[LØST]Spyware sjekk SAS, Combofix, HJT

[RMBB]

Her er loggene. På forhånd takk!

 

HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:45:03, on 12.08.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\iPod Access for Windows\iPAHelper.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\Fellesfiler\New Boundary\PrismXL\PRISMXL.SYS

C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Programfiler\Alcohol Soft\Alcohol 120\Alcohol.exe

C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Programfiler\PestPatrol\PPControl.exe

C:\Programfiler\PestPatrol\PPMemCheck.exe

C:\Programfiler\PestPatrol\CookiePatrol.exe

C:\Programfiler\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hardware.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programfiler\FlashFXP\IEFlash.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Alcohol.exe Autorun] "C:\Programfiler\Alcohol Soft\Alcohol 120\Alcohol.exe" /startup

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programfiler\PestPatrol\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\Programfiler\PestPatrol\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\Programfiler\PestPatrol\CookiePatrol.exe

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Programfiler\Windows Media Player\WMPNSCFG.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O15 - Trusted Zone: http://support.asus.com

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab

O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp08.photoprintit.de/microsite/502...geUploader3.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su/ocx/15029/CTPID.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPAHelper.exe - Unknown owner - C:\Programfiler\iPod Access for Windows\iPAHelper.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Programfiler\Fellesfiler\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

--

End of file - 9606 bytes

 

 

 

Combofix

 

ComboFix 08-08-11.01 - XXX 2008-08-12 8:31:30.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.352 [GMT 2:00]

Running from: C:\Documents and Settings\XXX\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))

.

 

2009-04-30 08:50 . 2009-04-30 08:50 <DIR> d-------- C:\Programfiler\VIA

2009-04-25 14:02 . 2009-04-25 14:02 <DIR> d-------- C:\Programfiler\Avanquest update

2009-04-25 14:01 . 2008-04-30 15:31 <DIR> d-------- C:\Programfiler\Sony Ericsson

2009-04-22 11:11 . 2009-04-22 11:11 <DIR> d-------- C:\Programfiler\iPod Access for Windows

2009-04-22 10:56 . 2009-04-22 10:57 <DIR> d-------- C:\Programfiler\iTunes

2009-04-22 10:56 . 2009-04-22 10:56 <DIR> d-------- C:\Programfiler\iPod

2009-04-22 10:54 . 2009-04-22 10:54 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-08-11 13:35 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll

2008-08-11 11:20 . 2008-08-11 14:33 <DIR> dr-h----- C:\Documents and Settings\XXX\Siste

2008-08-11 11:19 . 2008-08-11 11:20 <DIR> d-------- C:\Programfiler\CCleaner

2008-07-30 13:31 . 2008-07-30 13:34 <DIR> d-------- C:\Documents and Settings\XXX\Programdata\My Games

2008-07-30 13:31 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-07-30 13:27 . 2008-07-30 13:27 <DIR> d-------- C:\Programfiler\Firaxis Games

2008-07-29 15:57 . 2008-07-29 15:57 <DIR> d-------- C:\Programfiler\MSXML 6.0

2008-07-29 15:56 . 2008-07-29 15:57 <DIR> d-------- C:\Programfiler\Nokia

2008-07-29 15:56 . 2008-07-29 15:56 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-29 06:26 --------- d-----w C:\Programfiler\Apple Software Update

2009-04-25 12:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\BVRP Software

2009-04-22 09:11 --------- d-----w C:\Documents and Settings\All Users\Programdata\Findley Designs

2009-04-22 08:56 --------- d-----w C:\Programfiler\QuickTime

2009-04-22 08:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2009-04-09 06:51 --------- d-----w C:\Programfiler\SystemRequirementsLab

2009-04-04 09:37 --------- d-----w C:\Documents and Settings\XXX\Programdata\AdobeUM

2008-08-11 12:32 --------- d-----w C:\Programfiler\SUPERAntiSpyware

2008-08-11 12:30 --------- d-----w C:\Programfiler\PestPatrol

2008-08-11 09:21 --------- d-----w C:\Documents and Settings\XXX\Programdata\SUPERAntiSpyware.com

2008-08-11 09:20 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-07-30 11:34 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-07-29 13:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations

2008-07-22 11:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\DVD Shrink

2008-07-22 08:12 --------- d-----w C:\Programfiler\Java

2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:36 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-13 10:17 --------- d-----w C:\Programfiler\Creative

2008-06-13 10:17 --------- d-----w C:\Documents and Settings\All Users\Programdata\Creative

2008-06-13 10:14 --------- d-----w C:\Documents and Settings\XXX\Programdata\Creative

2008-06-13 08:32 --------- d--h--w C:\Programfiler\Creative Installation Information

2008-06-13 08:31 --------- d-----w C:\Programfiler\Fellesfiler\Creative

2008-05-07 09:01 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008050720080508\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 17:56 1289000]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12 1314816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 15:29 7561216]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 15:29 86016]

"Acrobat Assistant 7.0"="C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52 483328]

"PestPatrol Control Center"="C:\Programfiler\PestPatrol\PPControl.exe" [2004-11-15 12:49 98304]

"PPMemCheck"="C:\Programfiler\PestPatrol\PPMemCheck.exe" [2003-04-19 08:53 148480]

"CookiePatrol"="C:\Programfiler\PestPatrol\CookiePatrol.exe" [2005-01-10 10:35 73728]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 20:51 176128]

"Resume copy"="copyfstq.exe" [2006-12-13 12:08 73728 C:\WINDOWS\copyfstq.exe]

"nwiz"="nwiz.exe" [2006-03-09 15:29 1519616 C:\WINDOWS\system32\nwiz.exe]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.3iv2"= 3ivxVfWCodec.dll

"VIDC.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-30 10:36 267048 C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-14 18:23 1695232 C:\Programfiler\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-28 23:37 413696 C:\Programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

--a------ 2008-02-20 16:20 356352 C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 04:27 144784 C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-03-09 15:29 1519616 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\FlashFXP\\FlashFXP.exe"=

"C:\Programfiler\Microsoft ActiveSync\rapimgr.exe"= C:\Programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"= C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"= C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

"C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 12:45]

S3 CPWGU(Philips);Philips SNU5600 Wireless USB Adapter 11b/g(Philips);C:\WINDOWS\system32\DRIVERS\CPWGU.sys [2007-03-01 16:18]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-30 15:32]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-16 05:39]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16]

S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 10:02]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a6c1f48-878a-11db-b87b-0004619dc980}]

\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42cce4f8-8b86-11dc-b1f3-0004619dc980}]

\Shell\AutoRun\command - E:\Autorun.exe /run

\Shell\Shell00\Command - E:\Autorun.exe /run

\Shell\Shell01\Command - E:\Autorun.exe /action

\Shell\Shell02\Command - E:\Autorun.exe /uninstall

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7a976c4-cd8d-11dc-92ac-806d6172696f}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2009-04-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

.

- - - - ORPHANS REMOVED - - - -

 

ShellIconOverlayIdentifiers-{F693955D-5822-4B40-94A1-49FA3AEEBD53} - (no file)

HKLM-Run-EPSON Stylus Photo RX420 Series - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE

HKU-Default-Run-PcSync - C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.hardware.no/

O8 -: Convert link target to Adobe PDF - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 -: Convert link target to existing PDF - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 -: Convert selected links to Adobe PDF - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 -: Convert selected links to existing PDF - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 -: Convert selection to Adobe PDF - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 -: Convert selection to existing PDF - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 -: Convert to Adobe PDF - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 -: Convert to existing PDF - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

 

O16 -: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} - hxxp://media.labs.live.com/all/ps/_code_/Photosynth.cab

C:\WINDOWS\Downloaded Program Files\Photosynth_versioned.inf

C:\WINDOWS\Downloaded Program Files\Seadragon.dll

C:\WINDOWS\Downloaded Program Files\Photosynth.dll

 

O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp08.photoprintit.de/microsite/5026/defaults/activex/ImageUploader3.cab

C:\WINDOWS\Downloaded Program Files\ImageUploader_3.inf

C:\WINDOWS\Downloaded Program Files\ImageUploader_3.ocx

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-12 08:33:19

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-08-12 8:35:19

ComboFix-quarantined-files.txt 2008-08-12 06:34:47

 

Pre-Run: 33,512,648,704 byte ledig

Post-Run: 34,389,454,848 byte ledig

 

179 --- E O F --- 2008-07-21 08:42:21

 

 

 

SAS

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 08/11/2008 at 12:53 PM

 

Application Version : 3.8.1002

 

Core Rules Database Version : 3532

Trace Rules Database Version: 1521

 

Scan type : Complete Scan

Total Scan Time : 01:31:15

 

Memory items scanned : 430

Memory threats detected : 0

Registry items scanned : 6094

Registry threats detected : 0

File items scanned : 123122

File threats detected : 7

 

Adware.Tracking Cookie

C:\Documents and Settings\XXX\Cookies\[email protected][1].txt

C:\Documents and Settings\XXX\Cookies\[email protected][2].txt

C:\Documents and Settings\XXX\Cookies\XXX@doubleclick[1].txt

C:\Documents and Settings\XXX\Cookies\XXX@adtech[1].txt

C:\Documents and Settings\XXX\Cookies\XXX@tradedoubler[1].txt

D:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

D:\Users\XXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

 

 

Endret 13. august 2008 av Jyztrik

[r2d290]

Hva jeg kan se, er det ikke noe galt med noen av loggene. Merker du noen problemer, eller var det bare en rutinesjekk?

[RMBB]

Pc-en er ekstremt treg! Alt virker normal ellers.. Klarer ikke og finne grunnen. Litt kjedelig og formatere men må vel kanskje til..

[r2d290]

Da får vi feilsøke litt.

 

Prøv først dette:

 

Defragmering.

Auslogics Disk Defrag + Free Registry Defrag + Pagedefrag

 

Gi tilbakemelding.

[RMBB]

takk for hjelpen, det hjalp betydelig

[r2d290]

Så maskinen er grei nå?

 

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du:

[LØST]

foran emnetittelen din.

 

Eks: [LØST] Har fått virus på maskinen

 

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

 

-Surf trygt-

[RMBB]

Kunne vert raskere

Men synes den virker som normalt. Takk for hjelp

[r2d290]

Kan feilsøke litt til da...

 

Last ned: http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

 

Trykk på cpu fanen.

Post et skjermbilde.

[RMBB]

Den fungerer som normalt nå mente jeg kunne hatt en pc som var bedre..

Så denne er fiks.

[r2d290]

Så bra