[Løst] Mine SAS, HijackThis og Combofix logger

[BendItLikeBender]

HeiHei.

 

Tenkte eg skulle renske pc'en.

Takk på forhånd

 

SAS:

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 08/14/2008 at 04:06 AM

 

Application Version : 4.15.1000

 

Core Rules Database Version : 3536

Trace Rules Database Version: 1525

 

Scan type : Quick Scan

Total Scan Time : 00:22:33

 

Memory items scanned : 486

Memory threats detected : 0

Registry items scanned : 316

Registry threats detected : 0

File items scanned : 15847

File threats detected : 8

 

Adware.Tracking Cookie

C:\Documents and Settings\Tarje\Cookies\tarje@atdmt[1].txt

 

BearShare File Sharing Client

F:\BEARSHARE\BEARSHARE.EXE

F:\UTORRENT\DOWNLOADS\BEARSHARE PRO + CRACK SETUP 5.2.4.1\CRACK\BEARSHARE.EXE

 

Trojan.Unclassified-Packed/Suspicious

F:\SYSTEM VOLUME INFORMATION\_RESTORE{08D13DBC-0266-401B-BDD0-C6CFE68A3ED8}\RP17\A0010487.DLL

F:\SYSTEM VOLUME INFORMATION\_RESTORE{08D13DBC-0266-401B-BDD0-C6CFE68A3ED8}\RP17\A0010565.DLL

F:\SYSTEM VOLUME INFORMATION\_RESTORE{08D13DBC-0266-401B-BDD0-C6CFE68A3ED8}\RP36\A0022725.DLL

F:\SYSTEM VOLUME INFORMATION\_RESTORE{08D13DBC-0266-401B-BDD0-C6CFE68A3ED8}\RP36\A0022758.DLL

 

Trojan.Unclassified/Loader-Suspicious

H:\BASIC HACK V4.0\LOADER.EXE

 

HijackThis:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:25:13, on 14.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Logitech\G-series Software\LGDCore.exe

C:\Programfiler\Logitech\G-series Software\LCDMon.exe

C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\UltraMon\UltraMon.exe

C:\WINDOWS\system32\ctfmon.exe

F:\DAEMON Tools Lite\daemon.exe

C:\Programfiler\UltraMon\UltraMonTaskbar.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\Skype\Phone\Skype.exe

F:\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

F:\WinAmp\winamp.exe

F:\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Tarje\Skrivebord\HijackThis\Haha.exe.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [LiveMonitor] C:\Programfiler\MSI\Live Update 3\LMonitor.exe

O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [ultraMon] "C:\Programfiler\UltraMon\UltraMon.exe" /auto

 

 

 

 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] F:\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - F:\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: Love - C:\WINDOWS\SYSTEM32\LoveFly.dll

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5083 bytes

 

ComboFix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-08-13.02 - Tarje 2008-08-14 4:18:06.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1472 [GMT 2:00]

Running from: C:\Documents and Settings\Tarje\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\disk.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))

.

 

2008-08-14 03:41 . 2008-08-14 03:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-14 03:41 . 2008-08-14 03:41 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\SUPERAntiSpyware.com

2008-08-14 03:41 . 2008-08-14 03:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-08-14 03:39 . 2008-08-14 04:16 <DIR> dr-h----- C:\Documents and Settings\Tarje\Siste

2008-08-14 00:01 . 2008-08-14 00:01 <DIR> dr-h----- C:\Documents and Settings\Tarje\Programdata\SecuROM

2008-08-14 00:01 . 2008-08-14 00:01 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Bioshock

2008-08-13 22:30 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-08-13 22:15 . 2008-08-13 22:15 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-08-11 15:21 . 2008-08-11 15:21 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-08-11 15:21 . 2008-08-11 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-08-08 21:54 . 2008-08-08 21:54 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-08-08 21:54 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-08-08 21:53 . 2008-08-08 21:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-08-08 21:53 . 2008-08-08 21:53 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-08-04 21:56 . 2008-08-08 00:07 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\dvdcss

2008-08-03 16:57 . 2008-08-14 04:15 8 --a------ C:\WINDOWS\system32\nvModes.dat

2008-08-03 16:56 . 2008-08-03 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\nView_Profiles

2008-08-03 16:54 . 2007-12-05 01:41 290,816 --a------ C:\WINDOWS\system32\nvwrsth.dll

2008-08-03 16:54 . 2007-12-05 01:41 253,952 --a------ C:\WINDOWS\system32\nvrsth.dll

2008-08-03 16:35 . 2008-08-03 16:35 <DIR> d-------- C:\Programfiler\UltraMon

2008-08-03 16:35 . 2008-08-03 16:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Realtime Soft

2008-08-03 16:35 . 2008-08-03 16:35 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Realtime Soft

2008-08-03 16:35 . 2008-08-03 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Realtime Soft

2008-08-03 16:06 . 2008-08-03 16:06 <DIR> d-------- C:\NVIDIA

2008-08-03 02:15 . 2008-08-03 02:15 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Apple Computer

2008-08-02 18:12 . 2008-08-02 18:12 <DIR> d-------- C:\WINDOWS\Sun

2008-08-02 18:10 . 2008-08-02 18:10 <DIR> d-------- C:\Programfiler\Java

2008-08-02 18:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-02 18:09 . 2008-08-02 18:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-08-02 14:15 . 2008-08-02 14:15 71,680 --a------ C:\WINDOWS\system32\LoveFly.dll

2008-07-31 18:10 . 2008-07-31 18:10 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\vlc

2008-07-31 04:06 . 2008-07-31 04:06 <DIR> d-------- C:\Programfiler\QuickTime

2008-07-31 04:06 . 2008-07-31 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-07-29 19:04 . 2008-07-29 19:04 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Ventrilo

2008-07-28 22:25 . 2008-07-28 22:25 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-07-28 22:25 . 2008-07-28 22:25 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-07-28 22:25 . 2008-07-28 22:25 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-07-28 22:25 . 2008-07-28 22:25 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER

2008-07-28 22:25 . 2008-07-28 22:25 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE

2008-07-27 00:36 . 2008-08-14 04:11 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\skypePM

2008-07-27 00:36 . 2008-08-14 04:19 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Skype

2008-07-27 00:36 . 2008-07-27 00:36 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-07-27 00:35 . 2008-07-27 00:35 <DIR> d-------- C:\Programfiler\Skype

2008-07-27 00:35 . 2008-07-27 00:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype

2008-07-27 00:35 . 2008-07-27 00:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype

2008-07-25 02:55 . 2008-07-25 02:55 <DIR> d---s---- C:\Documents and Settings\Tarje\UserData

2008-07-24 10:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-07-24 10:31 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-07-24 10:31 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-07-24 03:04 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-24 03:04 . 2008-06-14 20:00 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-24 03:00 . 2008-07-25 03:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-07-23 17:31 . 2008-07-25 06:08 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-07-23 17:21 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-07-23 17:21 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-07-23 17:14 . 2008-07-23 17:14 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\DAEMON Tools

2008-07-23 17:14 . 2008-07-23 17:14 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-07-23 17:12 . 2008-08-09 04:40 <DIR> d-------- C:\Programfiler\uTorrent

2008-07-23 17:12 . 2008-08-14 00:13 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\uTorrent

 

2008-07-23 17:05 . 2008-07-23 17:05 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Talkback

2008-07-23 17:05 . 2008-07-23 17:05 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-23 17:03 . 2008-07-23 17:03 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Creative

2008-07-23 17:02 . 2007-07-12 10:03 12,288 --a------ C:\WINDOWS\system32\drivers\EIO.sys

2008-07-23 17:01 . 2008-07-23 17:01 <DIR> d-------- C:\Programfiler\ASUS

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-14 02:14 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin

2008-08-13 21:43 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-07-23 16:11 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-07-23 16:11 --------- d-----w C:\Programfiler\Windows Live

2008-07-23 16:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-07-23 14:52 --------- d-----w C:\Programfiler\Fellesfiler\LogiShared

2008-07-23 14:52 --------- d-----w C:\Documents and Settings\Tarje\Programdata\Logitech

2008-07-23 14:52 --------- d-----w C:\Documents and Settings\Tarje\Programdata\Leadertech

2008-07-23 14:51 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-07-23 14:51 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-07-23 14:51 --------- d-----w C:\Programfiler\Fellesfiler\Logitech

2008-07-23 14:50 --------- d-----w C:\Programfiler\Logitech

2008-07-23 14:50 --------- d-----w C:\Documents and Settings\Tarje\Programdata\InstallShield

2008-07-23 14:50 --------- d-----w C:\Documents and Settings\All Users\Programdata\LogiShrd

2008-07-23 14:49 --------- d-----w C:\Documents and Settings\All Users\Programdata\Logitech

2008-07-23 14:47 --------- d-----w C:\Programfiler\Creative

2008-07-23 14:45 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-07-23 14:43 --------- d-----w C:\Programfiler\MSI

2008-07-23 14:40 --------- d-----w C:\Programfiler\Realtek Sound Manager

2008-07-23 14:40 --------- d-----w C:\Programfiler\Realtek AC97

2008-07-23 14:40 --------- d-----w C:\Programfiler\AvRack

2008-07-23 14:33 17,119 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2008-07-23 14:33 --------- d-----w C:\Programfiler\RALINK

2008-07-23 14:27 --------- d-----w C:\Programfiler\microsoft frontpage

2008-07-23 14:26 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-07-23 14:25 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CamTray.exe" [2004-11-18 04:50 258048]

"DAEMON Tools Lite"="F:\DAEMON Tools Lite\daemon.exe" [2008-07-17 14:20 490952]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]

"SUPERAntiSpyware"="F:\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LiveMonitor"="C:\Programfiler\MSI\Live Update 3\LMonitor.exe" [2006-05-29 18:07 484352]

"Launch LGDCore"="C:\Programfiler\Logitech\G-series Software\LGDCore.exe" [2006-03-06 17:31 1122304]

"Launch LCDMon"="C:\Programfiler\Logitech\G-series Software\LCDMon.exe" [2006-03-06 17:14 497152]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"UltraMon"="C:\Programfiler\UltraMon\UltraMon.exe" [2007-12-16 02:18 693536]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 577536 C:\WINDOWS\soundman.exe]

"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 03:00 36864 C:\WINDOWS\system32\V0060Pin.dll]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-07-23 16:51:08 692224]

Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2008-07-23 16:33:03 536576]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "F:\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 F:\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love]

2008-08-02 14:15 71680 C:\WINDOWS\system32\LoveFly.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"D:\\Guitar Hero III\\GH3.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"D:\\World of Warcraft\\Repair.exe"=

"D:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"D:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

R2 UltraMonUtility;UltraMon Utility Driver;C:\Programfiler\Fellesfiler\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 20:22]

R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 10:03]

R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 20:23]

R3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys [2005-02-02 10:15]

R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10:03]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2008-08-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-ASUSGamerOSD - C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Tarje\Programdata\Mozilla\Firefox\Profiles\gfma7h86.default\

FF -: plugin - F:\Mozilla Firefox\plugins\np32dsw.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npdivx32.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npnul32.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npoctoshape.dll

FF -: plugin - F:\Mozilla Firefox\plugins\NPOFF12.DLL

FF -: plugin - F:\Mozilla Firefox\plugins\nppdf32.dll

FF -: plugin - F:\Mozilla Firefox\plugins\nppl3260.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin.dll

 

 

 

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin2.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin3.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin4.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin5.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin6.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin7.dll

FF -: plugin - F:\Mozilla Firefox\plugins\nprjplug.dll

FF -: plugin - F:\Mozilla Firefox\plugins\nprpjplug.dll

FF -: plugin - F:\Mozilla Firefox\plugins\NPSWF32.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-14 04:19:16

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-08-14 4:19:39

ComboFix-quarantined-files.txt 2008-08-14 02:19:37

 

Pre-Run: 16,884,998,144 byte ledig

Post-Run: 16,877,314,048 byte ledig

 

212 --- E O F --- 2008-07-25 01:01:36

Endret 15. august 2008 av BendItLikeBender

[r2d290]

Eneste jeg ser, er en keylogger.

 

Start HijackThis

Velg: Do a systemscan only

 

Sett en hake i boksene foran disse linjene:

O20 - Winlogon Notify: Love - C:\WINDOWS\SYSTEM32\LoveFly.dll

Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked.

Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette.

 

Deretter avslutter du HijackThis og restarter maskinen.

 

Bruk Windows utforsker til å finne filen C:\WINDOWS\SYSTEM32\LoveFly.dll

Fjern denne. Husk også å fjerne den fra søppelbøtta.

 

 

 

Restart maskinen igjen.

 

 

 

Start HijackThis

Velg: Do a systemscan, and save a logfile

 

Post denne loggen i din neste post.

Post også en ny Combofix-logg

[BendItLikeBender]

Takk for svar

 

HijackThis:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:18:14, on 15.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\MSI\Live Update 3\LMonitor.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Programfiler\Logitech\G-series Software\LGDCore.exe

C:\Programfiler\Logitech\G-series Software\LCDMon.exe

C:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Programfiler\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\UltraMon\UltraMon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Creative\Shared Files\CamTray.exe

C:\Programfiler\UltraMon\UltraMonTaskbar.exe

F:\DAEMON Tools Lite\daemon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\Skype\Phone\Skype.exe

F:\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

F:\uTorrent\uTorrent.exe

F:\WinAmp\winamp.exe

C:\WINDOWS\system32\wuauclt.exe

F:\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Tarje\Skrivebord\HijackThis\Haha.exe.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [LiveMonitor] C:\Programfiler\MSI\Live Update 3\LMonitor.exe

O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [ultraMon] "C:\Programfiler\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] F:\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - F:\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5465 bytes

 

ComboFix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-08-14.01 - Tarje 2008-08-15 2:21:29.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1517 [GMT 2:00]

Running from: C:\Documents and Settings\Tarje\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))

.

 

2008-08-14 03:41 . 2008-08-14 03:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-14 03:41 . 2008-08-14 03:41 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\SUPERAntiSpyware.com

2008-08-14 03:41 . 2008-08-14 03:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-08-14 03:39 . 2008-08-15 02:18 <DIR> dr-h----- C:\Documents and Settings\Tarje\Siste

2008-08-14 00:01 . 2008-08-14 00:01 <DIR> dr-h----- C:\Documents and Settings\Tarje\Programdata\SecuROM

2008-08-14 00:01 . 2008-08-14 00:01 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Bioshock

2008-08-13 22:30 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-08-13 22:15 . 2008-08-13 22:15 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-08-11 15:21 . 2008-08-11 15:21 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-08-11 15:21 . 2008-08-11 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-08-08 21:54 . 2008-08-08 21:54 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-08-08 21:54 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-08-08 21:53 . 2008-08-08 21:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-08-08 21:53 . 2008-08-08 21:53 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-08-04 21:56 . 2008-08-08 00:07 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\dvdcss

2008-08-03 16:57 . 2008-08-14 04:15 8 --a------ C:\WINDOWS\system32\nvModes.dat

2008-08-03 16:56 . 2008-08-03 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\nView_Profiles

2008-08-03 16:54 . 2007-12-05 01:41 290,816 --a------ C:\WINDOWS\system32\nvwrsth.dll

2008-08-03 16:54 . 2007-12-05 01:41 253,952 --a------ C:\WINDOWS\system32\nvrsth.dll

2008-08-03 16:35 . 2008-08-03 16:35 <DIR> d-------- C:\Programfiler\UltraMon

2008-08-03 16:35 . 2008-08-03 16:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Realtime Soft

2008-08-03 16:35 . 2008-08-03 16:35 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Realtime Soft

2008-08-03 16:35 . 2008-08-03 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Realtime Soft

2008-08-03 16:06 . 2008-08-03 16:06 <DIR> d-------- C:\NVIDIA

2008-08-03 02:15 . 2008-08-03 02:15 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Apple Computer

2008-08-02 18:12 . 2008-08-02 18:12 <DIR> d-------- C:\WINDOWS\Sun

2008-08-02 18:10 . 2008-08-02 18:10 <DIR> d-------- C:\Programfiler\Java

2008-08-02 18:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-02 18:09 . 2008-08-02 18:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-07-31 18:10 . 2008-07-31 18:10 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\vlc

2008-07-31 04:06 . 2008-07-31 04:06 <DIR> d-------- C:\Programfiler\QuickTime

2008-07-31 04:06 . 2008-07-31 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-07-29 19:04 . 2008-07-29 19:04 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Ventrilo

2008-07-28 22:25 . 2008-07-28 22:25 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-07-28 22:25 . 2008-07-28 22:25 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-07-28 22:25 . 2008-07-28 22:25 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-07-28 22:25 . 2008-07-28 22:25 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER

2008-07-28 22:25 . 2008-07-28 22:25 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE

2008-07-27 00:36 . 2008-08-15 02:12 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\skypePM

2008-07-27 00:36 . 2008-08-15 02:17 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Skype

2008-07-27 00:36 . 2008-07-27 00:36 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-07-27 00:35 . 2008-07-27 00:35 <DIR> d-------- C:\Programfiler\Skype

2008-07-27 00:35 . 2008-07-27 00:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype

2008-07-27 00:35 . 2008-07-27 00:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype

2008-07-25 02:55 . 2008-07-25 02:55 <DIR> d---s---- C:\Documents and Settings\Tarje\UserData

2008-07-24 10:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-07-24 10:31 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-07-24 10:31 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-07-24 03:04 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-24 03:04 . 2008-06-14 20:00 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-24 03:00 . 2008-07-25 03:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-07-23 17:31 . 2008-07-25 06:08 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-07-23 17:21 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-07-23 17:21 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-07-23 17:14 . 2008-07-23 17:14 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\DAEMON Tools

2008-07-23 17:14 . 2008-07-23 17:14 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-07-23 17:12 . 2008-08-09 04:40 <DIR> d-------- C:\Programfiler\uTorrent

2008-07-23 17:12 . 2008-08-15 02:21 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\uTorrent

2008-07-23 17:05 . 2008-07-23 17:05 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Talkback

2008-07-23 17:05 . 2008-07-23 17:05 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-23 17:03 . 2008-07-23 17:03 <DIR> d-------- C:\Documents and Settings\Tarje\Programdata\Creative

2008-07-23 17:02 . 2007-07-12 10:03 12,288 --a------ C:\WINDOWS\system32\drivers\EIO.sys

2008-07-23 17:01 . 2008-07-23 17:01 <DIR> d-------- C:\Programfiler\ASUS

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-15 00:16 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin

2008-08-13 21:43 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-07-23 16:11 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-07-23 16:11 --------- d-----w C:\Programfiler\Windows Live

2008-07-23 16:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-07-23 14:52 --------- d-----w C:\Programfiler\Fellesfiler\LogiShared

2008-07-23 14:52 --------- d-----w C:\Documents and Settings\Tarje\Programdata\Logitech

2008-07-23 14:52 --------- d-----w C:\Documents and Settings\Tarje\Programdata\Leadertech

2008-07-23 14:51 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-07-23 14:51 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-07-23 14:51 --------- d-----w C:\Programfiler\Fellesfiler\Logitech

2008-07-23 14:50 --------- d-----w C:\Programfiler\Logitech

2008-07-23 14:50 --------- d-----w C:\Documents and Settings\Tarje\Programdata\InstallShield

2008-07-23 14:50 --------- d-----w C:\Documents and Settings\All Users\Programdata\LogiShrd

2008-07-23 14:49 --------- d-----w C:\Documents and Settings\All Users\Programdata\Logitech

2008-07-23 14:47 --------- d-----w C:\Programfiler\Creative

2008-07-23 14:45 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-07-23 14:43 --------- d-----w C:\Programfiler\MSI

2008-07-23 14:40 --------- d-----w C:\Programfiler\Realtek Sound Manager

2008-07-23 14:40 --------- d-----w C:\Programfiler\Realtek AC97

2008-07-23 14:40 --------- d-----w C:\Programfiler\AvRack

2008-07-23 14:33 17,119 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2008-07-23 14:33 --------- d-----w C:\Programfiler\RALINK

2008-07-23 14:27 --------- d-----w C:\Programfiler\microsoft frontpage

2008-07-23 14:26 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-07-23 14:25 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-14_ 4.19.29.67 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-12-04 23:41:00 5,773,568 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nv4_disp.dll

+ 2007-12-04 23:41:00 7,435,392 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nv4_mini.sys

+ 2007-12-04 23:41:00 385,024 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvapi.dll

+ 2007-12-04 23:41:00 35,328 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvcod.dll

+ 2007-12-04 23:41:00 8,523,776 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvcpl.dll

+ 2007-12-04 23:41:00 1,089,536 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvcuda.dll

+ 2007-12-04 23:41:00 6,549,504 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvdisps.dll

+ 2007-12-04 23:41:00 5,611,520 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvdispsr.dll

+ 2007-12-04 23:41:00 3,420,160 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvgames.dll

+ 2007-12-04 23:41:00 3,334,144 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvgamesr.dll

+ 2007-12-04 23:41:00 229,376 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvmccs.dll

+ 2007-12-04 23:41:00 188,416 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvmccss.dll

+ 2007-12-04 23:41:00 458,752 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvmccssr.dll

+ 2007-12-04 23:41:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvmctray.dll

+ 2007-12-04 23:41:00 1,228,800 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvmobls.dll

+ 2007-12-04 23:41:00 2,854,912 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvmoblsr.dll

+ 2007-12-04 23:41:00 286,720 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvnt4cpl.dll

+ 2007-12-04 23:41:00 6,901,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvoglnt.dll

+ 2007-12-04 23:41:00 155,716 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvsvc32.exe

+ 2007-12-04 23:41:00 3,710,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvvitvs.dll

+ 2007-12-04 23:41:00 3,715,072 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvvitvsr.dll

+ 2007-12-04 23:41:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvwddi.dll

+ 2007-12-04 23:41:00 2,498,560 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvwss.dll

+ 2007-12-04 23:41:00 2,519,040 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvwssr.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CamTray.exe" [2004-11-18 04:50 258048]

"DAEMON Tools Lite"="F:\DAEMON Tools Lite\daemon.exe" [2008-07-17 14:20 490952]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]

"SUPERAntiSpyware"="F:\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LiveMonitor"="C:\Programfiler\MSI\Live Update 3\LMonitor.exe" [2006-05-29 18:07 484352]

"Launch LGDCore"="C:\Programfiler\Logitech\G-series Software\LGDCore.exe" [2006-03-06 17:31 1122304]

"Launch LCDMon"="C:\Programfiler\Logitech\G-series Software\LCDMon.exe" [2006-03-06 17:14 497152]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"UltraMon"="C:\Programfiler\UltraMon\UltraMon.exe" [2007-12-16 02:18 693536]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 577536 C:\WINDOWS\soundman.exe]

"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 03:00 36864 C:\WINDOWS\system32\V0060Pin.dll]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-07-23 16:51:08 692224]

Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2008-07-23 16:33:03 536576]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "F:\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 F:\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Guitar Hero III\\GH3.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"D:\\World of Warcraft\\Repair.exe"=

"D:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"D:\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"F:\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

R2 UltraMonUtility;UltraMon Utility Driver;C:\Programfiler\Fellesfiler\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 20:22]

R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 10:03]

R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 20:23]

R3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys [2005-02-02 10:15]

R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-07-12 10:03]

.

Contents of the 'Scheduled Tasks' folder

 

2008-08-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Tarje\Programdata\Mozilla\Firefox\Profiles\gfma7h86.default\

FF -: plugin - F:\Mozilla Firefox\plugins\np32dsw.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npdivx32.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npnul32.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npoctoshape.dll

FF -: plugin - F:\Mozilla Firefox\plugins\NPOFF12.DLL

FF -: plugin - F:\Mozilla Firefox\plugins\nppdf32.dll

FF -: plugin - F:\Mozilla Firefox\plugins\nppl3260.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin2.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin3.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin4.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin5.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin6.dll

FF -: plugin - F:\Mozilla Firefox\plugins\npqtplugin7.dll

FF -: plugin - F:\Mozilla Firefox\plugins\nprjplug.dll

FF -: plugin - F:\Mozilla Firefox\plugins\nprpjplug.dll

FF -: plugin - F:\Mozilla Firefox\plugins\NPSWF32.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-15 02:22:34

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-08-15 2:23:00

ComboFix-quarantined-files.txt 2008-08-15 00:22:58

ComboFix2.txt 2008-08-14 02:19:40

 

Pre-Run: 16,656,793,600 byte ledig

Post-Run: 16,661,811,200 byte ledig

 

229 --- E O F --- 2008-07-25 01:01:36

[/skjul

[r2d290]

da ser det rent og pent ut.

 

Merker du noen fler problemer?

[BendItLikeBender]

Hadde egentlig ingen problemer i første omgang, einaste som var merkelig, var at wow accountene mine ble hacket.

Håper problemet ikkje oppstår igjen.

Tusen takk

[r2d290]

Ser på internett at det er flere som har fått WOW-brukeren hacket etter å ha LoveFly. Går ut ifra at det var problemet

 

 

Combofix må avinstalleres.

 

Gå til Start > Kjør

Skriv følgende i boksen:

• combofix /u
  

PS: legg merke til mellomrommet mellom X og /u

 

Trykk Enter.

 

Denne kommandoen vil:

• Fjerne følgende:
  • ComboFix og dets tilhørende filer og mapper.
    VundoFix backups, hvis de eksisterer.
    Mappen C:\Deckard, hvis den eksisterer
    Mappen C:\OtMoveIt, hvis den eksisterer
    

  [*] Nullstille klokke-instillingene.

   

  [*] Skjule filetternavn hvis det er nødvendig.

   

  [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

   

  [*] Nullstille systemgjennoprettingspunkter.

 

 

 

Du kan avinstallere HijackThis:

Start HijackThis, velg None of the above, just start the program.

Så trykker du på Config>>Misc Tools>>Uninstall HijackThis & exit>>Ja/Yes. Programmet er nå avinstallert.

 

SAS anbefaler jeg deg å beholde, og kjøre av og til, men hvis du likavel ønsker å kvitte deg med det, gjør du det fra legg til/fjern programmer.