Sjekke loggen min?

-Tommy14- · 13. mai 2008

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:33:41, on 13.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\ESET\ESET Smart Security\ekrn.exe

C:\Programfiler\Analog Devices\SoundMAX\SMTray.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programfiler\RAM Idle LE\RAM_XP.exe

C:\Programfiler\ESET\ESET Smart Security\egui.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\winhlp32.exe

C:\Programfiler\DisplayFusion\DisplayFusion.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Steam\Steam.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Programfiler\Task Killer\TaskKiller.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\explorer.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [smapp] C:\Programfiler\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "c:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ibmmessages] c:\Programfiler\IBM\Messages By IBM\ibmmessages.exe

O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE

O4 - HKLM\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [RAM Idle Professional] C:\Programfiler\RAM Idle LE\RAM_XP.exe

O4 - HKLM\..\Run: [egui] "C:\Programfiler\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DisplayFusion] "C:\Programfiler\DisplayFusion\DisplayFusion.exe"

O4 - HKCU\..\Run: [AdobeUpdater] C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [JAVA_IBM] Java (IBM)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 7963 bytes

combofix

ComboFix 08-05-12.1 - --Tommy-- 2008-05-13 22:42:10.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.866 [GMT 2:00]

Running from: C:\Documents and Settings\--Tommy--\Skrivebord\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))

.

2008-05-13 16:47 . 2008-05-13 22:39 <DIR> dr-h----- C:\Documents and Settings\--Tommy--\Siste

2008-05-12 22:26 . 2008-05-12 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet

2008-05-12 21:44 . 2008-05-12 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ALM

2008-05-12 21:29 . 2008-05-12 21:29 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

2008-05-12 19:43 . 2008-05-12 20:42 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Download Manager

2008-05-10 11:59 . 2008-05-10 11:59 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Sierra

2008-05-10 00:09 . 1999-06-23 16:50 155,648 --a------ C:\WINDOWS\system32\AvidAVICodec.dll

2008-05-09 23:58 . 2008-05-09 23:58 <DIR> d-------- C:\Programfiler\Xvid

2008-05-09 23:58 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-05-09 23:58 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-05-09 23:58 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax

2008-05-06 18:45 . 2008-05-06 18:45 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-06 18:32 . 2008-05-06 18:46 <DIR> d-------- C:\Programfiler\CLUE

2008-05-02 00:49 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-05-02 00:49 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-05-02 00:49 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-05-01 23:39 . 2008-05-01 23:39 <DIR> d-------- C:\Programfiler\Audacity

2008-05-01 22:43 . 2008-05-01 22:43 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2008-05-01 18:38 . 2008-05-01 18:38 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-05-01 18:34 . 2008-05-01 18:34 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-05-01 18:31 . 2008-05-01 18:31 <DIR> d-------- C:\ATI

2008-05-01 17:12 . 2008-05-01 17:12 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared

2008-05-01 17:12 . 2008-05-01 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Adobe Systems

2008-05-01 17:11 . 2008-05-12 21:43 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-05-01 16:26 . 2008-05-01 16:26 <DIR> d-------- C:\Programfiler\Doblon

2008-05-01 15:10 . 2008-05-01 15:10 <DIR> d-------- C:\Programfiler\Opera

2008-05-01 15:10 . 2008-05-01 15:10 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Opera

2008-05-01 11:05 . 2008-05-01 11:05 <DIR> d-------- C:\games

2008-04-30 20:30 . 2008-04-30 20:30 268 --ah----- C:\sqmdata01.sqm

2008-04-30 20:30 . 2008-04-30 20:30 244 --ah----- C:\sqmnoopt01.sqm

2008-04-30 15:20 . 2008-04-30 19:50 <DIR> d-------- C:\Programfiler\Valve

2008-04-28 17:11 . 2004-08-04 01:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-04-26 17:00 . 2008-04-26 17:00 145 --a------ C:\WINDOWS\Eudcedit.ini

2008-04-24 19:03 . 2003-08-19 01:44 118,845 --a------ C:\WINDOWS\system32\Flurry.scr

2008-04-23 22:45 . 2008-04-23 22:45 <DIR> d-------- C:\Programfiler\Lavasoft

2008-04-23 22:45 . 2008-04-24 07:31 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-04-22 16:19 . 2008-05-02 04:49 14,216 --ah----- C:\WINDOWS\system32\mlfcache.dat

2008-04-22 15:39 . 2008-04-22 15:39 <DIR> d-------- C:\Programfiler\Safari

2008-04-22 15:38 . 2008-04-22 15:38 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-04-22 08:02 . 2008-04-22 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-04-22 06:59 . 2008-04-22 06:59 <DIR> d-------- C:\Programfiler\Trend Micro

2008-04-21 16:41 . 2008-04-21 16:41 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\WinRAR

2008-04-20 22:24 . 2008-04-20 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Creative

2008-04-20 21:58 . 1999-10-11 03:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2008-04-20 21:55 . 2008-04-20 21:58 <DIR> d-------- C:\Programfiler\Creative

2008-04-20 19:58 . 2008-04-20 20:00 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Ventrilo

2008-04-20 13:58 . 2008-04-26 01:13 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\LimeWire

2008-04-19 16:29 . 2008-04-19 16:29 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite

2008-04-19 10:21 . 2008-04-19 10:21 <DIR> d-------- C:\WINDOWS\Sun

2008-04-19 10:21 . 2008-04-19 10:21 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Sun

2008-04-18 22:28 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-04-18 22:26 . 2008-04-18 22:28 <DIR> d-------- C:\Programfiler\Java

2008-04-18 22:25 . 2008-04-18 22:25 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-04-18 16:16 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-04-18 16:16 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-04-18 16:16 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys

2008-04-18 16:16 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-04-18 15:38 . 2008-04-18 15:38 <DIR> d-------- C:\Programfiler\Windows Live Toolbar

2008-04-18 15:36 . 2008-04-16 15:36 <DIR> d-------- C:\Documents and Settings\--Tommy--\Contacts

2008-04-18 15:35 . 2008-04-17 22:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-04-18 15:30 . 2008-04-18 15:35 <DIR> d-------- C:\Programfiler\Windows Live

2008-04-18 15:30 . 2008-04-18 15:34 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-04-18 15:30 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-18 15:29 . 2008-05-13 21:50 <DIR> d-------- C:\Programfiler\Steam

2008-04-18 15:29 . 2008-04-15 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-04-18 15:27 . 2008-04-18 15:28 1,346 --a------ C:\WINDOWS\mozver.dat

2008-04-18 15:26 . 2006-03-17 02:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe

2008-04-18 15:25 . 2008-04-15 22:47 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-04-18 15:25 . 2008-04-18 15:25 <DIR> d-------- C:\Programfiler\TweakNow RegCleaner Std

2008-04-18 15:25 . 2008-04-18 15:25 <DIR> d-------- C:\Programfiler\RAM Idle LE

2008-04-18 15:25 . 2008-04-18 15:25 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Mozilla

2008-04-18 15:25 . 2002-09-22 12:42 17,408 --a------ C:\WINDOWS\Shortcut.exe

2008-04-18 15:25 . 2008-04-18 15:25 0 --a------ C:\WINDOWS\nsreg.dat

2008-04-18 15:24 . 2008-04-18 15:24 <DIR> d-------- C:\Programfiler\TweakNow WinSecret

2008-04-18 15:24 . 2008-04-18 15:24 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\TweakNow WinSecret

2008-04-18 15:23 . 2008-04-18 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ATI

2008-04-18 15:23 . 2008-04-18 15:23 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\ATI

2008-04-18 14:04 . 2008-04-18 14:10 <DIR> d-------- C:\Programfiler\Fellesfiler\ATI Technologies

2008-04-18 14:00 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-04-18 13:58 . 2008-04-18 13:58 <DIR> d-------- C:\Documents and Settings\LocalService\Start-meny

2008-04-18 13:50 . 2008-04-18 13:50 <DIR> d-------- C:\WINDOWS\provisioning

2008-04-18 13:48 . 2008-04-18 13:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-04-18 13:47 . 2008-04-18 13:47 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Macromedia

2008-04-18 13:44 . 2008-05-13 15:53 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Adobe

2008-04-18 13:44 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-04-18 13:44 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002170_.tmp

2008-04-18 13:41 . 2008-04-18 13:41 <DIR> d-------- C:\WINDOWS\EHome

2008-04-18 12:48 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll

2008-04-18 12:48 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll

2008-04-18 12:48 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl

2008-04-18 12:48 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll

2008-04-18 12:48 . 2004-08-03 14:00 186,648 --a------ C:\WINDOWS\system32\wuaueng1.dll

2008-04-18 12:48 . 2004-08-03 13:59 169,240 --a------ C:\WINDOWS\system32\wuauclt1.exe

2008-04-18 12:48 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll

2008-04-18 12:48 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\dllcache\wups.dll

2008-04-18 12:42 . 2008-04-18 12:42 <DIR> d---s---- C:\Documents and Settings\--Tommy--\UserData

2008-04-18 12:38 . 2008-04-18 12:22 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS

2008-04-18 12:38 . 2008-04-18 12:22 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS

2008-04-18 12:38 . 2008-04-18 12:22 <DIR> d-------- C:\Documents and Settings\--Tommy--\WINDOWS

2008-04-18 12:38 . 2008-04-16 17:18 <DIR> dr------- C:\Documents and Settings\--Tommy--\Start-meny

2008-04-18 12:38 . 2003-03-11 00:08 <DIR> d--h----- C:\Documents and Settings\--Tommy--\Skrivere

2008-04-18 12:38 . 2008-05-13 22:40 <DIR> d-------- C:\Documents and Settings\--Tommy--\Skrivebord

2008-04-18 12:38 . 2003-03-11 00:16 <DIR> dr-h----- C:\Documents and Settings\--Tommy--\SendTo

2008-04-18 12:38 . 2008-04-18 12:25 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Sonic

2008-04-18 12:38 . 2008-04-27 16:34 <DIR> d---s---- C:\Documents and Settings\--Tommy--\Programdata\Microsoft

2008-04-18 12:38 . 2003-03-11 00:23 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Identities

2008-04-18 12:38 . 2008-05-12 19:43 <DIR> d--h----- C:\Documents and Settings\--Tommy--\Programdata

2008-04-18 12:38 . 2008-05-13 22:19 <DIR> dr------- C:\Documents and Settings\--Tommy--\Mine dokumenter

2008-04-18 12:38 . 2008-05-12 21:44 <DIR> d--h----- C:\Documents and Settings\--Tommy--\Maler

2008-04-18 12:38 . 2008-04-15 21:01 <DIR> d--h----- C:\Documents and Settings\--Tommy--\Lokale innstillinger

2008-04-18 12:38 . 2008-04-16 16:51 <DIR> dr------- C:\Documents and Settings\--Tommy--\Favoritter

2008-04-18 12:38 . 2008-05-13 22:31 <DIR> d---s---- C:\Documents and Settings\--Tommy--\Cookies

2008-04-18 12:38 . 2008-05-02 11:16 <DIR> d--h----- C:\Documents and Settings\--Tommy--\AndrMask

2008-04-18 12:38 . 2008-05-13 16:47 <DIR> d-------- C:\Documents and Settings\--Tommy--

2008-04-18 12:38 . 2008-05-13 22:47 172,032 --ah----- C:\Documents and Settings\--Tommy--\ntuser.dat.LOG

2008-04-18 12:38 . 2008-04-18 12:38 1,024 --ah----- C:\Documents and Settings\Default User\ntuser.dat.LOG

2008-04-18 12:38 . 2008-04-18 12:38 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG

2008-04-18 12:33 . 2008-04-18 12:33 <DIR> d--hs---- C:\Recycled

2008-04-18 12:33 . 2008-04-18 12:33 61 --a------ C:\WINDOWS\smscfg.ini

2008-04-18 12:31 . 2008-04-18 12:31 <DIR> d-------- C:\Programfiler\PC-Doctor for Windows

2008-04-18 12:31 . 2003-03-26 22:15 282,624 --a------ C:\WINDOWS\system32\PCDrSystemInformation.dll

2008-04-18 12:31 . 2003-02-03 17:23 122,880 --a------ C:\WINDOWS\system32\JavaAccessBridge.dll

2008-04-18 12:31 . 2003-03-26 20:23 94,208 --a------ C:\WINDOWS\system32\PcdrKernelModeServices.dll

2008-04-18 12:31 . 2003-03-26 20:24 77,824 --a------ C:\WINDOWS\system32\ProgressTrace.dll

2008-04-18 12:31 . 2003-02-03 17:23 69,632 --a------ C:\WINDOWS\system32\WindowsAccessBridge.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-18 10:39 47 ----a-w C:\WINDOWS\system32\drivers\IBM_8194_D1G.MRK

2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys

2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll

2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll

2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll

2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll

2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll

2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2008-03-29 03:18 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-13 14:52 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys

2008-03-13 14:52 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys

2008-03-13 14:52 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys

2008-03-13 14:44 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys

2008-03-13 14:43 40,456 ----a-w C:\WINDOWS\system32\drivers\eamon.sys

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:39 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:39 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-16 22:35 3,080,704 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe

.

((((((((((((((((((((((((((((( snapshot@2008-04-22_ 7.06.01,89 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-21 20:42:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-13 16:39:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-22 13:38:43 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe

+ 2008-04-22 13:39:26 307,200 ----a-r C:\WINDOWS\Installer\{40589552-3892-409E-B92C-9F5032A4B2F0}\SafariIco.exe

+ 2008-05-08 17:16:44 65,536 ----a-r C:\WINDOWS\Installer\{49FC50FC-F965-40D9-89B4-CBFF80941033}\ARPPRODUCTICON.exe

- 2008-04-17 20:36:18 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe

+ 2008-04-26 18:07:02 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe

+ 2008-05-01 15:17:04 65,536 ----a-r C:\WINDOWS\Installer\{8FFC924C-ED06-44CB-8867-3CA778ECE903}\AppLanuchShortcut_E9787678103300008E67000000000001_1.exe

+ 2008-05-01 15:17:03 65,536 ----a-r C:\WINDOWS\Installer\{8FFC924C-ED06-44CB-8867-3CA778ECE903}\NewShortcut1_38345BD7BBBC49CAB430216AC471F461.exe

+ 2008-05-01 15:17:04 65,536 ----a-r C:\WINDOWS\Installer\{8FFC924C-ED06-44CB-8867-3CA778ECE903}\ProgramMenuShortcut_E9787678103300008E670000000001_1.exe

+ 2008-05-06 16:46:18 317,416 ----a-r C:\WINDOWS\Installer\{ACCE358D-3EF3-4343-A5DB-EDD4DC900E02}\Clue.exe

+ 2008-05-01 15:15:31 65,536 ----a-r C:\WINDOWS\Installer\{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}\AdobeBridge_B74D4E10103300000000000000000001_1.exe

+ 2008-05-01 15:15:31 65,536 ----a-r C:\WINDOWS\Installer\{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}\BridgeCommonShortcut_B74D4E101033000000000001_1.exe

+ 2008-05-01 15:15:30 1,904,640 ----a-r C:\WINDOWS\Installer\{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}\ESLaunchShortcut_B74D4E10103300000000000000000001.exe

+ 2008-05-01 15:15:31 61,440 ----a-r C:\WINDOWS\Installer\{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}\NewShortcut2_B74D4E10103300000000000000000001.exe

+ 2008-05-01 15:12:44 65,536 ----a-r C:\WINDOWS\Installer\{FA17A726-B229-4116-B793-A2AB1A4EAE2E}\ARPPRODUCTICON.exe

+ 2008-05-01 15:12:44 65,536 ----a-r C:\WINDOWS\Installer\{FA17A726-B229-4116-B793-A2AB1A4EAE2E}\NewShortcut2_FA17A726B2294116B793A2AB1A4EAE2E.exe

+ 2008-05-01 15:12:44 65,536 ----a-r C:\WINDOWS\Installer\{FA17A726-B229-4116-B793-A2AB1A4EAE2E}\NewShortcut8_B44FF44BFF374DC7AB88CA08FBC29240.exe

+ 2002-12-20 11:06:00 3,366,912 ----a-w C:\WINDOWS\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\moviemk.exe

- 2007-06-05 17:40:44 149,278 ----a-r C:\WINDOWS\system32\atiicdxx.dat

+ 2008-03-06 14:40:54 168,883 ----a-w C:\WINDOWS\system32\atiicdxx.dat

- 2007-06-27 01:30:44 972,072 ----a-r C:\WINDOWS\system32\ativva6x.dat

+ 2008-03-29 03:36:13 887,724 ----a-w C:\WINDOWS\system32\ativva6x.dat

+ 2002-12-20 11:06:00 3,366,912 ----a-w C:\WINDOWS\system32\dllcache\moviemk.exe

+ 2006-10-18 19:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll

- 2003-01-16 09:02:00 17,136 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys

+ 2007-03-07 23:51:00 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

- 2008-04-16 12:59:03 113,376 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-05-13 05:38:39 1,412,720 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2003-05-28 08:02:00 434,176 ----a-w C:\WINDOWS\system32\px.dll

+ 2007-03-07 23:51:00 547,576 ------w C:\WINDOWS\system32\px.dll

+ 2007-03-07 23:51:00 64,760 ------w C:\WINDOWS\system32\pxcpya64.exe

- 2003-05-30 08:00:00 274,432 ----a-w C:\WINDOWS\system32\pxdrv.dll

+ 2007-03-07 23:51:00 510,712 ------w C:\WINDOWS\system32\pxdrv.dll

+ 2008-05-01 15:10:35 53,248 ------w C:\WINDOWS\system32\pxhpinst.exe

+ 2007-03-07 23:51:00 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe

- 2003-05-28 08:02:00 139,264 ----a-w C:\WINDOWS\system32\pxmas.dll

+ 2007-03-07 23:51:00 187,128 ------w C:\WINDOWS\system32\pxmas.dll

+ 2007-03-07 23:51:00 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll

- 2003-05-28 08:02:00 397,312 ----a-w C:\WINDOWS\system32\pxwave.dll

+ 2007-03-07 23:51:00 379,640 ------w C:\WINDOWS\system32\pxwave.dll

- 2003-05-02 08:00:00 28,672 ----a-w C:\WINDOWS\system32\VXBLOCK.dll

+ 2007-03-07 23:51:00 39,672 ------w C:\WINDOWS\system32\VXBLOCK.dll

+ 2003-06-23 00:44:36 1,415,680 ----a-w C:\WINDOWS\system32\wmv9vcm.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

"Steam"="c:\programfiler\steam\steam.exe" [2008-04-18 15:30 1271032]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"DisplayFusion"="C:\Programfiler\DisplayFusion\DisplayFusion.exe" [2008-04-27 01:28 548528]

"AdobeUpdater"="C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mouse Suite 98 Daemon"="ICO.EXE" []

"Smapp"="C:\Programfiler\Analog Devices\SoundMAX\SMTray.exe" [2002-11-09 00:50 98304]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-20 19:15 315392]

"UC_SMB"="" []

"UC_Start"="C:\IBMTools\Updater\ucstartup.exe" [2003-03-17 23:27 32768]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-05-05 10:04 114741]

"StorageGuard"="c:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-02-13 10:01 155648]

"ibmmessages"="c:\Programfiler\IBM\Messages By IBM\ibmmessages.exe" [2003-05-06 04:34 528384]

"Hot Key Kbd Daemon"="SKDAEMON.EXE" [2002-07-02 01:24 40960 C:\WINDOWS\system32\SKDAEMON.EXE]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

"RAM Idle Professional"="C:\Programfiler\RAM Idle LE\RAM_XP.exe" [2006-01-17 05:38 135168]

"egui"="C:\Programfiler\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

C:\Documents and Settings\--Tommy--\Start-meny\Programmer\Oppstart\

Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 11 (0xb)

"NoStartMenuMFUprogramsList"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.avrn"= AvidAVICodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dbf45ba-0bb5-11dd-9ebd-0060087bb225}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

"2008-04-22 13:38:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-05-13 20:08:05 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-13 22:46:54

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

Completion time: 2008-05-13 22:50:18

ComboFix-quarantined-files.txt 2008-05-13 20:49:01

ComboFix2.txt 2008-04-25 22:04:19

ComboFix3.txt 2008-04-22 05:06:22

Pre-Run: 2,724,696,064 byte ledig

Post-Run: 1,075,408,896 byte ledig

294 --- E O F --- 2008-04-16 20:55:40

norbat · 13. mai 2008

Ser fint ut dette.

Har du mistanke om noe eller var det bare en sjekk?

-Tommy14- · 13. mai 2008

hadde en mistanke fordi nod32 er jeg litt usikker på om funker hundre prosent

norbat · 13. mai 2008

nod er et bra av-prog. hvis det er det du lurer på. Hvis du ikke har fått noen meldinger e.l om at det er noe rusk på PC-en (inkl. at loggene du har postet ser fine ut), tror jeg du kan slappe av

Logg inn

Sjekke loggen min?

Anbefalte innlegg

-Tommy14-

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

-Tommy14-

Lenke til kommentar

norbat

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Overrasket? Nei, det er FrP på gang igjen 1 2 3 4

Woke i moderne underholdningsindustri 1 2 3 4 505

Hvem er aktive 0 medlemmer