Mrfluesikring Skrevet 1. desember 2007 Del Skrevet 1. desember 2007 (endret) Nå går det fort i svingene, roa meg ned litt nå Filer slettes! Kan ikke gå inn på Oppgavebehandling, masse virus har jeg fått! Har ikke antivirusprogram, hva må jeg gjøre fortsest mulig? Trenger hjelp sorry at jeg poster her, men her er det mest folk. PLease trenger hjelp se herhelevete.bmp Heldigvis har jeg en harddisk på 500gb med backup av alt. Men ble redd for det da. Endret 1. desember 2007 av Mrfluesikring Lenke til kommentar
Mats Danielsen Skrevet 1. desember 2007 Del Skrevet 1. desember 2007 Løsningen er og ikke være kjip med pengene og kjøpe et godt anti-virus programm. Jeg hater faktisk folk som tror at det er bare og laste ned uten konsekvenser. Du forteller også lite om hvilket operativ system du har. Uansett, det er ikke så lurt og være "frekk". Lenke til kommentar
Mrfluesikring Skrevet 1. desember 2007 Forfatter Del Skrevet 1. desember 2007 (endret) 'Nå får jeg opp dete hjelp Edit: SE her !!!!!! Løsningen er og ikke være kjip med pengene og kjøpe et godt anti-virus programm. Jeg hater faktisk folk som tror at det er bare og laste ned uten konsekvenser. Du forteller også lite om hvilket operativ system du har. Uansett, det er ikke så lurt og være "frekk". HVa mener du med frekk? Jeg dreit meg ut greit. Gidder noen å hjelpe. Endret 1. desember 2007 av Skagen Lenke til kommentar
fatalicus Skrevet 1. desember 2007 Del Skrevet 1. desember 2007 Skru av maskina, sett i innstallasjons CD-en til det operativ systemet du bruker. start opp maskinen og boot fra CD-en. Formater disken og legg inn alt på nytt. Når alt er OS-et er innstallert så skaffer du deg et Anti-virus program, og legger det inn. hold det oppdatert og kjør det regelmessig. da slipper du slike problemer. Lenke til kommentar
Mrfluesikring Skrevet 1. desember 2007 Forfatter Del Skrevet 1. desember 2007 (endret) Jeg bruker Windows. Lastet ned noe fra en serial number side, har mistet orignalen til mitt gamle The Sims spill. Har ikke antivirus siden det eneste jeg er inne på er . vg, db, diskusjon, facebook , united.no og wikipedia. Uten nå da dreit jeg meg ut! Please noen engler der ute? Okok. Nå får jeg beskjed om jeg vil ha gratis Viagra, dette er ikke bra. Kjører SAS og CCleaner i håp om at det hjelper mot viagran og alt annet faenskap! Endret 1. desember 2007 av Skagen Lenke til kommentar
Heilage Skrevet 1. desember 2007 Del Skrevet 1. desember 2007 Nå som vi faktisk har klargjort hva problemet gjelder, flytter vi tråden til riktig kategori. Forøvrig vil det gagne deg å ikke være frekk mot folk. Lenke til kommentar
Mrfluesikring Skrevet 1. desember 2007 Forfatter Del Skrevet 1. desember 2007 LOL 190 Threats Detected etter 20min scan i SAS Lenke til kommentar
Pels Skrevet 1. desember 2007 Del Skrevet 1. desember 2007 Når du har fått såpass mye søppel på PC-en er det enkleste å formatere og reinstallere Windows som nevnt ovenfor. Lenke til kommentar
Mrfluesikring Skrevet 1. desember 2007 Forfatter Del Skrevet 1. desember 2007 Når du har fått såpass mye søppel på PC-en er det enkleste å formatere og reinstallere Windows som nevnt ovenfor. Hvordan gjør jeg det da? Mister jeg all data da? Lenke til kommentar
Gjest medlem-105082 Skrevet 1. desember 2007 Del Skrevet 1. desember 2007 (endret) Formatering er alltid siste utvei. Hvis du vil fortsette å prøve uten å formetere, gjør følgende: Når du har scannet ferdig med SAS, så laster du ned hijackthis og kjør programmet. Legg ut HJT loggen som dukker opp sammen med SAS loggen. (Preferences->statistics/logs) Endret 1. desember 2007 av medlem-105082 Lenke til kommentar
Skagen Skrevet 1. desember 2007 Del Skrevet 1. desember 2007 Et par innlegg med off-topic fjernet, og et par dobbelinnlegg er slått sammen. (Ikke kommenter dette innlegget. Reaksjoner på moderering gjøres via PM/melding) Lenke til kommentar
Mrfluesikring Skrevet 2. desember 2007 Forfatter Del Skrevet 2. desember 2007 Formatering er alltid siste utvei. Hvis du vil fortsette å prøve uten å formetere, gjør følgende: Når du har scannet ferdig med SAS, så laster du ned hijackthis og kjør programmet. Legg ut HJT loggen som dukker opp sammen med SAS loggen. (Preferences->statistics/logs) Det er et virus som hele tiden spør om jeg skal innstalere ultimate defender Viruset utgir seg for å være Windows antivirus. Jeg har mistet tilgang til kontrolpanel og oppgavebehandling Lenke til kommentar
Gjest medlem-105082 Skrevet 2. desember 2007 Del Skrevet 2. desember 2007 Takk for informasjonen. Hvis du klarer å laste ned SmitFraudFix og legg det på skrivebordet. Restart i sikkerhetsmodus (Tapp F8 under oppstart, og vent til en meny dukker opp. Velg så sikkerhetmodus.) Så kjører du SmitFraudFix og velger alternativ 2. Dette vil fjerne Ultimate Defender, og andre falske virusprogrammer som vil bli innstalert. Når du har gjort dette, så kjører du SAS ferdig og legger ut SAS loggen, som nevnt over, (preferences->statisitcs/logs) sammen med en HijackThis logg. Lenke til kommentar
Mrfluesikring Skrevet 2. desember 2007 Forfatter Del Skrevet 2. desember 2007 Alle sammen takk for hjelp Jeg brukte Combofix, SAS og AVAST. Tror det var comobofix som mekka det beste. Hvorfor er det ikke noe sted på diskusjon hvor man kan donere penger. Norbat og ÜberNinja eksempel defortjener jo lønn. Lenke til kommentar
norbat Skrevet 2. desember 2007 Del Skrevet 2. desember 2007 Post gjerne en ny hjt-logg (og evt. loggen fra Combofix - C:\combofix.txt) så ser vi om det ligger noe rusk igjen. Lenke til kommentar
Mrfluesikring Skrevet 2. desember 2007 Forfatter Del Skrevet 2. desember 2007 Logfile of HijackThis v1.99.1 Scan saved at 23:13:08, on 02.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\slserv.exe c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\uTorrent\utorrent.exe C:\Programfiler\Adobe\Reader 8.0\Reader\AcroRd32Info.exe G:\Diverse\Pelleapekatt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nor.chello.no/ssi/welcome/welcome.php?url=home R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {245A6CD4-5EA9-B9EB-791A-06F67243094D} - C:\Programfiler\Vzxdthih\xkajjycc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {789EDCC4-626F-4078-8D1E-C6679F99F88D} - C:\WINDOWS\system32\vturp.dll O2 - BHO: (no name) - {79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50} - C:\WINDOWS\system32\cbxuron.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [d03b87b9] rundll32.exe "C:\WINDOWS\system32\bkhiaueg.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Jfnuxmzy] C:\WINDOWS\??curity\?ervices.exe O4 - HKCU\..\Run: [Orat] "C:\DOCUME~1\bert\MINEDO~1\MCROSO~1.NET\ping.exe" -vt ndrv O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O14 - IERESET.INF: START_PAGE_URL=http://home.nor.chello.no/ssi/welcome/welcome.php?url=home O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.buypass.no/Installasjoner/Buypa...ogram/setup.exe O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.107 85.255.112.217 O17 - HKLM\System\CS1\Services\Tcpip\..\{0A3DEE5F-81FD-42CB-8E96-6F5C8FD232EC}: NameServer = 85.255.115.107,85.255.112.217 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\skrivebord\SASWINLO.dll O20 - Winlogon Notify: cbxuron - C:\WINDOWS\SYSTEM32\cbxuron.dll O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Dokumenter\Settings\partnership.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: E404Helper - {ecf740e2-220c-4148-8cbb-31cb52144854} - e404d.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SQL Server (SONY_MEDIAMGR2) (MSSQL$SONY_MEDIAMGR2) - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 (file missing) O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programfiler\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Secure (Secure Windows NT) - Unknown owner - C:\WINDOWS\system32\secure.exe (file missing) O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programfiler\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programfiler\Windows Live\installer\WLSetupSvc.exe ComboFix 07-12-02.5 - bert 2007-12-02 23:14:33.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.189 [GMT 1:00] Running from: C:\Documents and Settings\bert\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\bkhiaueg.dll C:\WINDOWS\system32\geuaihkb.ini C:\WINDOWS\system32\prutv.ini C:\WINDOWS\system32\prutv.ini2 C:\WINDOWS\system32\vturp.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\ntio256 ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))) . 2007-12-02 14:28 . 2007-12-02 16:00 156 --a------ C:\WINDOWS\Twunk001.MTX 2007-12-02 14:28 . 2007-12-02 16:00 2 --a------ C:\WINDOWS\Twain001.Mtx 2007-12-02 14:28 . 2007-12-02 14:28 0 --a------ C:\WINDOWS\Twunk002.MTX 2007-12-02 14:27 . 2007-12-02 14:27 <DIR> d-------- C:\Documents and Settings\bert\Programdata\Publish Providers 2007-12-02 14:26 . 2007-12-02 15:59 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2007-12-02 14:02 . 2007-12-02 14:02 <DIR> d-------- C:\Programfiler\Vstplugins 2007-12-02 02:59 . <DIR> C:\Documents and Settings\Bente og Bj°rn Eriks\Lokale innstillinger 2007-12-02 02:59 . <DIR> C:\Documents and Settings\Bente og Bj°rn Eriks\Lokale innstillinger 2007-12-02 02:18 . 2004-08-04 07:00 29,056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys 2007-12-02 02:18 . 2004-08-04 07:00 29,056 --a--c--- C:\WINDOWS\system32\dllcache\ip6fw.sys 2007-12-01 16:43 . 2007-12-01 16:43 <DIR> d-------- C:\Programfiler\Alwil Software 2007-12-01 16:43 . 2007-09-06 12:09 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-01 16:43 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-12-01 16:43 . 2007-09-06 12:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-01 16:43 . 2007-09-06 12:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-01 16:43 . 2007-09-06 12:05 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-01 16:43 . 2007-09-06 12:02 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-01 16:43 . 2007-09-06 12:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-01 16:43 . 2007-09-06 12:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-01 16:14 . 2007-12-01 16:14 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2007-12-01 12:38 . 2007-12-02 22:39 <DIR> dr-h----- C:\Documents and Settings\bert\Siste 2007-12-01 12:25 . 2007-12-01 12:25 <DIR> d-------- C:\Programfiler\CCleaner 2007-12-01 12:22 . 2007-12-01 12:22 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter 2007-12-01 12:22 . 2007-12-01 12:22 83,144 --a------ C:\WINDOWS\system32\3608828 2007-12-01 12:22 . 2007-12-01 12:22 29 --a------ C:\WINDOWS\system32\dqfsuaiw.tmp 2007-12-01 12:21 . 2007-12-01 12:21 291,328 --a------ C:\WINDOWS\system32\libcurl.dll 2007-12-01 12:21 . 2007-12-01 12:21 87,552 --a------ C:\WINDOWS\system32\spoolc.exe 2007-12-01 12:21 . 2007-12-01 12:21 16,384 --a------ C:\WINDOWS\dcxxygx.exe 2007-12-01 12:21 . 2007-12-01 12:21 10,000 --a------ C:\WINDOWS\system32\jkd845jg.dll 2007-12-01 12:21 . 2007-12-01 12:21 10,000 --a------ C:\WINDOWS\system32\d4ghggf4g.dll 2007-12-01 12:20 . 2007-12-01 12:20 20,992 --a------ C:\WINDOWS\daverx.exe 2007-12-01 12:20 . 2007-12-01 12:20 6,144 --a------ C:\Documents and Settings\bert\ie_updates3r.exe 2007-12-01 12:20 . 2007-12-01 13:10 416 --a------ C:\WINDOWS\system32\RunOnce.tmp 2007-12-01 12:20 . 2007-12-01 12:20 50 --a------ C:\9A.bat 2007-12-01 12:20 . 2007-12-01 12:20 1 --a------ C:\9D.tmp 2007-12-01 12:13 . 2007-12-01 12:13 41,472 --a------ C:\WINDOWS\system32\e404d.dll 2007-12-01 12:11 . 2007-12-01 12:11 102,912 --a------ C:\WINDOWS\system32\drvrek.dll 2007-12-01 12:10 . 2007-12-01 12:10 <DIR> d-------- C:\Programfiler\Vzxdthih 2007-12-01 12:10 . 2007-12-01 12:10 <DIR> d-------- C:\Programfiler\ivylkrql 2007-12-01 12:10 . 2007-12-01 12:10 35,840 --a------ C:\WINDOWS\system32\cbxuron.dll 2007-12-01 12:10 . 2007-12-01 12:10 0 --a------ C:\Install 2007-12-01 00:00 . 2007-12-01 00:00 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-11-30 23:59 . 2007-11-30 23:59 <DIR> d-------- C:\Programfiler\Reference Assemblies 2007-11-30 23:58 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-11-30 23:48 . 2007-11-30 23:48 <DIR> d-------- C:\Documents and Settings\bert\Programdata\Sony Setup 2007-11-30 22:03 . 2007-11-30 22:05 <DIR> d-------- C:\Programfiler\EffectsLab DV 2007-11-30 21:53 . 2007-11-30 21:53 <DIR> d-------- C:\Programfiler\MOVAVI 2007-11-30 21:53 . 2007-11-30 21:53 <DIR> d-------- C:\Programfiler\EnhanceMovie 2.2 2007-11-30 21:32 . 2007-11-30 21:32 <DIR> d-------- C:\tape-indices 2007-11-30 21:32 . 2007-11-30 21:32 <DIR> d-------- C:\Programfiler\Sclive 2007-11-30 21:32 . 2007-11-30 21:32 36,864 --a------ C:\WINDOWS\unslive.exe 2007-11-30 20:27 . 2007-12-02 14:01 <DIR> d-------- C:\Programfiler\Sony 2007-11-30 20:27 . 2007-12-02 14:26 <DIR> d-------- C:\Documents and Settings\bert\Programdata\Sony 2007-11-30 20:27 . 2007-12-02 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sony 2007-11-30 18:52 . 2007-11-30 18:52 <DIR> d-------- C:\Programfiler\Sony Setup 2007-11-30 16:18 . 2007-11-30 16:18 <DIR> d-------- C:\Documents and Settings\bert\Programdata\InstallShield 2007-11-26 16:33 . 2007-11-26 16:33 122 --a------ C:\WINDOWS\Winchat.ini 2007-11-26 14:06 . 2007-11-26 14:06 <DIR> d--h----- C:\Documents and Settings\All Users\Programdata\CanonBJ 2007-11-25 00:46 . 2007-11-25 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\CanonIJPLM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 22:13 --------- d-----w C:\Documents and Settings\bert\Programdata\uTorrent 2007-11-30 23:05 --------- d-----w C:\Programfiler\MSBuild 2007-11-30 21:04 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-11-30 21:04 --------- d-----w C:\Programfiler\Full Tilt Poker 2007-11-30 17:57 --------- d-----w C:\Programfiler\Microsoft.NET 2007-11-30 17:57 --------- d-----w C:\Programfiler\Microsoft SQL Server 2007-11-29 15:26 --------- d-----w C:\Programfiler\Incomplete 2007-11-29 15:22 --------- d-----w C:\Programfiler\LimeWire 2007-11-28 17:42 --------- d-----w C:\Documents and Settings\bert\Programdata\LimeWire 2007-11-26 13:01 --------- d-----w C:\Programfiler\Canon 2007-11-23 20:15 --------- d-----w C:\Documents and Settings\bert\Programdata\Microgaming 2007-11-14 16:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-10-25 14:42 --------- d-----w C:\Programfiler\Fellesfiler\Canon 2007-10-13 11:17 --------- d-----w C:\Documents and Settings\bert\Programdata\vlc 2007-10-13 11:16 --------- d-----w C:\Programfiler\VideoLAN 2007-10-13 10:54 --------- d-----w C:\Programfiler\DivX 2005-06-23 09:22 76 -c-ha-w C:\Programfiler\Desktop.ini 2004-06-09 15:03 832,728 -c--a-w C:\Programfiler\NPSWF32.dll 2007-08-17 12:27 17,351,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-08-17 12:27 447,520 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat . ((((((((((((((((((((((((((((( snapshot@2007-12-02_ 2.58.17.01 ))))))))))))))))))))))))))))))))))))))))) . - 2007-11-30 23:15:01 53,248 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AjaVideoProperties\f889b491958555e273b1c6aeaad7cd05\AjaVideoProperties.ni.dll + 2007-12-02 13:03:56 53,248 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AjaVideoProperties\f889b491958555e273b1c6aeaad7cd05\AjaVideoProperties.ni.dll - 2007-11-30 23:15:21 94,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ControlLibrary\5ed52fe6bf1ba14634cb6216b11a4d0e\ControlLibrary.ni.dll + 2007-12-02 13:04:25 94,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ControlLibrary\5ed52fe6bf1ba14634cb6216b11a4d0e\ControlLibrary.ni.dll - 2007-11-30 23:15:16 1,310,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreGraphics.XmlSer#\e20fdabfe229eeb5a150b37e1f95c835\CoreGraphics.XmlSerializers.ni.dll + 2007-12-02 13:04:13 1,310,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreGraphics.XmlSer#\e20fdabfe229eeb5a150b37e1f95c835\CoreGraphics.XmlSerializers.ni.dll - 2007-11-30 23:15:08 1,613,824 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreGraphics\95a305829fc45add8e5fa99b09244799\CoreGraphics.ni.dll + 2007-12-02 13:04:07 1,613,824 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreGraphics\95a305829fc45add8e5fa99b09244799\CoreGraphics.ni.dll - 2007-11-30 23:15:03 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CorePrimitives\050daf865232ba6f1c5e090b8b756dcc\CorePrimitives.ni.dll + 2007-12-02 13:03:58 139,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CorePrimitives\050daf865232ba6f1c5e090b8b756dcc\CorePrimitives.ni.dll - 2007-11-30 23:15:20 913,408 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreUI.XmlSerialize#\26ce79c57c7ae364f8461983e1ee796d\CoreUI.XmlSerializers.ni.dll + 2007-12-02 13:04:22 913,408 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreUI.XmlSerialize#\26ce79c57c7ae364f8461983e1ee796d\CoreUI.XmlSerializers.ni.dll - 2007-11-30 23:15:17 409,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreUI\cd6d5f969253d116b5c419d7344e08de\CoreUI.ni.dll + 2007-12-02 13:04:17 409,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CoreUI\cd6d5f969253d116b5c419d7344e08de\CoreUI.ni.dll - 2007-11-30 23:15:25 46,080 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop\10fc4791d332d8683b2ad26f101c05ed\Interop.ni.dll + 2007-12-02 13:04:31 46,080 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop\10fc4791d332d8683b2ad26f101c05ed\Interop.ni.dll - 2007-11-30 23:14:59 675,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Capture\7298400a1804a092a756eeb12460d08b\Sony.Capture.ni.dll + 2007-12-02 13:03:49 675,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Capture\7298400a1804a092a756eeb12460d08b\Sony.Capture.ni.dll - 2007-11-30 23:14:56 290,816 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\dfb1f1ab317986456c15f6749e5947d9\Sony.MediaSoftware.ExternalVideoDevice.ni.dll + 2007-12-02 13:03:44 290,816 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\dfb1f1ab317986456c15f6749e5947d9\Sony.MediaSoftware.ExternalVideoDevice.ni.dll - 2007-11-30 23:15:00 253,952 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Vegas.NetRender\b34d94f13350fd125445e014806809cd\Sony.Vegas.NetRender.ni.dll + 2007-12-02 13:03:53 253,952 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Vegas.NetRender\b34d94f13350fd125445e014806809cd\Sony.Vegas.NetRender.ni.dll - 2007-11-30 23:14:54 970,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Vegas\a517b0321488ff9c0305d4f434f83375\Sony.Vegas.ni.dll + 2007-12-02 13:03:38 970,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sony.Vegas\a517b0321488ff9c0305d4f434f83375\Sony.Vegas.ni.dll - 2007-11-30 23:15:24 1,454,080 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WidgetLibrary\46f50c11da7b75113e9ae06a6f17700c\WidgetLibrary.ni.dll + 2007-12-02 13:04:29 1,454,080 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WidgetLibrary\46f50c11da7b75113e9ae06a6f17700c\WidgetLibrary.ni.dll + 2006-10-04 13:34:52 72,704 -c----w C:\WINDOWS\system32\dllcache\magnify.exe + 2006-10-04 13:34:50 54,272 -c----w C:\WINDOWS\system32\dllcache\narrator.exe + 2006-10-04 13:34:53 215,552 -c----w C:\WINDOWS\system32\dllcache\osk.exe + 2006-10-04 13:39:41 36,352 -c----w C:\WINDOWS\system32\dllcache\umandlg.dll + 2006-10-04 13:34:52 50,176 -c----w C:\WINDOWS\system32\dllcache\utilman.exe - 2004-08-04 08:03:32 72,704 ----a-w C:\WINDOWS\system32\magnify.exe + 2006-10-04 13:34:52 72,704 ----a-w C:\WINDOWS\system32\magnify.exe - 2004-08-04 08:03:35 54,272 ----a-w C:\WINDOWS\system32\narrator.exe + 2006-10-04 13:34:50 54,272 ----a-w C:\WINDOWS\system32\narrator.exe - 2004-08-04 08:03:35 215,552 ----a-w C:\WINDOWS\system32\osk.exe + 2006-10-04 13:34:53 215,552 ----a-w C:\WINDOWS\system32\osk.exe - 2007-12-02 01:22:38 96,582 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-02 21:07:27 96,582 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-02 01:22:39 105,094 ----a-w C:\WINDOWS\system32\perfc014.dat + 2007-12-02 21:07:27 105,094 ----a-w C:\WINDOWS\system32\perfc014.dat - 2007-12-02 01:22:39 504,110 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-02 21:07:27 504,110 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-12-02 01:22:39 506,780 ----a-w C:\WINDOWS\system32\perfh014.dat + 2007-12-02 21:07:27 506,780 ----a-w C:\WINDOWS\system32\perfh014.dat - 2004-08-04 08:03:24 36,352 ----a-w C:\WINDOWS\system32\umandlg.dll + 2006-10-04 13:39:41 36,352 ----a-w C:\WINDOWS\system32\umandlg.dll - 2004-08-04 08:03:37 50,176 ----a-w C:\WINDOWS\system32\utilman.exe + 2006-10-04 13:34:52 50,176 ----a-w C:\WINDOWS\system32\utilman.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{245A6CD4-5EA9-B9EB-791A-06F67243094D}] 2007-12-01 12:10 102400 --a------ C:\Programfiler\Vzxdthih\xkajjycc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}] 2007-12-01 12:10 35840 --a------ C:\WINDOWS\system32\cbxuron.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03] "Jfnuxmzy"="C:\WINDOWS\??curity\?ervices.exe" [] "Orat"="C:\DOCUME~1\bert\MINEDO~1\MCROSO~1.NET\ping.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2003-12-04 12:34] "dumprep"="C:\WINDOWS\system32\spoolc.exe" [2007-12-01 12:21] "clkhost"="C:\WINDOWS\dcxxygx.exe" [2007-12-01 12:21] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "main"="C:\WINDOWS\System32\drivers\sysdrv.exe" [] "default"="C:\Documents and Settings\LocalService\scvhost.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "sysinit"="C:\WINDOWS\System32\drivers\sysdrv.exe" [] "ati"="C:\Documents and Settings\LocalService\scvhost.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "GreyMSIAds"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\skrivebord\SASSEH.DLL [2006-12-20 12:55 77824] "{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}"= C:\WINDOWS\system32\cbxuron.dll [2007-12-01 12:10 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "E404Helper"= {ecf740e2-220c-4148-8cbb-31cb52144854} - e404d.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\skrivebord\SASWINLO.dll 2007-04-19 12:41 294912 C:\skrivebord\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuron] cbxuron.dll 2007-12-01 12:10 35840 C:\WINDOWS\system32\cbxuron.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg] C:\Documents and Settings\All Users\Dokumenter\Settings\partnership.dll 2007-12-01 12:24 14336 C:\Documents and Settings\All Users\Dokumenter\Settings\partnership.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.exe.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.exe.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech Desktop Messenger Agent.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech Desktop Messenger Agent.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Pinnacle Scheduler.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Pinnacle Scheduler.lnk backup=C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^bert^Start-meny^Programmer^Oppstart^RollerCoaster Tycoon 3 Registration.lnk] path=C:\Documents and Settings\bert\Start-meny\Programmer\Oppstart\RollerCoaster Tycoon 3 Registration.lnk backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-09 10:09 63712 --a------ C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] 2006-05-10 10:12 90112 --a------ C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert\LOKALE~1] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert\LOKALE~1\Temp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert\LOKALE~1\Temp\a] C:\DOCUME~1\bert\LOKALE~1\Temp\\a.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert\LOKALE~1\Temp\limewirepro] C:\DOCUME~1\bert\LOKALE~1\Temp\\limewirepro.4.14.0.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Programfiler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Programfiler\NetMeter] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Programfiler\NetMeter\NetMeter.exe] C:\Programfiler\NetMeter\NetMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe /logon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe /logon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 09:03 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Programfiler\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Programfiler\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-27 00:47 31016 --a------ C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2006-10-30 09:36 256576 --a------ C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] Logi_MwX.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2003-06-30 20:56 188416 --a------ C:\Programfiler\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2003-06-30 21:00 65536 --a------ C:\Programfiler\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] C:\Programfiler\Eset\nod32kui.exe /WAITSERVICE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\onlinemeowdatewipe] C:\Documents and Settings\All Users\Programdata\Blehdebugonlinemeow\setup draw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] 2003-12-04 12:34 406016 --a------ C:\WINDOWS\system32\\PSDrvCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programfiler\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral] C:\Programfiler\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility] C:\Programfiler\Fellesfiler\Roxio Shared\System\EngUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ??????????? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureClean4RegManager] C:\Programfiler\WhiteCanyon\SecureClean 4\scregmanager4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureClean4Tray] C:\Programfiler\WhiteCanyon\SecureClean 4\sctray4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter] C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcactive] C:\Programfiler\The Cleaner\tca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcmonitor] C:\Programfiler\The Cleaner\tcm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "StyleXPService"=2 (0x2) "MSSQL$PINNACLESYS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE R2 SQLWriter;SQL Server VSS Writer;"c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe" R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs S2 Secure Windows NT;Secure;C:\WINDOWS\system32\secure.exe S2 WebCamDV;WebCamDV DV to Webcam Converter;C:\WINDOWS\system32\DRIVERS\WebCamDV.sys S3 ACCSKMD;Canon Camera Storage Device;C:\WINDOWS\system32\DRIVERS\accskmd.sys S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;C:\WINDOWS\system32\drivers\wcdvaud.sys S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;\??\H:\ZDBRGSYS.SYS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2007-11-30 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Programfiler\TuneUp Utilities 2006\SystemOptimizer.exe "2007-12-02 22:00:00 C:\WINDOWS\Tasks\AEE8156C91F38598.job" - c:\docume~1\eier\progra~1\phoned~1\binbowsthis.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 23:25:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-02 23:27:41 - machine was rebooted C:\ComboFix2.txt ... 2007-12-02 02:59 . --- E O F --- Lenke til kommentar
norbat Skrevet 2. desember 2007 Del Skrevet 2. desember 2007 Ok. Mulig dette ser litt skremmende ut, men følg veiledningen. Om noe stopper opp, følger du bare veiledningen videre. Let's kill them all Hent Fixwareout Legg filen på skrivebordet og dobbeltklikk på den. Klikk Next -> Install. Sjekk at det er avkrysset i 'Run fixit'. Klikk Finish og fixet vil starte. Følg instruksjonen. Restart PC-en når du blir bedt om det. Oppstarten vil ta litt lengre tid en normalt ..... Når PC-en har restartet følger du bare instruksjonen som kommer på skjermen. Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: (no name) - {245A6CD4-5EA9-B9EB-791A-06F67243094D} - C:\Programfiler\Vzxdthih\xkajjycc.dll O2 - BHO: (no name) - {789EDCC4-626F-4078-8D1E-C6679F99F88D} - C:\WINDOWS\system32\vturp.dll O2 - BHO: (no name) - {79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50} - C:\WINDOWS\system32\cbxuron.dll O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe O4 - HKLM\..\Run: [clkhost] C:\WINDOWS\dcxxygx.exe O4 - HKLM\..\Run: [d03b87b9] rundll32.exe "C:\WINDOWS\system32\bkhiaueg.dll",b O4 - HKCU\..\Run: [Jfnuxmzy] C:\WINDOWS\??curity\?ervices.exe O4 - HKCU\..\Run: [Orat] "C:\DOCUME~1\bert\MINEDO~1\MCROSO~1.NET\ping.exe" -vt ndrv O20 - Winlogon Notify: cbxuron - C:\WINDOWS\SYSTEM32\cbxuron.dll O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Dokumenter\Settings\partnership.dll O21 - SSODL: E404Helper - {ecf740e2-220c-4148-8cbb-31cb52144854} - e404d.dll (file missing) O23 - Service: Secure (Secure Windows NT) - Unknown owner - C:\WINDOWS\system32\secure.exe (file missing) Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\vturp.dll C:\WINDOWS\system32\cbxuron.dll C:\WINDOWS\system32\spoolc.exe C:\WINDOWS\dcxxygx.exe C:\WINDOWS\system32\bkhiaueg.dll C:\Documents and Settings\All Users\Dokumenter\Settings\partnership.dll C:\WINDOWS\system32\jkd845jg.dll C:\WINDOWS\system32\d4ghggf4g.dll C:\WINDOWS\system32\dqfsuaiw.tmp C:\WINDOWS\daverx.exe C:\Documents and Settings\bert\ie_updates3r.exe C:\WINDOWS\system32\RunOnce.tmp C:\WINDOWS\system32\e404d.dll C:\WINDOWS\system32\drvrek.dll C:\WINDOWS\system32\cbxuron.dll Folders to delete: C:\Programfiler\Vzxdthih C:\WINDOWS\??curity C:\DOCUME~1\bert\MINEDO~1\MCROSO~1.NET C:\Programfiler\ivylkrql Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Post den gjerne. (Noen av filene er allerede fjernet, noen må vi antakelig ta på en annen måte) Deretter gjør du følgende: Klikk Start->Kjør Skriv: ComboFix /u (Dette avinstallerer Combofix) Hent ny Combofix, kjør programmet og post loggen sammen med ny HJT-logg (hjt-loggen lager du etter at du har kjørt Combofix) Lenke til kommentar
Mrfluesikring Skrevet 2. desember 2007 Forfatter Del Skrevet 2. desember 2007 (endret) ok vil gå igang med prosessen nå. Rapport kommer snart 5min nå tok litt lengre tid:P Endret 3. desember 2007 av Mrfluesikring Lenke til kommentar
Mrfluesikring Skrevet 3. desember 2007 Forfatter Del Skrevet 3. desember 2007 Ok her er loggene: Fixwareout Username "bert" - 03.12.2007 0:24:22 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check DNS Resolver-bufferen ble tømt. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "Adobe Photo Downloader"="\"C:\\Programfiler\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\"" "Adobe Reader Speed Launcher"="\"C:\\Programfiler\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\\\PSDrvCheck.exe" "dumprep"="C:\\WINDOWS\\system32\\spoolc.exe" "clkhost"="C:\\WINDOWS\\dcxxygx.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "StartCCC"="\"C:\\Programfiler\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\"" "CatalystRegistration"="\"C:\\Programfiler\\ATI\\CatalystRegistration\\dolce.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Jfnuxmzy"="C:\\WINDOWS\\??curity\\?ervices.exe" "Orat"="\"C:\\DOCUME~1\\bert\\MINEDO~1\\MCROSO~1.NET\\ping.exe\" -vt ndrv" "Steam"="\"C:\\Programfiler\\Steam\\Steam.exe\" -silent" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ Avenger Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\jjvuagua ******************* Script file located at: \??\C:\WINDOWS\pbdematj.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\vturp.dll not found! Deletion of file C:\WINDOWS\system32\vturp.dll failed! Could not process line: C:\WINDOWS\system32\vturp.dll Status: 0xc0000034 File C:\WINDOWS\system32\cbxuron.dll deleted successfully. File C:\WINDOWS\system32\spoolc.exe deleted successfully. File C:\WINDOWS\dcxxygx.exe deleted successfully. File C:\WINDOWS\system32\bkhiaueg.dll not found! Deletion of file C:\WINDOWS\system32\bkhiaueg.dll failed! Could not process line: C:\WINDOWS\system32\bkhiaueg.dll Status: 0xc0000034 File C:\Documents and Settings\All Users\Dokumenter\Settings\partnership.dll deleted successfully. File C:\WINDOWS\system32\jkd845jg.dll deleted successfully. File C:\WINDOWS\system32\d4ghggf4g.dll deleted successfully. File C:\WINDOWS\system32\dqfsuaiw.tmp deleted successfully. File C:\WINDOWS\daverx.exe deleted successfully. File C:\Documents and Settings\bert\ie_updates3r.exe deleted successfully. File C:\WINDOWS\system32\RunOnce.tmp deleted successfully. File C:\WINDOWS\system32\e404d.dll deleted successfully. File C:\WINDOWS\system32\drvrek.dll deleted successfully. File C:\WINDOWS\system32\cbxuron.dll not found! Deletion of file C:\WINDOWS\system32\cbxuron.dll failed! Could not process line: C:\WINDOWS\system32\cbxuron.dll Status: 0xc0000034 Folder C:\Programfiler\Vzxdthih deleted successfully. Could not open folder C:\WINDOWS\??curity for deletion Deletion of folder C:\WINDOWS\??curity failed! Could not process line: C:\WINDOWS\??curity Status: 0xc0000033 Folder C:\DOCUME~1\bert\MINEDO~1\MCROSO~1.NET not found! Deletion of folder C:\DOCUME~1\bert\MINEDO~1\MCROSO~1.NET failed! Could not process line: C:\DOCUME~1\bert\MINEDO~1\MCROSO~1.NET Status: 0xc0000034 Folder C:\Programfiler\ivylkrql deleted successfully. Completed script processing. ******************* Finished! Terminate. Combofix ComboFix 07-12-02.6 - bert 2007-12-03 0:48:26.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.155 [GMT 1:00] Running from: C:\Documents and Settings\bert\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ghkmp.ini C:\WINDOWS\system32\ghkmp.ini2 C:\WINDOWS\system32\pmkhg.dll . ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))) . 2007-12-03 00:10 . 2007-12-03 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ATI 2007-12-03 00:08 . 2007-12-03 00:08 0 --a------ C:\WINDOWS\ativpsrm.bin 2007-12-03 00:06 . 2007-12-03 00:42 <DIR> d-------- C:\Programfiler\Steam 2007-12-02 14:28 . 2007-12-03 00:16 156 --a------ C:\WINDOWS\Twunk001.MTX 2007-12-02 14:28 . 2007-12-03 00:16 3 --a------ C:\WINDOWS\Twain001.Mtx 2007-12-02 14:28 . 2007-12-02 14:28 0 --a------ C:\WINDOWS\Twunk002.MTX 2007-12-02 14:27 . 2007-12-02 14:27 <DIR> d-------- C:\Documents and Settings\bert\Programdata\Publish Providers 2007-12-02 14:26 . 2007-12-03 00:23 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2007-12-02 14:02 . 2007-12-02 14:02 <DIR> d-------- C:\Programfiler\Vstplugins 2007-12-02 02:59 . <DIR> C:\Documents and Settings\Bente og Bj°rn Eriks\Lokale innstillinger 2007-12-02 02:59 . <DIR> C:\Documents and Settings\Bente og Bj°rn Eriks\Lokale innstillinger 2007-12-02 02:18 . 2004-08-04 07:00 29,056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys 2007-12-02 02:18 . 2004-08-04 07:00 29,056 --a--c--- C:\WINDOWS\system32\dllcache\ip6fw.sys 2007-12-01 16:43 . 2007-12-01 16:43 <DIR> d-------- C:\Programfiler\Alwil Software 2007-12-01 16:43 . 2007-10-25 17:24 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-01 16:43 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-12-01 16:43 . 2007-10-25 17:14 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-01 16:43 . 2007-10-25 18:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-01 16:43 . 2007-10-25 18:05 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-01 16:43 . 2007-10-25 18:01 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-01 16:43 . 2007-10-25 17:58 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-01 16:43 . 2007-10-25 18:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-01 16:14 . 2007-12-01 16:14 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2007-12-01 12:38 . 2007-12-03 00:42 <DIR> dr-h----- C:\Documents and Settings\bert\Siste 2007-12-01 12:25 . 2007-12-01 12:25 <DIR> d-------- C:\Programfiler\CCleaner 2007-12-01 12:22 . 2007-12-01 12:22 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter 2007-12-01 12:22 . 2007-12-01 12:22 83,144 --a------ C:\WINDOWS\system32\3608828 2007-12-01 12:21 . 2007-12-01 12:21 291,328 --a------ C:\WINDOWS\system32\libcurl.dll 2007-12-01 12:20 . 2007-12-01 12:20 50 --a------ C:\9A.bat 2007-12-01 12:20 . 2007-12-01 12:20 1 --a------ C:\9D.tmp 2007-12-01 12:10 . 2007-12-01 12:10 0 --a------ C:\Install 2007-12-01 00:00 . 2007-12-01 00:00 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-11-30 23:59 . 2007-11-30 23:59 <DIR> d-------- C:\Programfiler\Reference Assemblies 2007-11-30 23:58 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-11-30 23:48 . 2007-11-30 23:48 <DIR> d-------- C:\Documents and Settings\bert\Programdata\Sony Setup 2007-11-30 22:03 . 2007-11-30 22:05 <DIR> d-------- C:\Programfiler\EffectsLab DV 2007-11-30 21:53 . 2007-11-30 21:53 <DIR> d-------- C:\Programfiler\MOVAVI 2007-11-30 21:53 . 2007-11-30 21:53 <DIR> d-------- C:\Programfiler\EnhanceMovie 2.2 2007-11-30 21:32 . 2007-11-30 21:32 <DIR> d-------- C:\tape-indices 2007-11-30 21:32 . 2007-11-30 21:32 <DIR> d-------- C:\Programfiler\Sclive 2007-11-30 21:32 . 2007-11-30 21:32 36,864 --a------ C:\WINDOWS\unslive.exe 2007-11-30 20:27 . 2007-12-02 14:01 <DIR> d-------- C:\Programfiler\Sony 2007-11-30 20:27 . 2007-12-02 14:26 <DIR> d-------- C:\Documents and Settings\bert\Programdata\Sony 2007-11-30 20:27 . 2007-12-02 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sony 2007-11-30 18:52 . 2007-11-30 18:52 <DIR> d-------- C:\Programfiler\Sony Setup 2007-11-30 16:18 . 2007-11-30 16:18 <DIR> d-------- C:\Documents and Settings\bert\Programdata\InstallShield 2007-11-26 16:33 . 2007-11-26 16:33 122 --a------ C:\WINDOWS\Winchat.ini 2007-11-26 14:06 . 2007-11-26 14:06 <DIR> d--h----- C:\Documents and Settings\All Users\Programdata\CanonBJ 2007-11-25 00:46 . 2007-11-25 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\CanonIJPLM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 23:10 --------- d-----w C:\Documents and Settings\bert\Programdata\ATI 2007-12-02 23:03 --------- d-----w C:\Programfiler\ATI Technologies 2007-12-02 23:00 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-02 22:13 --------- d-----w C:\Documents and Settings\bert\Programdata\uTorrent 2007-12-01 11:20 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2007-11-30 23:05 --------- d-----w C:\Programfiler\MSBuild 2007-11-30 21:04 --------- d-----w C:\Programfiler\Full Tilt Poker 2007-11-30 17:57 --------- d-----w C:\Programfiler\Microsoft.NET 2007-11-30 17:57 --------- d-----w C:\Programfiler\Microsoft SQL Server 2007-11-29 15:26 --------- d-----w C:\Programfiler\Incomplete 2007-11-29 15:22 --------- d-----w C:\Programfiler\LimeWire 2007-11-28 17:42 --------- d-----w C:\Documents and Settings\bert\Programdata\LimeWire 2007-11-26 13:01 --------- d-----w C:\Programfiler\Canon 2007-11-23 20:15 --------- d-----w C:\Documents and Settings\bert\Programdata\Microgaming 2007-11-14 16:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 14:42 --------- d-----w C:\Programfiler\Fellesfiler\Canon 2007-10-13 11:17 --------- d-----w C:\Documents and Settings\bert\Programdata\vlc 2007-10-13 11:16 --------- d-----w C:\Programfiler\VideoLAN 2007-10-13 10:54 --------- d-----w C:\Programfiler\DivX 2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll 2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll 2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2007-09-28 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2005-06-23 09:22 76 -c-ha-w C:\Programfiler\Desktop.ini 2004-06-09 15:03 832,728 -c--a-w C:\Programfiler\NPSWF32.dll 2007-08-17 12:27 17,351,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-08-17 12:27 447,520 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}] C:\WINDOWS\SYSTEM32\cbxuron.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "main"="C:\WINDOWS\System32\drivers\sysdrv.exe" [] "default"="C:\Documents and Settings\LocalService\scvhost.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "sysinit"="C:\WINDOWS\System32\drivers\sysdrv.exe" [] "ati"="C:\Documents and Settings\LocalService\scvhost.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "GreyMSIAds"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\skrivebord\SASSEH.DLL [2006-12-20 12:55 77824] "{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}"= C:\WINDOWS\SYSTEM32\cbxuron.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\skrivebord\SASWINLO.dll 2007-04-19 12:41 294912 C:\skrivebord\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuron] cbxuron.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.exe.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.exe.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech Desktop Messenger Agent.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech Desktop Messenger Agent.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Pinnacle Scheduler.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Pinnacle Scheduler.lnk backup=C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^bert^Start-meny^Programmer^Oppstart^RollerCoaster Tycoon 3 Registration.lnk] path=C:\Documents and Settings\bert\Start-meny\Programmer\Oppstart\RollerCoaster Tycoon 3 Registration.lnk backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-09 10:09 63712 --a------ C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] 2007-10-25 17:20 79224 --a------ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert\LOKALE~1] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert\LOKALE~1\Temp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert\LOKALE~1\Temp\a] C:\DOCUME~1\bert\LOKALE~1\Temp\\a.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\bert\LOKALE~1\Temp\limewirepro] C:\DOCUME~1\bert\LOKALE~1\Temp\\limewirepro.4.14.0.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Programfiler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Programfiler\NetMeter] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Programfiler\NetMeter\NetMeter.exe] C:\Programfiler\NetMeter\NetMeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe /logon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe /logon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 09:03 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Programfiler\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Programfiler\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-27 00:47 31016 --a------ C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2006-10-30 09:36 256576 --a------ C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] Logi_MwX.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2003-06-30 20:56 188416 --a------ C:\Programfiler\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2003-06-30 21:00 65536 --a------ C:\Programfiler\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] C:\Programfiler\Eset\nod32kui.exe /WAITSERVICE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\onlinemeowdatewipe] C:\Documents and Settings\All Users\Programdata\Blehdebugonlinemeow\setup draw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] 2003-12-04 12:34 406016 --a------ C:\WINDOWS\system32\\PSDrvCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programfiler\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral] C:\Programfiler\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] C:\Programfiler\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility] C:\Programfiler\Fellesfiler\Roxio Shared\System\EngUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ??????????????????????? [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureClean4RegManager] C:\Programfiler\WhiteCanyon\SecureClean 4\scregmanager4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureClean4Tray] C:\Programfiler\WhiteCanyon\SecureClean 4\sctray4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter] C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Programfiler\Steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcactive] C:\Programfiler\The Cleaner\tca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcmonitor] C:\Programfiler\The Cleaner\tcm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "StyleXPService"=2 (0x2) "MSSQL$PINNACLESYS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2007-11-30 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Programfiler\TuneUp Utilities 2006\SystemOptimizer.exe "2007-12-02 23:00:00 C:\WINDOWS\Tasks\AEE8156C91F38598.job" - c:\docume~1\eier\progra~1\phoned~1\binbowsthis.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-03 00:59:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-03 1:01:04 - machine was rebooted C:\ComboFix2.txt ... 2007-12-02 23:27 C:\ComboFix3.txt ... 2007-12-02 02:59 . --- E O F --- Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 01:05:07, on 03.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\slserv.exe c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cscript.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\bert\Skrivebord\utorrent.exe G:\Diverse\Pelleapekatt.exe C:\Programfiler\Mozilla Firefox\firefox.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.nor.chello.no/ssi/welcome/welcome.php?url=home R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50} - C:\WINDOWS\SYSTEM32\cbxuron.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O14 - IERESET.INF: START_PAGE_URL=http://home.nor.chello.no/ssi/welcome/welcome.php?url=home O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - http://www.buypass.no/Installasjoner/Buypa...ogram/setup.exe O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.107 85.255.112.217 O17 - HKLM\System\CS1\Services\Tcpip\..\{0A3DEE5F-81FD-42CB-8E96-6F5C8FD232EC}: NameServer = 85.255.115.107,85.255.112.217 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\skrivebord\SASWINLO.dll O20 - Winlogon Notify: cbxuron - cbxuron.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: E404Helper - {ecf740e2-220c-4148-8cbb-31cb52144854} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programfiler\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SQL Server (SONY_MEDIAMGR2) (MSSQL$SONY_MEDIAMGR2) - Unknown owner - C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 (file missing) O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\programfiler\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Secure (Secure Windows NT) - Unknown owner - C:\WINDOWS\system32\secure.exe (file missing) O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programfiler\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programfiler\Windows Live\installer\WLSetupSvc.exe Lenke til kommentar
norbat Skrevet 3. desember 2007 Del Skrevet 3. desember 2007 Fix følgende linjer med HJT: O2 - BHO: (no name) - {79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50} - C:\WINDOWS\SYSTEM32\cbxuron.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.107 85.255.112.217 O17 - HKLM\System\CS1\Services\Tcpip\..\{0A3DEE5F-81FD-42CB-8E96-6F5C8FD232EC}: NameServer = 85.255.115.107,85.255.112.217 O20 - Winlogon Notify: cbxuron - cbxuron.dll (file missing) O21 - SSODL: E404Helper - {ecf740e2-220c-4148-8cbb-31cb52144854} - (no file) O23 - Service: Secure (Secure Windows NT) - Unknown owner - C:\WINDOWS\system32\secure.exe (file missing) Klikk deretter Start->Kjør Skriv: cmd Fra ledetekst skriv: sc stop Secure Windows NT (klikk Enter) sc delete Secure Windows NT (klikk Enter) ipconfig /flushdns (klikk Enter) Exit Bruk utforsker, og hvis de finnes, slett (i fet): (mulig du må slå på "Vis skjulte filer og mapper....", kanskje må du ut i sikker modus for å få slettet dem) C:\WINDOWS\??curity <- ?? = vilkårlige tegn. Har ei fil som heter ?ervices.exe i C:\DOCUME~1\bert\MINEDO~1\MCROSO~1.NET <- ~1 = forkortelse. Se etter ei mappe som heter noe med MCR.... Deretter starter du notisblokk og limer inn det som er i fet tekst under. Lagre fila på skrivebordet som regfix.reg. Dobbeltklikk på fila og si ja til å legge til info. i registeret: REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "main"=- "default"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "sysinit"=- "ati"=- [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{79B3844B-6DAC-4B78-B0B8-C99D8BBDCD50}"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuron] Når du har gjort dette restarter du og poster en ny hjt-logg. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå