Grand Skrevet 9. februar 2008 Del Skrevet 9. februar 2008 Hei. Er det noen som gidder å lese disse loggene for meg? og se om jeg har noe snusk på pc-en. Sas Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 02/09/2008 at 09:23 PM Application Version : 3.9.1008 Core Rules Database Version : 3395 Trace Rules Database Version: 1387 Scan type : Complete Scan Total Scan Time : 00:36:16 Memory items scanned : 507 Memory threats detected : 0 Registry items scanned : 4293 Registry threats detected : 0 File items scanned : 26824 File threats detected : 0 Hijackthis. Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:51:54, on 09.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\DNA\btdna.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Opera\Opera.exe C:\WINDOWS\explorer.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 7107 bytes Combofix. Klikk for å se/fjerne innholdet nedenfor ComboFix 08-02.05.3 - Sander 2008-02-09 22:49:23.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1493 [GMT 1:00] Running from: C:\Documents and Settings\Sander\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))) . 2008-02-09 22:47 . 2008-02-09 22:47 <DIR> dr-h----- C:\Documents and Settings\Sander\Siste 2008-02-09 22:43 . 2008-02-05 03:47 3,508 --a------ C:\Start_.cmd 2008-02-09 21:26 . 2004-08-04 13:00 388,096 --a------ C:\kmd.exe 2008-02-09 20:42 . 2008-02-09 20:42 <DIR> d-------- C:\Programfiler\Trend Micro 2008-02-09 19:57 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-02-09 19:56 . 2008-02-09 19:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-09 19:56 . 2008-02-09 19:56 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-06 22:46 . 2008-02-09 21:44 <DIR> d-------- C:\Programfiler\MpcStar 2008-02-06 22:46 . 2008-02-06 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-02-06 21:22 . 2008-02-06 21:22 <DIR> dr-h----- C:\Documents and Settings\Sander\Programdata\SecuROM 2008-02-06 21:22 . 2008-02-06 21:22 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-02-06 21:04 . 2008-02-06 21:04 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2008-02-06 21:04 . 2008-02-06 21:04 <DIR> d-------- C:\Programfiler\Electronic Arts 2008-02-06 21:04 . 2008-02-06 21:04 <DIR> d-------- C:\Programfiler\AGEIA Technologies 2008-02-05 21:11 . 2008-02-05 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DAEMON Tools Pro 2008-02-05 21:07 . 2008-02-05 21:07 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-02-05 21:02 . 2008-02-09 20:47 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-02-05 21:02 . 2008-02-05 21:02 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\SUPERAntiSpyware.com 2008-02-05 21:02 . 2008-02-05 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-05 20:56 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-02-05 20:56 . 2007-03-08 00:51 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-02-05 20:56 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-02-05 20:56 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-02-05 16:57 . 2008-02-05 16:57 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-02-05 16:49 . 2008-02-05 16:49 <DIR> d-------- C:\Programfiler\id Software 2008-02-05 16:17 . 2008-02-05 16:17 <DIR> d-------- C:\Programfiler\Codemasters 2008-02-05 15:22 . 2008-02-05 15:22 <DIR> d-------- C:\Programfiler\DNA 2008-02-05 15:22 . 2008-02-05 15:22 <DIR> d-------- C:\Programfiler\BitTorrent 2008-02-05 15:22 . 2008-02-09 22:43 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\DNA 2008-02-05 15:22 . 2008-02-09 10:44 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\BitTorrent 2008-02-03 22:38 . 2008-02-03 22:38 <DIR> d-------- C:\Programfiler\Microsoft Silverlight 2008-02-03 21:39 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-03 21:38 . 2008-02-03 21:39 <DIR> d-------- C:\Programfiler\Java 2008-02-03 21:38 . 2008-02-03 21:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-02-03 20:39 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2008-02-03 20:39 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2008-02-03 20:19 . 2008-02-03 20:19 13,646 --a------ C:\WINDOWS\system32\wpa.bak 2008-02-02 22:12 . 2008-02-02 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2008-02-02 21:54 . 2008-02-02 21:54 <DIR> d-------- C:\Programfiler\Yahoo! 2008-02-02 21:54 . 2008-02-02 21:54 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-02 19:29 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-02 19:29 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-02-02 19:29 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-02-01 22:44 . 2008-02-01 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Corel 2008-02-01 22:21 . 2008-02-01 22:21 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2008-02-01 21:44 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-02-01 21:43 . 2008-02-01 21:43 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition 2008-02-01 21:39 . 2008-02-02 19:28 <DIR> d-------- C:\Documents and Settings\Sander\Contacts 2008-02-01 21:32 . 2008-02-01 21:44 <DIR> d-------- C:\Programfiler\Windows Live 2008-02-01 21:32 . 2008-02-01 21:34 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-02-01 21:32 . 2008-02-01 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-02-01 21:21 . 2008-02-03 00:07 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\Ventrilo 2008-02-01 21:19 . 2008-02-01 21:19 <DIR> d-------- C:\Programfiler\Ventrilo 2008-02-01 21:19 . 2008-02-02 22:10 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\gtk-2.0 2008-02-01 21:18 . 2008-02-06 21:03 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-01 21:09 . 2008-02-02 23:54 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\.purple 2008-02-01 21:08 . 2008-02-05 18:10 <DIR> d-------- C:\Programfiler\Aspell 2008-02-01 21:07 . 2008-02-02 19:32 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-02-01 21:07 . 2008-02-05 18:10 <DIR> d-------- C:\Programfiler\Pidgin 2008-02-01 21:07 . 2008-02-01 21:07 <DIR> d-------- C:\Programfiler\Fellesfiler\GTK 2008-02-01 21:02 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-02-01 21:02 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-02-01 21:02 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-01-31 22:22 . 2008-01-31 22:22 <DIR> d-------- C:\WINDOWS\nview 2008-01-31 22:22 . 2008-01-31 22:22 <DIR> d-------- C:\NVIDIA 2008-01-31 22:22 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-01-31 22:22 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-01-31 22:22 . 2008-01-31 22:23 163,353 --a------ C:\WINDOWS\system32\nvapps.xml 2008-01-31 22:22 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-01-31 22:21 . 2008-01-31 22:21 <DIR> d-------- C:\Programfiler\Opera 2008-01-31 22:19 . 2008-01-31 22:19 16 --a------ C:\WINDOWS\system32\coh.cache 2008-01-31 22:07 . 2008-02-09 20:39 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\Corel 2008-01-31 22:07 . 2008-01-31 22:07 <DIR> d-------- C:\Documents and Settings\All Users\My Music 2008-01-31 22:07 . 2008-02-09 20:39 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-01-31 22:07 . 2008-01-31 22:07 8 -r-hs---- C:\WINDOWS\system32\95D521C834.sys 2008-01-31 22:06 . 2008-01-31 22:07 <DIR> d-------- C:\Programfiler\Fellesfiler\Corel 2008-01-31 22:06 . 2008-01-31 22:06 <DIR> d-------- C:\Programfiler\Corel 2008-01-31 22:05 . 2008-01-31 22:05 <DIR> d-------- C:\Programfiler\InterVideo 2008-01-31 22:05 . 2005-11-16 00:42 45,056 --a------ C:\WINDOWS\system32\drivers\iviVD.sys 2008-01-31 22:05 . 2005-09-20 02:27 10,368 --a------ C:\WINDOWS\system32\iviaspi.sys 2008-01-31 22:05 . 2005-09-20 02:27 10,368 --------- C:\WINDOWS\system32\drivers\iviaspi.sys 2008-01-31 22:04 . 2008-02-01 21:01 <DIR> d-------- C:\Programfiler\Norton Internet Security 2008-01-31 22:04 . 2008-01-31 22:17 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-31 22:04 . 2008-01-31 22:17 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-31 22:04 . 2008-01-31 22:17 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-31 22:04 . 2008-01-31 22:17 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-31 22:03 . 2008-01-31 22:17 <DIR> d-------- C:\Programfiler\Symantec 2008-01-31 22:03 . 2008-02-09 21:27 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2008-01-31 22:03 . 2008-02-09 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Symantec 2008-01-31 22:00 . 2008-01-31 22:00 <DIR> d-------- C:\Programfiler\ASUS 2008-01-15 07:45 . 2008-01-15 07:45 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-15 07:45 . 2008-01-15 07:45 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-05 15:36 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-02-05 15:17 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-02-02 22:54 --------- d-----w C:\Documents and Settings\Sander\Programdata\.purple 2008-01-31 20:56 --------- d-----w C:\Programfiler\Attansic 2008-01-31 20:54 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-01-31 20:54 --------- d-----w C:\Programfiler\Realtek 2008-01-31 20:44 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines 2008-01-31 20:44 --------- d-----w C:\Programfiler\Fellesfiler\ODBC 2008-01-31 20:36 --------- d-----w C:\Programfiler\Intel 2008-01-31 20:09 --------- d-----w C:\Programfiler\microsoft frontpage 2008-01-31 20:08 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-01-31 20:07 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-01-31 20:07 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll 2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-02-05 15:22 290112] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 16126464 C:\WINDOWS\RTHDCPL.exe] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-01-14 00:11 771704] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Corel Photo Downloader"="C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 11:20 478800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ InterVideo WinCinema Manager.lnk - C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-31 22:05:25 303104] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 20:53] R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 20:52] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 15:12] S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc [] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-04 19:25:30 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sander.job" - C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exec/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-09 22:49:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-09 22:50:11 . 2008-02-02 20:54:56 --- E O F --- Lenke til kommentar
norbat Skrevet 9. februar 2008 Del Skrevet 9. februar 2008 Loggene ser fine ut Var det bare en sjekk eller har du mistanke om noe? Lenke til kommentar
Grand Skrevet 9. februar 2008 Forfatter Del Skrevet 9. februar 2008 (endret) hadde litt mistanke av noe ja. Jeg skulle leite litt dypt i datamaskinen etter noen savegames fra et spill, men på vegen så fant jeg minst 20 mapper som jeg ikke viste hva var/er. ble litt bekymret. Så jeg scanna PC-en med norton, og avg rootkit. De fant ingen ting. Men det er greit å ligge på den sikre siden, så jeg postet ett par logger her. Tusen takk for at du gadd å ta deg tid til å skjekke de Endret 9. februar 2008 av Sno Lenke til kommentar
norbat Skrevet 9. februar 2008 Del Skrevet 9. februar 2008 Og hva heter disse mappene og hvor fant du de? Lenke til kommentar
Grand Skrevet 9. februar 2008 Forfatter Del Skrevet 9. februar 2008 Tror jeg har skrapt sammen de fleste filene jeg fant nå. Lokal disk C > programfiler > fellesfiler. - GTK - MSSoap - SpeechEngines - ODBC lokal disk C > programfiler - Aspell - ComPlus Applications - AGEIA Technologies - NetMeeting lokal disk C > Documents and Settings > Sander -Contacts Mange av disse er tomme, men de som det er noe i er det merkelig fil navn på, f,eks wisc10.dll, ltts1033.lxa, gtk.immodules Lenke til kommentar
norbat Skrevet 9. februar 2008 Del Skrevet 9. februar 2008 De mappene og filene ser legale ut, så jeg tror ikke du uten videre skal begynne å slette noe. Hvis du vil finne ut hva de hører til, så er google en måte å finne det ut på Lenke til kommentar
Grand Skrevet 9. februar 2008 Forfatter Del Skrevet 9. februar 2008 Ok, tusen takk for hjelp Lenke til kommentar
norbat Skrevet 10. februar 2008 Del Skrevet 10. februar 2008 Du kan avinstallere combofix ved å skrive combofix /u fra kjør-vinduet (start->kjør) Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå