Sjekk av antispyware/antiviruslogger

[Gjest Slettet+987123897]

SUPERAntispyware:

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/02/2008 at 03:16 PM

 

Application Version : 4.1.1046

 

Core Rules Database Version : 3472

Trace Rules Database Version: 1463

 

Scan type : Complete Scan

Total Scan Time : 00:14:22

 

Memory items scanned : 330

Memory threats detected : 0

Registry items scanned : 3810

Registry threats detected : 0

File items scanned : 13216

File threats detected : 0

 

Adware.Tracking Cookie

.adtech.de [ C:\Documents and Settings\NAVN\Programdata\Mozilla\Firefox\Profiles\j1x75lcq.default\cookies.txt ]

track.adform.net [ C:\Documents and Settings\NAVN\Programdata\Mozilla\Firefox\Profiles\j1x75lcq.default\cookies.txt ]

track.adform.net [ C:\Documents and Settings\NAVN\Programdata\Mozilla\Firefox\Profiles\j1x75lcq.default\cookies.txt ]

.advertising.com [ C:\Documents and Settings\NAVN\Programdata\Mozilla\Firefox\Profiles\j1x75lcq.default\cookies.txt ]

.advertising.com [ C:\Documents and Settings\NAVN\Programdata\Mozilla\Firefox\Profiles\j1x75lcq.default\cookies.txt ]

.advertising.com [ C:\Documents and Settings\NAVN\Programdata\Mozilla\Firefox\Profiles\j1x75lcq.default\cookies.txt ]

.advertising.com [ C:\Documents and Settings\NAVN\Programdata\Mozilla\Firefox\Profiles\j1x75lcq.default\cookies.txt ]

.tradedoubler.com [ C:\Documents and Settings\NAVN\Programdata\Mozilla\Firefox\Profiles\j1x75lcq.default\cookies.txt ]

.tradedoubler.com [ C:\Documents and Settings\NAVN\Programdata\Mozilla\Firefox\Profiles\j1x75lcq.default\cookies.txt ]

.tradedoubler.com [ C:\Documents and Settings\NAVN\Programdata\Mozilla\Firefox\Profiles\j1x75lcq.default\cookies.txt ]

.doubleclick.net [ C:\Documents and Settings\NAVN\Programdata\Mozilla\Firefox\Profiles\j1x75lcq.default\cookies.txt ]

 

 

Combofix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-06-01.6 - NAVN 2008-06-02 15:24:59.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1523 [GMT 2:00]

Running from: C:\Documents and Settings\NAVN\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))

.

 

2008-06-02 14:52 . 2008-06-02 15:23 <DIR> dr-h----- C:\Documents and Settings\NAVN\Siste

2008-06-02 14:52 . 2008-06-02 15:23 <DIR> dr-h----- C:\Documents and Settings\NAVN\Siste

2008-06-02 14:38 . 2008-06-02 14:38 94,208 --a------ C:\WINDOWS\ScUnin.exe

2008-06-02 14:38 . 2008-06-02 14:38 12,912 --a------ C:\WINDOWS\scunin.dat

2008-06-02 14:38 . 2008-06-02 14:38 967 --a------ C:\WINDOWS\ScUnin.pif

2008-05-30 15:48 . 2008-05-30 15:49 <DIR> d-------- C:\Documents and Settings\NAVN\Programdata\Ventrilo

2008-05-29 17:49 . 2008-05-29 17:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-05-28 22:32 . 2008-05-28 22:32 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-05-28 22:32 . 2008-05-28 22:32 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-05-28 22:32 . 2008-05-28 22:32 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-05-28 21:58 . 2008-05-28 22:00 <DIR> d-------- C:\Programfiler\Clue

2008-05-23 18:38 . 2008-05-23 18:38 <DIR> d-------- C:\Documents and Settings\NAVN\Programdata\SUPERAntiSpyware.com

2008-05-23 18:38 . 2008-05-23 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-05-23 18:37 . 2008-05-23 18:37 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-23 16:50 . 2008-05-23 16:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\media center programs

2008-05-20 17:46 . 2008-05-31 01:21 <DIR> d-------- C:\Documents and Settings\NAVN\Programdata\OpenOffice.org2

2008-05-17 19:31 . 2008-05-17 19:31 <DIR> d-------- C:\Documents and Settings\NAVN\Programdata\vlc

2008-05-15 00:52 . 2008-06-02 14:14 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-05-15 00:52 . 2008-05-15 00:52 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-05-15 00:52 . 2008-05-15 00:52 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-05-15 00:51 . 2008-05-15 00:51 <DIR> d-------- C:\Programfiler\AVG

2008-05-15 00:42 . 2008-05-30 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avg8

2008-05-14 16:14 . 2008-05-14 18:30 <DIR> d-------- C:\Documents and Settings\NAVN\Programdata\Apple Computer

2008-05-14 16:14 . 2008-05-31 22:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-14 16:14 . 2008-05-14 16:14 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-14 16:13 . 2008-05-14 16:13 <DIR> d-------- C:\Programfiler\iPod

2008-05-14 16:13 . 2008-05-14 16:13 <DIR> d-------- C:\Programfiler\Bonjour

2008-05-14 16:12 . 2008-05-14 16:13 <DIR> d-------- C:\Programfiler\QuickTime

2008-05-14 16:12 . 2008-05-14 16:12 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-05-14 16:12 . 2008-05-14 16:12 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-05-14 16:12 . 2008-05-14 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-05-14 16:12 . 2008-05-14 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-05-14 16:12 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-05-14 16:12 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

2008-05-14 16:11 . 2008-05-14 16:11 <DIR> d-------- C:\NVIDIA

2008-05-14 14:56 . 2008-04-14 18:22 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-05-14 14:56 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-05-14 14:56 . 2008-04-13 20:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-05-14 14:56 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-05-13 15:33 . 2008-05-13 15:33 720,896 --a------ C:\WINDOWS\iun6002ev.exe

2008-05-12 23:21 . 2008-05-12 23:21 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-05-12 17:08 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-05-12 16:19 . 2008-05-12 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Funcom

2008-05-12 16:01 . 2008-05-25 00:00 <DIR> d-------- C:\Documents and Settings\NAVN\Programdata\skypePM

2008-05-12 16:01 . 2008-05-12 16:01 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-05-12 15:58 . 2008-05-24 23:51 <DIR> d-------- C:\Documents and Settings\NAVN\Programdata\Skype

2008-05-12 15:57 . 2008-05-15 14:25 <DIR> d-------- C:\Programfiler\Skype

2008-05-12 15:57 . 2008-05-12 15:57 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype

2008-05-12 15:57 . 2008-05-12 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype

2008-05-12 15:56 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-05-12 15:56 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-05-12 15:56 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-11 20:45 . 2008-05-11 20:45 <DIR> d-------- C:\Programfiler\OpenOffice.org 2.3

2008-05-11 20:04 . 2008-05-11 20:20 <DIR> d-------- C:\Documents and Settings\NAVN\Contacts

2008-05-11 20:04 . 2008-05-11 20:20 <DIR> d-------- C:\Documents and Settings\NAVN\Contacts

2008-05-11 20:01 . 2008-05-11 20:03 <DIR> d-------- C:\Programfiler\Windows Live

2008-05-11 20:01 . 2008-05-11 20:03 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-05-11 20:01 . 2008-05-11 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-05-11 19:42 . 2008-03-01 15:05 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-05-11 19:42 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-05-11 19:42 . 2007-03-08 07:11 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-05-11 19:42 . 2008-03-01 15:05 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-05-11 19:42 . 2008-03-01 15:05 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-05-11 19:42 . 2008-03-01 15:05 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-05-11 19:42 . 2008-03-01 15:05 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-05-11 19:42 . 2008-03-01 15:05 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-05-11 19:42 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-05-11 19:19 . 2008-05-11 19:19 <DIR> d-------- C:\WINDOWS\system32\no

2008-05-11 19:19 . 2008-05-11 19:43 <DIR> d-------- C:\WINDOWS\system32\nb-no

2008-05-11 19:19 . 2008-05-11 19:19 <DIR> d-------- C:\WINDOWS\system32\bits

2008-05-11 19:19 . 2008-05-11 19:19 <DIR> d-------- C:\WINDOWS\l2schemas

2008-05-11 19:10 . 2008-05-11 19:10 <DIR> d-------- C:\Documents and Settings\NAVN\Programdata\InstallShield

2008-05-11 19:10 . 2007-03-20 19:05 73,728 --a------ C:\WINDOWS\system32\Diamondback.cpl

2008-05-11 19:10 . 2005-04-24 22:43 13,225 --a------ C:\WINDOWS\system32\drivers\Razerlow.sys

2008-05-11 19:07 . 2008-04-14 18:22 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll

2008-05-11 19:06 . 2008-05-11 19:06 <DIR> d-------- C:\Programfiler\uTorrent

2008-05-11 19:06 . 2008-06-01 14:45 <DIR> d-------- C:\Documents and Settings\NAVN\Programdata\uTorrent

2008-05-11 19:05 . 2008-05-11 19:05 1,156 --a------ C:\WINDOWS\mozver.dat

2008-05-11 19:02 . 2008-05-11 19:02 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-11 18:56 . 2008-05-28 22:35 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-05-11 18:55 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-05-11 18:04 . 2008-05-11 19:03 <DIR> d-------- C:\Documents and Settings\NAVN\Programdata\AVGTOOLBAR

2008-05-11 17:57 . 2008-05-11 17:57 <DIR> d-------- C:\Programfiler\Zone Labs

2008-05-11 17:19 . 2008-05-11 17:19 <DIR> d-------- C:\Norton Backups

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-02 13:26 17,090,592 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-06-01 21:11 202,208 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-30 20:03 1,585,664 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp

2008-05-29 21:33 1,567,232 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp

2008-05-29 21:29 1,572,352 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp

2008-05-27 14:06 1,543,680 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp

2008-05-27 14:01 1,543,168 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp

2008-05-26 20:05 1,537,024 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp

2008-05-22 13:24 1,512,448 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp

2008-05-18 20:44 1,501,184 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp

2008-05-18 16:22 354,816 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp

2008-05-18 12:47 1,496,576 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp

2008-05-17 10:35 1,478,144 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2008-05-11 17:10 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-11 15:18 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-05-11 15:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-05-11 15:12 --------- d-----w C:\Documents and Settings\All Users\Programdata\Avira

2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 16:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll

2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 16:20 7,680 ------w C:\WINDOWS\system32\kbdsmsno.dll

2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 16:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:19 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 15:48 40,192 ------w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 15:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 15:47 2,949,120 ----a-w C:\WINDOWS\system32\wmploc.dll

2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 15:45 167,424 ------w C:\WINDOWS\system32\wmerror.dll

2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 15:39 8,192 ----a-w C:\WINDOWS\system32\asferror.dll

2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-14 07:23 11,264 ------w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 07:22 987,136 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 07:22 423,936 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe]

"Diamondback"="E:\Programfiler\Razer\Diamondback\razerhid.exe" [2007-02-14 11:15 147456]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-15 00:51 1177368]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 18:22 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

E:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 E:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 E:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-30 10:36 267048 E:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-28 23:37 413696 C:\Programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-05-12 20:33 1271032 E:\Programfiler\Steam\Steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Installasjonsfiler\\utorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"E:\\Programfiler\\iTunes\\iTunes.exe"=

"E:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-15 00:52]

R2 avg8wd;AVG8 WatchDog;E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-15 00:51]

R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 22:43]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16]

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-02 15:26:40

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-06-02 15:27:12

ComboFix-quarantined-files.txt 2008-06-02 13:27:08

 

Pre-Run: 10,446,684,160 byte ledig

Post-Run: 10,454,278,144 byte ledig

 

263 --- E O F --- 2008-05-28 20:35:53

HJT:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:43:47, on 02.06.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\SOUNDMAN.EXE

E:\Programfiler\Razer\Diamondback\razerhid.exe

C:\WINDOWS\system32\RUNDLL32.EXE

E:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\ctfmon.exe

E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

E:\PROGRA~1\AVG\AVG8\avgrsx.exe

E:\Programfiler\Razer\Diamondback\razertra.exe

E:\Programfiler\Razer\Diamondback\razerofa.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

E:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\explorer.exe

E:\Programfiler\Mozilla Firefox\firefox.exe

E:\Programfiler\vscnr.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Programfiler\AVG\AVG8\avgssie.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Diamondback] E:\Programfiler\Razer\Diamondback\razerhid.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210524880687

O17 - HKLM\System\CCS\Services\Tcpip\..\{178C37D7-9D7B-457C-A82A-78DC116BA9E0}: NameServer = 10.0.0.138,10.0.0.137

O17 - HKLM\System\CS1\Services\Tcpip\..\{178C37D7-9D7B-457C-A82A-78DC116BA9E0}: NameServer = 10.0.0.138,10.0.0.137

O17 - HKLM\System\CS2\Services\Tcpip\..\{178C37D7-9D7B-457C-A82A-78DC116BA9E0}: NameServer = 10.0.0.138,10.0.0.137

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Programfiler\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - E:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 5311 bytes

[r2d290]

Hijackthis-loggen din er hvertfall ren, så vidt jeg kan se

Coockiene som SAS fant, er ikke noe å bry seg om

 

er det noen problemer, eller bare rutinemessig sjekk?

Endret 2. juni 2008 av r2d290

[Gjest Slettet+987123897]

Hijackthis-loggen din er hvertfall ren, så vidt jeg kan se

Coockiene som SAS fant, er ikke noe å bry seg om

 

er det noen problemer, eller bare rutinemessig sjekk?

Litt begge deler. Skulle innstallere StarCraft og Brood War i dag for å spille litt igjen. Det kom opp en feilmelding om at noe hadde gått galt, så jeg googlet det. Her stod det at virus kunne være årsaken. Om loggene er rene så er i alle fall ikke det feilen:)

[r2d290]

Jeg har ikke analysert combofix-loggen. Mulig det er noe der, men det må noen andre sjekke

[norbat]

Combo-loggen ser også grei ut