, og trykk på fix:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

[baosen]

du må fixe følgende linje i hjt . Sett en X foran følgende, og trykk på fix:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Ikke fiks denne. Den tilhører Windows Live Messenger og skal ikke fikses hvis du bruker det.

 

Jeg fant to ting du kan fikse:

 

C:\Program Files\Internet Explorer\svchost.exe

 

og

 

O23 - Service: Window Domain Services (windowndns) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe

 

EDIT: oja, hør på SNIPPSAT. Skann filen for om det er virus ^_^. Hvis det er det, fiks det .

Endret 24. januar 2008 av baosen

[r2d290]

ehm, norbat har hvertfall alltid sagt at den kan fikses (altså den no name saken).

 

jeg spurte for noen dager siden hva det var for noe, men husker ikke helt hva jeg fikk som svar

[Programvare]

ehm, norbat har hvertfall alltid sagt at den kan fikses (altså den no name saken).

 

jeg spurte for noen dager siden hva det var for noe, men husker ikke helt hva jeg fikk som svar

 

Det er en fil tilknyttet live messenger. Derfor er den på nesten alle logger.

 

ehm, norbat har hvertfall alltid sagt at den kan fikses (altså den no name saken).

 

jeg spurte for noen dager siden hva det var for noe, men husker ikke helt hva jeg fikk som svar

 

Det er en fil tilknyttet live messenger. Derfor er den på nesten alle logger.

[r2d290]

Ja, men hva er det som gjør at man ikke trenger den, da det er en fil som hører til et kjent program?

 

det svaret jeg snakker om, var:

 

(svart fra norbat) Den første linja (02) er knyttet til messenger live. Kan normalt fjernes uten problemer.

 

men, hva er ulempen med å ha den, og hvorfor følger den med wlm hvis den er overfladig?

[Programvare]

Det er jeg veldig usikker på, men det er mulig at det er en slags tempfil som lagrer noe unyttig informasjon e.l. Jeg skal google litt og si ifra hvis jeg kommer fram til noe

 

edit: Fant litt info, men det var ikke rare greiene. http://www.castlecops.com/tk32132-htc_8_1_0178_00_dll.html

 

Det er Windows Live Call HoverToCall class, men det er ikke noe jeg har hørt om.

Endret 24. januar 2008 av Vintermåne

[sandemas]

Finn denne filen.

Ha på vis filer og skjulte mapper.

 

C:\Program Files\Internet Explorer\svchost.exe

 

Scann filen med en av disse to.

http://virusscan.jotti.org/

http://www.virustotal.com/

 

Gi tilbakemelding.

 

Beklager seint svar, men jobben krever sitt. Har sjekket den fila du henviste til med Virustotal og fikk dette resultatet.