[LØST]Noen som kan skjekke HJT-logg og combofix-logg?

krikol · 25. mai 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:13:08, on 25.05.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\COMODO\Firewall\cfp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Programfiler\J River\Media Center 12\Media Center 12.exe

C:\Programfiler\VisualTaskTips\VisualTaskTips.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE

C:\WINDOWS\explorer.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [bVRPLiveUpdate] C:\Programfiler\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\PROGRA~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ccleaner] "C:\Programfiler\CCleaner\CCleaner.exe" /AUTO

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [Media Center 12 Media Server] "C:\Programfiler\J River\Media Center 12\Media Center 12.exe" /MediaServer

O4 - HKCU\..\Run: [VisualTaskTips] C:\Programfiler\VisualTaskTips\VisualTaskTips.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Last.fm Helper.lnk = C:\Programfiler\Last.fm\LastFMHelper.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Programfiler\Betway\Casino\casinogame.exe

O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Programfiler\Betway\Poker\MPPoker.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programfiler\COMODO\Firewall\cmdagent.exe

--

End of file - 8734 bytes

Combofix

ComboFix 08-05-24.1 - Kristoffer 2008-05-25 17:52:15.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.488 [GMT 2:00]

Running from: C:\Documents and Settings\Kristoffer\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\_000047_.tmp.dll

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))

.

2008-05-25 18:00 . 2008-05-25 18:00 <DIR> dr-h----- C:\Documents and Settings\Kristoffer\Siste

2008-05-13 19:45 . 2008-05-23 17:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-13 19:45 . 2008-05-13 19:45 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-09 15:48 . 2008-05-09 15:49 <DIR> d-------- C:\Programfiler\QuickTime

2008-05-09 15:43 . 2008-05-09 15:44 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-05-05 19:22 . 2008-05-05 19:23 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-04-25 23:30 . 2008-04-25 23:30 <DIR> d-------- C:\Programfiler\SIW

2008-04-25 20:00 . 2008-04-25 20:42 <DIR> d-------- C:\Documents and Settings\Kristoffer\Programdata\Canon

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-25 11:22 --------- d-----w C:\Documents and Settings\Kristoffer\Programdata\LimeWire

2008-05-25 11:14 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdGuard.sys

2008-05-25 11:14 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-05-13 19:35 --------- d-----w C:\Documents and Settings\Kristoffer\Programdata\dvdcss

2008-04-26 19:37 --------- d-----w C:\Programfiler\LimeWire

2008-04-22 22:07 --------- d-----w C:\Programfiler\Unity

2008-04-08 18:17 --------- d-----w C:\Programfiler\Opera

2008-04-01 10:55 --------- d-----w C:\Programfiler\Avanquest update

2007-09-18 20:26 84,418 ----a-w C:\Documents and Settings\All Users\Programdata\firstlsp.reg.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 16:34 3739672]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-09 15:02 1481968]

"ccleaner"="C:\Programfiler\CCleaner\CCleaner.exe" [2008-04-23 18:19 1189104]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 15:29 356352]

"Media Center 12 Media Server"="C:\Programfiler\J River\Media Center 12\Media Center 12.exe" [2008-03-30 17:47 7086080]

"VisualTaskTips"="C:\Programfiler\VisualTaskTips\VisualTaskTips.exe" [2008-02-19 12:13 61440]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2003-09-26 11:01 98304]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2003-09-26 11:01 503808]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-22 11:33 262401]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-12-14 14:14 185896]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"COMODO Firewall Pro"="C:\Programfiler\COMODO\Firewall\cfp.exe" [2008-05-25 13:05 1575680]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]

"BVRPLiveUpdate"="C:\Programfiler\Avanquest update\Engine\Setup.exe" [ ]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-12-12 00:23:07 692224]

Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2008-02-06 22:16:27 536576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\BitLord\\BitLord.exe"=

"C:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Programfiler\\Opera\\Opera.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"C:\\Program Files\\Microprose\\Risk II\\RISKII.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-25 13:14]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-25 13:14]

R3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-19 00:44]

S3 lc3pkt_2.1;LC3 Packet Driver;C:\Programfiler\@stake\LC4\lc3pkt.sys []

S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []

S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 19:23]

S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 19:23]

S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 19:23]

S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 19:23]

S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 19:23]

S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 19:23]

S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 19:24]

S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 08:52]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{863d0280-258c-11dd-b3b3-0040d07c5846}]

\Shell\AutoRun\command - wd_windows_tools\setup.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-05-12 07:06:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-25 18:00:41

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Kristoffer\Lokale innstillinger\Programdata\Apple Computer\QuickTime\downloads\00\06

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Programfiler\VisualTaskTips\VttHooks.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\scardsvr.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.exe

.

**************************************************************************

.

Completion time: 2008-05-25 18:11:56 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-25 16:11:44

Pre-Run: 14,529,998,848 byte ledig

Post-Run: 15,436,705,792 byte ledig

147 --- E O F --- 2008-05-19 10:18:10

Endret 25. mai 2008 av krikol

norbat · 25. mai 2008

Klarer ikke å se noe malware i disse loggene.

Har du mistanke om noe eller var det bare en sjekk?

krikol · 25. mai 2008

Var bare en sjekk :yes: Takk for at du så over det

Logg inn

[LØST]Noen som kan skjekke HJT-logg og combofix-logg?

Anbefalte innlegg

krikol

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

krikol

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Overrasket? Nei, det er FrP på gang igjen 1 2 3 4 5

Woke i moderne underholdningsindustri 1 2 3 4 505

Elbil-tråden 1 2 3 4 1015

Hvem er aktive 0 medlemmer