Virus? Kan noen sjekke loggfiler? LØST!

[voffen]

For en tid tilbake hadde jeg virus, men norbat fikset det... trodde jeg. PC-en virket OK noen dager men så begynte den å henge og nis 2007 sluttet å virke (har uløste problemer) Personlige mapper på Outlook ble også borte... nis 2007 og houscall fra Trend Micro fant en backdoor trojan som ble fikset?? Kan noen se på HJT og Combofix loggene mine og komme med noen tips. Vil helst prøve dette slik at jeg kanskje slipper og formatere/installere XP på nytt

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:30:33, on 10.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\QuickTime\QTTask.exe

C:\WINDOWS\ALCFDRTM.EXE

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe

C:\Programfiler\Microsoft ActiveSync\Wcescomm.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Documents and Settings\Vegard.STUA\Skrivebord\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196040768218

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab

O20 - Winlogon Notify: !SASWinLogon - D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

 

--

End of file - 12076 bytes

 

 

 

ComboFix 08-02.05.3 - Vegard 2008-02-10 23:20:41.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.2615 [GMT 1:00]

Running from: C:\Documents and Settings\Vegard.STUA\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))

.

 

2008-01-24 19:27 . 2008-01-24 19:27 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Datalayer

2008-01-19 15:11 . 2008-03-09 15:39 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Phone Browser

2008-01-19 14:55 . 2008-01-19 14:55 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Nokia Multimedia Player

2008-01-16 19:23 . 2008-01-16 19:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Nokia

2008-01-16 19:22 . 2008-01-16 19:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Installations

2008-01-16 18:37 . 2008-01-16 18:37 <DIR> d-------- C:\Programfiler\PC Connectivity Solution

2008-01-16 18:37 . 2008-03-09 15:42 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite

2008-01-16 18:37 . 2008-03-09 15:42 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia

2008-01-16 18:37 . 2008-01-16 18:37 <DIR> d-------- C:\Programfiler\DIFX

2008-01-16 18:37 . 2008-01-19 15:55 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\PC Suite

2008-01-16 18:37 . 2008-03-09 15:42 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Nokia

2008-01-16 18:37 . 2008-03-09 15:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\PC Suite

2008-01-16 18:37 . 2006-10-10 08:54 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-01-16 18:36 . 2008-01-16 19:23 <DIR> d-------- C:\Programfiler\Nokia

2008-01-16 18:36 . 2008-01-16 18:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Downloaded Installations

2008-01-14 22:38 . 2008-01-14 22:38 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Teleca

2008-01-14 22:38 . 2008-01-14 22:38 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Sony Ericsson

2008-01-14 22:28 . 2008-01-14 22:28 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com

2008-01-13 22:22 . 2008-01-13 22:22 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\SUPERAntiSpyware.com

2008-01-13 22:22 . 2008-01-13 22:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\SUPERAntiSpyware.com

2008-01-13 22:21 . 2008-01-13 22:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-12 13:27 . 2008-01-12 13:27 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2008-01-12 13:27 . 2008-01-14 23:42 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste

2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter

2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter

2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2008-01-12 13:25 . 2008-01-07 18:56 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Apple Computer

2008-01-12 13:25 . 2008-01-14 22:38 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2008-01-12 13:25 . 2008-01-12 13:27 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2008-01-12 13:25 . 2008-01-12 18:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2008-01-11 23:52 . 2008-03-09 19:31 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\.housecall6.6

2008-01-11 23:34 . 2008-01-12 17:50 8 --a------ C:\WINDOWS\system32\1688949442

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-09 18:33 --------- d-----w C:\Programfiler\CCleaner

2008-03-09 15:19 --------- d-----w C:\Programfiler\Microsoft ActiveSync

2008-02-10 22:09 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-02-10 22:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec

2008-01-24 08:43 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\LimeWire

2008-01-17 19:06 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\DVD Profiler

2008-01-17 19:05 --------- d-----w C:\Programfiler\DVD Profiler

2008-01-12 15:30 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Programdata\TEMP

2008-01-11 22:34 --------- d-----w C:\Programfiler\Unlocker

2008-01-07 17:56 --------- d-----w C:\Documents and Settings\Default User.WINDOWS\Programdata\Apple Computer

2008-01-06 22:34 --------- d-----w C:\Programfiler\QuickTime

2008-01-06 22:34 --------- d-----w C:\Programfiler\iTunes

2008-01-06 22:34 --------- d-----w C:\Programfiler\iPod

2008-01-06 22:34 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\Apple Computer

2008-01-06 22:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\Apple Computer

2008-01-06 22:33 --------- d-----w C:\Programfiler\Fellesfiler\Apple

2008-01-06 22:33 --------- d-----w C:\Programfiler\Apple Software Update

2008-01-06 22:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\Apple

2008-01-06 15:45 --------- d-----w C:\Programfiler\DVDFab Platinum 4

2008-01-06 15:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\vsosdk

2008-01-06 15:29 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\Vso

2007-12-31 20:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\Ahead

2007-12-27 18:58 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-12-27 17:42 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\Buena Vista Games

2007-12-27 17:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-12-22 01:08 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\Canon

2007-12-21 17:35 --------- d-----w C:\Programfiler\VideoLAN

2007-12-21 17:03 --------- d-----w C:\Programfiler\Runtime Software

2007-12-20 18:29 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2007-12-20 15:10 --------- d-----w C:\Programfiler\Canon

2007-12-20 15:10 --------- d-----w C:\Programfiler\ArcSoft

2007-12-20 15:09 --------- d-----w C:\Programfiler\Fellesfiler\Caere

2007-12-20 15:08 --------- d-----w C:\Programfiler\Caere

2007-12-19 22:32 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\Teleca

2007-12-19 22:31 --------- d-----w C:\Programfiler\Fellesfiler\Teleca Shared

2007-12-19 22:30 --------- d-----w C:\Programfiler\Sony Ericsson

2007-12-19 22:30 --------- d-----w C:\Programfiler\Fellesfiler\Sony Ericsson Shared

2007-12-19 22:30 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\Sony Ericsson

2007-12-19 22:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\Teleca

2007-12-19 22:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\Sony Ericsson

2007-12-18 19:13 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\QuickTime

2007-12-17 22:50 --------- d-----w C:\Programfiler\Creative

2007-12-17 22:42 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\Creative

2007-12-17 22:28 --------- d--h--w C:\Programfiler\Creative Installation Information

2007-12-17 22:28 --------- d-----w C:\Programfiler\Fellesfiler\Creative

2007-12-17 22:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\Creative

2007-12-17 21:19 --------- d-----w C:\Programfiler\Windows Media Connect 2

2007-12-16 22:35 --------- d-----w C:\Programfiler\Java

2007-12-16 12:09 --------- d-----w C:\Programfiler\audiograbber

2007-12-15 12:47 --------- d-----w C:\Programfiler\LimeWire

2007-12-15 12:46 --------- d-----w C:\Programfiler\Fellesfiler\Java

2007-12-05 12:25 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-12-04 17:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-12-02 17:46 372,736 ----a-w C:\WINDOWS\suinsta4001.exe

2007-11-26 18:02 47,360 ----a-w C:\Documents and Settings\Vegard.STUA\Programdata\pcouffin.sys

2007-11-25 23:24 73,728 ----a-w C:\WINDOWS\ALCFDRTM.EXE

2007-11-25 23:22 315,392 ----a-w C:\WINDOWS\HideWin.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 02:29 68856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]

"H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:56 1289000]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"CTSyncU.exe"="C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]

"Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 09:52 98304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 11:54 16116224 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]

"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 07:36 36864]

"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 05:13 1957888]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 17:17 8527872]

"nwiz"="nwiz.exe" [2007-10-25 17:17 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 17:17 81920]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-20 13:17 115816]

"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-02-20 13:16 771704]

"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 01:48 40048]

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34 406016]

"Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]

"UnlockerAssistant"="C:\Programfiler\Unlocker\UnlockerAssistant.exe" [ ]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\

Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-20 19:30:16 113664]

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-11-26 12:47:49 671744]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]

--a------ 2007-06-29 15:03 36864 C:\Programfiler\GameSpy\Comrade\Comrade.exe

 

R1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;C:\WINDOWS\system32\drivers\DCxxMJPG.sys [2002-06-04 11:18]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:03]

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32]

S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdfd45e3-9bb1-11dc-b6f1-806d6172696f}]

\Shell\AutoRun\command - F:\Autorun.exe root.ini

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-01-25 19:16:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-01-26 10:00:40 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - Vegard.job"

- C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exek/TASK:

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-10 23:22:03

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-02-10 23:22:23

ComboFix-quarantined-files.txt 2008-02-10 22:22:15

.

2008-01-09 20:01:30 --- E O F ---

 

Endret 20. februar 2008 av voffen

[norbat]

Hei, Voffen.

Loggene dine ser fine ut. Ingen ting tyder på at det ligger noen infeksjoner på PC-en.

 

Denne trojanen som ble funnet, hvor ble den funnet på systemet?

(Sjekk evt. i loggen til Norton hvis du ikke husker det.)

[voffen]

Hei, Voffen.

Loggene dine ser fine ut. Ingen ting tyder på at det ligger noen infeksjoner på PC-en.

 

Denne trojanen som ble funnet, hvor ble den funnet på systemet?

(Sjekk evt. i loggen til Norton hvis du ikke husker det.)

 

Nis viser til combofix mappen, er vel bare noe som ble lagt i karantene?

[norbat]

Ja.

 

Du kan derfor gjøre følgende:

 

Avinstaller combofix ved å skrive combofix /u i kjør-vinduet (start->kjør)

(Dette fjerner programmer, div. backup-filer samt nullstiller systemgjenopprettingen)

 

Kjør en rens med CCleaner. Kjør også registerrensen (si ja til å ta backup når du blir spurt om det)

 

Sjekk om alle systemfiler er i orden:

Klikk Start->Kjør

Skriv: sfc /scannow (mellomrom mellom sfc og / )

Du trenger antakelig XP CD-en.

 

Når NIS får uløste problemer, skal du trykke på Fix e.l. Du kan også sjekke hva disse uløste problemene er (kan være at NIS vil kjøre en scan på PC-en, kanskje noen oppdateringer trengs etc.)

[voffen]

Ja.

 

Du kan derfor gjøre følgende:

 

Avinstaller combofix ved å skrive combofix /u i kjør-vinduet (start->kjør)

(Dette fjerner programmer, div. backup-filer samt nullstiller systemgjenopprettingen)

 

Kjør en rens med CCleaner. Kjør også registerrensen (si ja til å ta backup når du blir spurt om det)

 

Sjekk om alle systemfiler er i orden:

Klikk Start->Kjør

Skriv: sfc /scannow (mellomrom mellom sfc og / )

Du trenger antakelig XP CD-en.

 

Når NIS får uløste problemer, skal du trykke på Fix e.l. Du kan også sjekke hva disse uløste problemene er (kan være at NIS vil kjøre en scan på PC-en, kanskje noen oppdateringer trengs etc.)

 

Har fikset Nis problemene. Noen tips om å finne slettete .pst filer/personlige mapper? (muligens fått hjelp av barna i huset til å finne/bruke "delete-knappen...)? Kan GetBAckData brukes?