Hjelp til lesing av Sas, Combofix og hjthis logger.

[Grand]

Hei. Er det noen som gidder å lese disse loggene for meg? og se om jeg har noe snusk på pc-en.

Sas

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 02/09/2008 at 09:23 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3395

Trace Rules Database Version: 1387

 

Scan type : Complete Scan

Total Scan Time : 00:36:16

 

Memory items scanned : 507

Memory threats detected : 0

Registry items scanned : 4293

Registry threats detected : 0

File items scanned : 26824

File threats detected : 0

 

Hijackthis.

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:51:54, on 09.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\DNA\btdna.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Opera\Opera.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe

 

--

End of file - 7107 bytes

 

Combofix.

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-02.05.3 - Sander 2008-02-09 22:49:23.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1493 [GMT 1:00]

Running from: C:\Documents and Settings\Sander\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))

.

 

2008-02-09 22:47 . 2008-02-09 22:47 <DIR> dr-h----- C:\Documents and Settings\Sander\Siste

2008-02-09 22:43 . 2008-02-05 03:47 3,508 --a------ C:\Start_.cmd

2008-02-09 21:26 . 2004-08-04 13:00 388,096 --a------ C:\kmd.exe

2008-02-09 20:42 . 2008-02-09 20:42 <DIR> d-------- C:\Programfiler\Trend Micro

2008-02-09 19:57 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2008-02-09 19:56 . 2008-02-09 19:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-09 19:56 . 2008-02-09 19:56 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-06 22:46 . 2008-02-09 21:44 <DIR> d-------- C:\Programfiler\MpcStar

2008-02-06 22:46 . 2008-02-06 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-02-06 21:22 . 2008-02-06 21:22 <DIR> dr-h----- C:\Documents and Settings\Sander\Programdata\SecuROM

2008-02-06 21:22 . 2008-02-06 21:22 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-02-06 21:04 . 2008-02-06 21:04 <DIR> d-------- C:\WINDOWS\system32\AGEIA

2008-02-06 21:04 . 2008-02-06 21:04 <DIR> d-------- C:\Programfiler\Electronic Arts

2008-02-06 21:04 . 2008-02-06 21:04 <DIR> d-------- C:\Programfiler\AGEIA Technologies

2008-02-05 21:11 . 2008-02-05 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DAEMON Tools Pro

2008-02-05 21:07 . 2008-02-05 21:07 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-02-05 21:02 . 2008-02-09 20:47 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-02-05 21:02 . 2008-02-05 21:02 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\SUPERAntiSpyware.com

2008-02-05 21:02 . 2008-02-05 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-02-05 20:56 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-02-05 20:56 . 2007-03-08 00:51 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys

2008-02-05 20:56 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-02-05 20:56 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-02-05 16:57 . 2008-02-05 16:57 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-02-05 16:49 . 2008-02-05 16:49 <DIR> d-------- C:\Programfiler\id Software

2008-02-05 16:17 . 2008-02-05 16:17 <DIR> d-------- C:\Programfiler\Codemasters

2008-02-05 15:22 . 2008-02-05 15:22 <DIR> d-------- C:\Programfiler\DNA

2008-02-05 15:22 . 2008-02-05 15:22 <DIR> d-------- C:\Programfiler\BitTorrent

2008-02-05 15:22 . 2008-02-09 22:43 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\DNA

2008-02-05 15:22 . 2008-02-09 10:44 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\BitTorrent

2008-02-03 22:38 . 2008-02-03 22:38 <DIR> d-------- C:\Programfiler\Microsoft Silverlight

2008-02-03 21:39 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-02-03 21:38 . 2008-02-03 21:39 <DIR> d-------- C:\Programfiler\Java

2008-02-03 21:38 . 2008-02-03 21:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-02-03 20:39 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2008-02-03 20:39 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-02-03 20:19 . 2008-02-03 20:19 13,646 --a------ C:\WINDOWS\system32\wpa.bak

2008-02-02 22:12 . 2008-02-02 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion

2008-02-02 21:54 . 2008-02-02 21:54 <DIR> d-------- C:\Programfiler\Yahoo!

2008-02-02 21:54 . 2008-02-02 21:54 <DIR> d-------- C:\Programfiler\CCleaner

2008-02-02 19:29 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-02 19:29 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-02-02 19:29 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-01 22:44 . 2008-02-01 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Corel

2008-02-01 22:21 . 2008-02-01 22:21 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-02-01 21:44 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-02-01 21:43 . 2008-02-01 21:43 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition

2008-02-01 21:39 . 2008-02-02 19:28 <DIR> d-------- C:\Documents and Settings\Sander\Contacts

2008-02-01 21:32 . 2008-02-01 21:44 <DIR> d-------- C:\Programfiler\Windows Live

2008-02-01 21:32 . 2008-02-01 21:34 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-02-01 21:32 . 2008-02-01 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-02-01 21:21 . 2008-02-03 00:07 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\Ventrilo

2008-02-01 21:19 . 2008-02-01 21:19 <DIR> d-------- C:\Programfiler\Ventrilo

2008-02-01 21:19 . 2008-02-02 22:10 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\gtk-2.0

2008-02-01 21:18 . 2008-02-06 21:03 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-02-01 21:09 . 2008-02-02 23:54 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\.purple

2008-02-01 21:08 . 2008-02-05 18:10 <DIR> d-------- C:\Programfiler\Aspell

2008-02-01 21:07 . 2008-02-02 19:32 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-02-01 21:07 . 2008-02-05 18:10 <DIR> d-------- C:\Programfiler\Pidgin

2008-02-01 21:07 . 2008-02-01 21:07 <DIR> d-------- C:\Programfiler\Fellesfiler\GTK

2008-02-01 21:02 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-02-01 21:02 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat

2008-02-01 21:02 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-01-31 22:22 . 2008-01-31 22:22 <DIR> d-------- C:\WINDOWS\nview

2008-01-31 22:22 . 2008-01-31 22:22 <DIR> d-------- C:\NVIDIA

2008-01-31 22:22 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-01-31 22:22 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-01-31 22:22 . 2008-01-31 22:23 163,353 --a------ C:\WINDOWS\system32\nvapps.xml

2008-01-31 22:22 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-01-31 22:21 . 2008-01-31 22:21 <DIR> d-------- C:\Programfiler\Opera

2008-01-31 22:19 . 2008-01-31 22:19 16 --a------ C:\WINDOWS\system32\coh.cache

2008-01-31 22:07 . 2008-02-09 20:39 <DIR> d-------- C:\Documents and Settings\Sander\Programdata\Corel

2008-01-31 22:07 . 2008-01-31 22:07 <DIR> d-------- C:\Documents and Settings\All Users\My Music

2008-01-31 22:07 . 2008-02-09 20:39 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-01-31 22:07 . 2008-01-31 22:07 8 -r-hs---- C:\WINDOWS\system32\95D521C834.sys

2008-01-31 22:06 . 2008-01-31 22:07 <DIR> d-------- C:\Programfiler\Fellesfiler\Corel

2008-01-31 22:06 . 2008-01-31 22:06 <DIR> d-------- C:\Programfiler\Corel

2008-01-31 22:05 . 2008-01-31 22:05 <DIR> d-------- C:\Programfiler\InterVideo

2008-01-31 22:05 . 2005-11-16 00:42 45,056 --a------ C:\WINDOWS\system32\drivers\iviVD.sys

2008-01-31 22:05 . 2005-09-20 02:27 10,368 --a------ C:\WINDOWS\system32\iviaspi.sys

2008-01-31 22:05 . 2005-09-20 02:27 10,368 --------- C:\WINDOWS\system32\drivers\iviaspi.sys

2008-01-31 22:04 . 2008-02-01 21:01 <DIR> d-------- C:\Programfiler\Norton Internet Security

2008-01-31 22:04 . 2008-01-31 22:17 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-31 22:04 . 2008-01-31 22:17 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-01-31 22:04 . 2008-01-31 22:17 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-01-31 22:04 . 2008-01-31 22:17 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-01-31 22:03 . 2008-01-31 22:17 <DIR> d-------- C:\Programfiler\Symantec

2008-01-31 22:03 . 2008-02-09 21:27 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared

2008-01-31 22:03 . 2008-02-09 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Symantec

2008-01-31 22:00 . 2008-01-31 22:00 <DIR> d-------- C:\Programfiler\ASUS

2008-01-15 07:45 . 2008-01-15 07:45 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-01-15 07:45 . 2008-01-15 07:45 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-05 15:36 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-02-05 15:17 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-02-02 22:54 --------- d-----w C:\Documents and Settings\Sander\Programdata\.purple

2008-01-31 20:56 --------- d-----w C:\Programfiler\Attansic

2008-01-31 20:54 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-01-31 20:54 --------- d-----w C:\Programfiler\Realtek

2008-01-31 20:44 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines

2008-01-31 20:44 --------- d-----w C:\Programfiler\Fellesfiler\ODBC

2008-01-31 20:36 --------- d-----w C:\Programfiler\Intel

2008-01-31 20:09 --------- d-----w C:\Programfiler\microsoft frontpage

2008-01-31 20:08 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-01-31 20:07 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-01-31 20:07 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap

2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll

2007-12-05 00:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll

2007-12-05 00:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe

2007-12-05 00:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe

2007-12-05 00:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll

2007-12-05 00:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe

2007-12-05 00:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll

2007-12-05 00:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe

2007-12-05 00:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll

2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll

2007-12-05 00:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll

2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-02-05 15:22 290112]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 16126464 C:\WINDOWS\RTHDCPL.exe]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]

"osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-01-14 00:11 771704]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"Corel Photo Downloader"="C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 11:20 478800]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

InterVideo WinCinema Manager.lnk - C:\Programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-31 22:05:25 303104]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 20:53]

R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 20:52]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 15:12]

S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc []

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-02-04 19:25:30 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sander.job"

- C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exec/TASK:

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-09 22:49:59

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-02-09 22:50:11

.

2008-02-02 20:54:56 --- E O F ---

[norbat]

Loggene ser fine ut

 

Var det bare en sjekk eller har du mistanke om noe?

[Grand]

hadde litt mistanke av noe ja. Jeg skulle leite litt dypt i datamaskinen etter noen savegames fra et spill, men på vegen så fant jeg minst 20 mapper som jeg ikke viste hva var/er. ble litt bekymret. Så jeg scanna PC-en med norton, og avg rootkit.

De fant ingen ting. Men det er greit å ligge på den sikre siden, så jeg postet ett par logger her.

 

Tusen takk for at du gadd å ta deg tid til å skjekke de

Endret 9. februar 2008 av Sno

[norbat]

Og hva heter disse mappene og hvor fant du de?

[Grand]

Tror jeg har skrapt sammen de fleste filene jeg fant nå.

Lokal disk C > programfiler > fellesfiler.

- GTK

- MSSoap

- SpeechEngines

- ODBC

 

lokal disk C > programfiler

- Aspell

- ComPlus Applications

- AGEIA Technologies

- NetMeeting

 

lokal disk C > Documents and Settings > Sander

-Contacts

Mange av disse er tomme, men de som det er noe i er det merkelig fil navn på, f,eks wisc10.dll, ltts1033.lxa, gtk.immodules

[norbat]

De mappene og filene ser legale ut, så jeg tror ikke du uten videre skal begynne å slette noe. Hvis du vil finne ut hva de hører til, så er google en måte å finne det ut på

[Grand]

Ok, tusen takk for hjelp

[norbat]

Du kan avinstallere combofix ved å skrive combofix /u fra kjør-vinduet (start->kjør)

 

Surf trygt.