En hel haug bounce mail i inboksen

[KillYou]

På mine foreldres datamaskin, har det i det siste begynt å komme en hel haug med mail fra bouncere på forskjellige servre om at vi har sendt mail til en mail som ikke eksisterer, og mailen kommer i retur.

 

Tingen er at vi aldri har sendt disse mailene, så er det da virus eller noen som bruker vår adresse til å spamme med?

 

log kommer...

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:51:19, on 15.04.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\sstray.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A607D905-2E3F-460A-86C7-15C49B2117C7}: NameServer = 195.159.0.100,195.159.0.200

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe

 

--

End of file - 6904 bytes

 

 

Endret 15. april 2008 av KillYou

[norbat]

Loggen viser ingen spesielle ting. Hvis du i tillegg tar en scan med et antispywareprog. eks. SAS, og det heller ikke finner noe av interesse så kan du nok anse dette som 'vanlig' spam. Det er rimelig vanlig at man bruker en annens epostadresse. Får selv slikt i perioder (hvis det skulle være en trøst )

[KillYou]

greit at du også får litt:P men her er det ikke snakk om litt men flere hundre, og ikke bare en gang men det skjer nå relativt ofte....

 

 

nye logger:

 

SAS kjørt først så combofix

 

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 04/15/2008 at 06:31 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3438

Trace Rules Database Version: 1430

 

Scan type : Complete Scan

Total Scan Time : 00:27:03

 

Memory items scanned : 542

Memory threats detected : 0

Registry items scanned : 4544

Registry threats detected : 0

File items scanned : 14196

File threats detected : 30

 

Adware.Tracking Cookie

C:\Documents and Settings\Olsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Olsen\Cookies\olsen@hitbox[2].txt

C:\Documents and Settings\Olsen\Cookies\olsen@advertising[1].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Olsen\Cookies\olsen@2o7[2].txt

C:\Documents and Settings\Olsen\Cookies\olsen@tradedoubler[2].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Olsen\Cookies\olsen@mediaplex[1].txt

C:\Documents and Settings\Olsen\Cookies\olsen@doubleclick[1].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Olsen\Cookies\olsen@adviva[1].txt

C:\Documents and Settings\Olsen\Cookies\olsen@adbrite[2].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Olsen\Cookies\olsen@atdmt[2].txt

C:\Documents and Settings\Olsen\Cookies\olsen@imrworldwide[2].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Olsen\Cookies\olsen@adtech[1].txt

C:\Documents and Settings\Olsen\Cookies\olsen@statcounter[2].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][2].txt

C:\Documents and Settings\Olsen\Cookies\[email protected][1].txt

C:\Documents and Settings\Olsen\Cookies\olsen@revsci[1].txt

 

Adware.180solutions/ZangoSearch

C:\SYSTEM VOLUME INFORMATION\_RESTORE{37D2EA6E-CC98-405A-BDD0-7802EF4A2C75}\RP134\A0025648.DLL

 

Adware.180solutions/Seekmo

C:\SYSTEM VOLUME INFORMATION\_RESTORE{37D2EA6E-CC98-405A-BDD0-7802EF4A2C75}\RP134\A0025649.DLL

 

 

 

 

ComboFix 08-04-14.2 - Olsen 2008-04-15 20:54:38.2 - NTFSx86

Running from: C:\Documents and Settings\Olsen\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))

.

 

2008-04-15 17:54 . 2008-04-15 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-04-15 17:54 . 2008-04-15 17:54 1,702,032 --a------ C:\ComboFix.exe

2008-04-15 17:53 . 2008-04-15 17:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-04-15 17:53 . 2008-04-15 17:53 <DIR> d-------- C:\Documents and Settings\Olsen\Application Data\SUPERAntiSpyware.com

2008-04-15 17:50 . 2008-04-15 17:50 401,720 --a------ C:\Program Files\HiJackThis.exe

2008-04-14 21:08 . 2008-04-14 21:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-14 21:08 . 2008-04-14 21:08 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-14 21:06 . 2008-04-14 21:07 <DIR> d-------- C:\Program Files\QuickTime

2008-04-14 21:06 . 2008-04-14 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-04-10 00:16 . 2008-04-10 00:18 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-04-09 15:11 . 2008-04-09 15:11 <DIR> d--h----- C:\Program Files\InstallShield Installation Information

2008-04-05 10:13 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-05 10:13 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-04-02 11:57 . 2008-04-02 11:57 <DIR> d-------- C:\Program Files\Lavasoft

2008-04-02 11:57 . 2008-04-02 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-04-02 09:38 . 2008-04-02 09:56 <DIR> d-------- C:\Documents and Settings\Olsen\Application Data\gtk-2.0

2008-04-02 09:38 . 2008-04-02 09:38 <DIR> d-------- C:\Documents and Settings\Olsen\.thumbnails

2008-04-02 09:33 . 2008-04-02 10:22 <DIR> d-------- C:\Documents and Settings\Olsen\.gimp-2.4

2008-04-02 09:32 . 2008-04-02 09:32 <DIR> d-------- C:\Program Files\GIMP-2.0

2008-03-31 18:48 . 2008-03-31 19:02 <DIR> d-------- C:\Documents and Settings\Olsen\Application Data\Dev-Cpp

2008-03-31 18:44 . 2008-03-31 18:45 <DIR> d-------- C:\Dev-Cpp

2008-03-31 18:31 . 2008-03-31 18:31 3 --a------ C:\WINDOWS\index.html

2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-03-27 16:59 . 2008-03-27 17:04 <DIR> d-------- C:\Program Files\Foxit Software

2008-03-27 15:39 . 2008-03-27 15:39 <DIR> d-------- C:\Documents and Settings\Olsen\Application Data\Apple Computer

2008-03-27 15:37 . 2008-03-27 15:37 <DIR> d-------- C:\Program Files\Safari

2008-03-27 15:37 . 2008-03-27 15:37 <DIR> d-------- C:\Program Files\Apple Software Update

2008-03-27 15:37 . 2008-03-27 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-03-27 02:00 . 2002-01-08 14:25 880 --a------ C:\DTemp.att

2008-03-27 01:59 . 2002-08-03 14:33 147,456 --a------ C:\DTemp.exe

2008-03-27 01:42 . 2008-03-27 01:42 <DIR> d-------- C:\Program Files\SiSoftware

2008-03-25 19:55 . 2008-03-25 20:10 <DIR> d-------- C:\slayer

2008-03-17 17:31 . 2008-03-17 17:31 <DIR> d-------- C:\Program Files\DemoForge

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-15 16:36 --------- d-----w C:\Documents and Settings\Olsen\Application Data\OpenOffice.org2

2008-04-15 15:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-04-15 15:51 6,905 ----a-w C:\Program Files\hijackthis.log

2008-04-09 13:11 --------- d-----w C:\Program Files\Google

2008-04-09 13:10 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-04-06 14:35 --------- d-----w C:\Documents and Settings\Olsen\Application Data\uTorrent

2008-04-03 16:38 --------- d-----w C:\Documents and Settings\Olsen\Application Data\Printer Info Cache

2008-04-03 16:38 --------- d-----w C:\Documents and Settings\Olsen\Application Data\Image Zone Express

2008-04-03 14:41 --------- d-----w C:\Program Files\Opera

2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-17 09:45 --------- d-----w C:\Program Files\Ahead

2008-03-13 14:45 --------- d-----w C:\Program Files\CCleaner

2008-03-12 23:20 --------- d-----w C:\Program Files\MSXML 6.0

2008-03-11 20:44 --------- d-----w C:\Program Files\MSBuild

2008-03-11 20:38 --------- d-----w C:\Program Files\Reference Assemblies

2008-03-02 15:02 --------- d-----w C:\Program Files\TomTom HOME 2

2008-03-02 15:02 --------- d-----w C:\Documents and Settings\Olsen\Application Data\TomTom

2008-03-02 15:01 --------- d-----w C:\Program Files\TomTom HOME

2008-03-02 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom

2008-03-02 14:22 --------- d-----w C:\Program Files\TomTom DesktopSuite

2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-17 15:11 --------- d-----w C:\Documents and Settings\Olsen\Application Data\MSNInstaller

2008-02-15 20:24 --------- d-----w C:\Program Files\TightVNC

2008-02-15 17:19 --------- d-----w C:\Program Files\KLM Royal Dutch Airlines

.

 

------- Sigcheck -------

 

2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2004-08-04 14:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2008-02-01 21:52 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS

2008-02-01 21:52 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS

 

2007-12-17 23:20 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe

.

((((((((((((((((((((((((((((( snapshot@2008-04-15_18.01.10,45 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-15 09:59:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-15 16:34:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-15 16:34:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-19 08:11 68856]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 12:58 206184]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16 5058560]

"nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe]

"nForce Tray Options"="sstray.exe" [2003-09-02 18:25 73728 C:\WINDOWS\system32\sstray.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

 

C:\Documents and Settings\Olsen\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=

"C:\\Program Files\\Opera\\Opera.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R3 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 18:43]

 

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-15 20:56:52

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-04-15 20:58:56

ComboFix-quarantined-files.txt 2008-04-15 18:58:34

ComboFix2.txt 2008-04-15 16:02:24

 

Pre-Run: 18,879,336,448 bytes free

Post-Run: 18,875,482,112 bytes free

.

2008-04-12 11:06:42 --- E O F ---

 

 

Endret 15. april 2008 av KillYou

[norbat]

Loggen(e) ser greie ut. Det er ingenting der som tyder på at PC-en er infisert. Hvilken 'epost-leverandør' benytter de (online.no / hotmail.com etc.....).

[KillYou]

mine foreldre bruker get