Datamus Skrevet 28. oktober 2008 Del Skrevet 28. oktober 2008 (endret) Har hatt mye problemer med min søster sin jobb data som hun fikk for 1 ukes tid siden. har fulgt alle punktene i Veiledningen og her er loggene. Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.30Database versjon: 1332 Windows 5.1.2600 Service Pack 2 28.10.2008 16:45:39 mbam-log-2008-10-28 (16-45-39).txt Skanntype: Rask Skann Objekter skannet: 54126 Tid tilbakelagt: 2 minute(s), 14 second(s) Minneprosesser infisert: 5 Minnemoduler infisert: 6 Registernøkler infisert: 33 Registerverdier infisert: 10 Registerfiler infisert: 15 Mapper infisert: 2 Filer infisert: 29 Minneprosesser infisert: C:\WINDOWS\system32\algg.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Programfiler\Applications\iebtm.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Programfiler\Applications\iebtmm.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Programfiler\Applications\wcm.exe (Trojan.Zlob) -> Unloaded process successfully. C:\Programfiler\Applications\wcs.exe (Trojan.Zlob) -> Unloaded process successfully. Minnemoduler infisert: C:\WINDOWS\system32\512686\512686.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\813686\813686.dll (Trojan.BHO) -> Delete on reboot. C:\Programfiler\Applications\iebr.dll (Trojan.Zlob) -> Delete on reboot. C:\WINDOWS\system32\gcqltg.dll (Trojan.Zlob) -> Delete on reboot. C:\Programfiler\Applications\iebt.dll (Trojan.Zlob) -> Delete on reboot. C:\Programfiler\VResLab\VResLabWarning.dll (Rogue.PestPatrol) -> Delete on reboot. Registernøkler infisert: HKEY_CLASSES_ROOT\CLSID\{ba934431-76af-4c99-93c2-c3d21944a72e} (Trojan.Zlob.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d577b1b9-76e7-42c6-82fe-15206296faed} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d577b1b9-76e7-42c6-82fe-15206296faed} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d577b1b9-76e7-42c6-82fe-15206296faed} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b494e7bb-1e33-4922-a947-f74eff4e714f} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b494e7bb-1e33-4922-a947-f74eff4e714f} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b494e7bb-1e33-4922-a947-f74eff4e714f} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\VResLab (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\vreslabwarning.warningbho (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\vreslabwarning.warningbho.1 (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ba934431-76af-4c99-93c2-c3d21944a72e} (Trojan.Zlob.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysftray2 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: C:\Programfiler\VResLab (Rogue.AntiVirusLab) -> Delete on reboot. C:\WINDOWS\system32\512686 (Trojan.BHO) -> Delete on reboot. Filer infisert: C:\WINDOWS\system32\gcqltg.dll (Trojan.Zlob.H) -> Delete on reboot. C:\WINDOWS\system32\512686\512686.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\813686\813686.dll (Trojan.BHO) -> Delete on reboot. C:\Programfiler\Applications\iebr.dll (Trojan.Zlob) -> Delete on reboot. C:\Programfiler\Applications\iebt.dll (Trojan.Zlob) -> Delete on reboot. C:\Programfiler\VResLab\VResLabWarning.dll (Rogue.PestPatrol) -> Delete on reboot. C:\Documents and Settings\tinhar\Lokale innstillinger\Temp\~nsu.tmp\Au_.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\bolivar23.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\algg.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programfiler\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programfiler\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programfiler\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programfiler\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programfiler\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programfiler\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programfiler\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programfiler\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programfiler\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programfiler\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programfiler\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programfiler\Applications\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programfiler\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\tinhar\Lokale innstillinger\Temp\tt_1225139511.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start-meny\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start-meny\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\tinhar\Lokale innstillinger\Temp\xrg1.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\tinhar\Lokale innstillinger\Temp\xrg2.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\tinhar\Favoritter\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully. Klikk for å se/fjerne innholdet nedenfor ComboFix 08-10-27.05 - tinhar 2008-10-28 16:50:43.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.615 [GMT 1:00] Running from: C:\Documents and Settings\tinhar\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\tinhar\Mine dokumenter\My Documents.url C:\Programfiler\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll C:\WINDOWS\system32\x64 . ((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 ))))))))))))))))))))))))))))))) . 2008-10-28 16:41 . 2008-10-28 16:41 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-28 16:41 . 2008-10-28 16:41 <DIR> d-------- C:\Documents and Settings\tinhar\Programdata\Malwarebytes 2008-10-28 16:41 . 2008-10-28 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-28 16:41 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-28 16:41 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-28 16:36 . 2008-10-28 16:36 <DIR> dr-h----- C:\Documents and Settings\tinhar\Siste 2008-10-28 16:35 . 2008-10-28 16:35 <DIR> d-------- C:\Programfiler\CCleaner 2008-10-28 16:32 . 2008-10-28 16:32 0 --a------ C:\WINDOWS\nsreg.dat 2008-10-28 16:14 . 2008-10-28 16:20 <DIR> d-------- C:\Programfiler\Enigma Software Group 2008-10-27 21:34 . 2008-10-28 15:59 1 ---h----- C:\WINDOWS\f49f4daa.dat 2008-10-27 21:32 . 2008-10-28 16:46 <DIR> d-------- C:\WINDOWS\system32\813686 2008-10-27 21:32 . 2008-10-28 16:46 <DIR> d-------- C:\Programfiler\Applications 2008-10-27 21:32 . 2008-10-28 16:00 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-10-27 21:31 . 2008-10-27 21:59 19,968 -r-hs---- C:\Programfiler\captcha.dll 2008-10-27 21:31 . 2008-10-27 21:31 1 --a------ C:\WINDOWS\t55ft7466f44.dat 2008-10-26 20:25 . 2008-10-26 22:04 <DIR> d-------- C:\Documents and Settings\tinhar\Programdata\U3 2008-10-26 20:25 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys 2008-10-25 20:47 . 2008-10-25 20:47 <DIR> d-------- C:\Documents and Settings\tinhar\Programdata\InterVideo 2008-10-22 10:41 . 2004-05-14 15:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-10-22 10:41 . 2004-05-14 15:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-10-22 10:41 . 2004-05-14 15:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-10-22 10:41 . 2004-05-14 15:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-10-22 10:41 . 2004-01-12 01:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-10-22 10:41 . 2004-05-14 15:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-10-22 10:41 . 2003-11-04 14:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-10-22 10:41 . 2004-05-14 15:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-10-21 19:36 . 2008-10-27 11:50 <DIR> d-------- C:\Programfiler\EA GAMES 2008-10-21 19:36 . 2008-03-13 02:10 445,504 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-10-16 07:35 . 2008-05-01 15:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-10-16 07:35 . 2008-02-26 13:01 294,912 --------- C:\WINDOWS\system32\dllcache\msctf.dll 2008-10-15 17:41 . 2008-10-15 17:42 <DIR> d-------- C:\Documents and Settings\tinhar\Contacts 2008-10-15 17:30 . 2008-10-15 17:37 <DIR> d-------- C:\Programfiler\Windows Live 2008-10-15 17:30 . 2008-10-15 17:37 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-10-15 17:30 . 2008-10-15 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-10-14 19:12 . 2008-10-14 19:12 <DIR> d-------- C:\Programfiler\Fellesfiler\DirectX 2008-10-14 19:11 . 2008-10-21 19:58 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-10-14 19:06 . 2008-10-14 19:06 <DIR> d-------- C:\Programfiler\Disney Interactive Studios 2008-10-14 19:05 . 2008-10-14 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Disney Interactive Studios 2008-10-14 19:05 . 2008-10-14 19:11 1,201 --a------ C:\WINDOWS\disney.ini 2008-10-14 19:05 . 2008-10-14 19:05 161 --a------ C:\WINDOWS\disneysy.ini 2008-10-14 11:11 . 2008-06-23 17:57 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-10-14 11:11 . 2007-04-17 10:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-10-14 11:11 . 2007-03-08 06:11 1,007,616 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-10-14 11:11 . 2008-06-23 17:57 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-10-14 11:11 . 2008-06-23 17:57 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-10-14 11:11 . 2008-06-23 17:57 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-10-14 11:11 . 2008-06-23 17:57 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-10-14 11:11 . 2008-06-23 17:57 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-10-14 11:11 . 2008-06-23 10:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-10-14 11:10 . 2008-10-14 11:11 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-10-14 10:57 . 2008-10-14 10:57 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-10-14 10:42 . 2006-12-26 14:09 536,576 --------- C:\WINDOWS\system32\dllcache\msado15.dll 2008-10-14 10:42 . 2006-12-19 19:18 333,824 --------- C:\WINDOWS\system32\dllcache\wiaservc.dll 2008-10-14 10:42 . 2008-06-14 19:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-10-14 10:42 . 2008-06-14 19:00 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-10-14 10:42 . 2006-12-26 14:09 200,704 --------- C:\WINDOWS\system32\dllcache\msadox.dll 2008-10-14 10:42 . 2006-12-26 14:09 180,224 --------- C:\WINDOWS\system32\dllcache\msadomd.dll 2008-10-14 10:42 . 2006-12-26 14:09 102,400 --------- C:\WINDOWS\system32\dllcache\msjro.dll 2008-10-14 10:42 . 2008-06-24 17:24 74,240 --------- C:\WINDOWS\system32\dllcache\mscms.dll 2008-10-14 10:41 . 2007-07-06 13:51 660,992 --------- C:\WINDOWS\system32\dllcache\mqqm.dll 2008-10-14 10:41 . 2007-07-06 13:51 472,576 --------- C:\WINDOWS\system32\dllcache\mqutil.dll 2008-10-14 10:41 . 2007-07-06 13:51 177,152 --------- C:\WINDOWS\system32\dllcache\mqrt.dll 2008-10-14 10:41 . 2007-07-06 13:51 138,240 --------- C:\WINDOWS\system32\dllcache\mqad.dll 2008-10-14 10:41 . 2007-07-06 13:51 95,744 --------- C:\WINDOWS\system32\dllcache\mqsec.dll 2008-10-14 10:41 . 2007-07-06 11:05 72,960 --------- C:\WINDOWS\system32\dllcache\mqac.sys 2008-10-14 10:41 . 2007-07-06 13:51 48,640 --------- C:\WINDOWS\system32\dllcache\mqupgrd.dll 2008-10-14 10:41 . 2007-07-06 13:51 47,104 --------- C:\WINDOWS\system32\dllcache\mqdscli.dll 2008-10-14 10:41 . 2007-07-06 13:51 16,896 --------- C:\WINDOWS\system32\dllcache\mqise.dll 2008-10-14 10:40 . 2007-10-25 17:57 8,460,800 --------- C:\WINDOWS\system32\dllcache\shell32.dll 2008-10-14 10:40 . 2007-02-28 17:09 2,183,936 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-14 10:40 . 2007-02-28 17:09 2,139,648 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-14 10:40 . 2007-02-28 17:09 2,019,328 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-14 10:40 . 2006-06-22 06:17 1,436,672 --------- C:\WINDOWS\system32\dllcache\query.dll 2008-10-14 10:40 . 2007-06-26 07:10 1,104,896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2008-10-14 10:40 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-10-14 10:40 . 2006-12-19 22:51 134,656 --------- C:\WINDOWS\system32\dllcache\shsvcs.dll 2008-10-14 10:40 . 2006-06-22 06:17 69,120 --------- C:\WINDOWS\system32\dllcache\ciodm.dll 2008-10-14 10:38 . 2007-05-16 16:19 1,314,816 --------- C:\WINDOWS\system32\dllcache\msoe.dll 2008-10-14 10:38 . 2007-05-16 16:19 510,976 --------- C:\WINDOWS\system32\dllcache\wab32.dll 2008-10-14 10:38 . 2007-05-16 16:19 86,528 --------- C:\WINDOWS\system32\dllcache\directdb.dll 2008-10-14 10:38 . 2007-05-16 16:19 85,504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll 2008-10-14 10:35 . 2007-03-17 14:45 292,864 --------- C:\WINDOWS\system32\dllcache\winsrv.dll 2008-10-14 10:35 . 2008-05-08 13:28 202,752 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-10-14 10:35 . 2006-06-14 09:47 172,416 --------- C:\WINDOWS\system32\dllcache\kmixer.sys 2008-10-14 10:35 . 2006-10-16 17:16 122,880 --------- C:\WINDOWS\system32\dllcache\oledlg.dll 2008-10-14 10:35 . 2006-06-14 10:00 82,944 --------- C:\WINDOWS\system32\dllcache\wdmaud.sys 2008-10-14 10:35 . 2006-06-14 09:47 6,400 --------- C:\WINDOWS\system32\dllcache\splitter.sys 2008-10-14 10:34 . 2007-03-09 14:48 57,344 --------- C:\WINDOWS\system32\dllcache\agentdpv.dll 2008-10-14 10:32 . 2007-02-09 12:10 574,464 --------- C:\WINDOWS\system32\dllcache\ntfs.sys 2008-10-14 10:32 . 2008-06-20 11:45 360,320 --------- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-10-14 10:32 . 2008-06-20 18:43 246,784 --------- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-10-14 10:32 . 2008-06-20 11:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys 2008-10-14 10:32 . 2006-08-16 13:00 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll 2008-10-14 10:32 . 2008-02-20 06:39 45,568 --------- C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-10-14 10:30 . 2007-04-16 16:54 985,600 --------- C:\WINDOWS\system32\dllcache\kernel32.dll 2008-10-14 10:30 . 2007-12-04 19:42 550,912 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll 2008-10-14 10:29 . 2007-08-13 17:38 491,520 --a------ C:\WINDOWS\system32\dllcache\jscript.dll 2008-10-14 10:29 . 2007-08-13 17:54 413,696 --a------ C:\WINDOWS\system32\dllcache\vbscript.dll 2008-10-14 10:28 . 2008-10-14 10:28 <DIR> d-------- C:\Documents and Settings\tinhar\Bluetooth Software 2008-10-14 10:28 . 2007-01-23 20:31 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx 2008-10-14 10:27 . 2008-10-28 16:08 <DIR> dr------- C:\Documents and Settings\tinhar\Start-meny 2008-10-14 10:27 . 2007-06-29 22:02 <DIR> d--h----- C:\Documents and Settings\tinhar\Skrivere 2008-10-14 10:27 . 2008-10-28 16:49 <DIR> d-------- C:\Documents and Settings\tinhar\Skrivebord 2008-10-14 10:27 . 2007-06-29 22:02 <DIR> d-------- C:\Documents and Settings\tinhar\Programdata\SampleView 2008-10-14 10:27 . 2007-06-29 22:02 <DIR> d-------- C:\Documents and Settings\tinhar\Programdata\InstallShield 2008-10-14 10:27 . 2007-06-29 22:02 <DIR> d-------- C:\Documents and Settings\tinhar\Programdata\hpqLog 2008-10-14 10:27 . 2008-10-28 16:41 <DIR> dr-h----- C:\Documents and Settings\tinhar\Programdata 2008-10-14 10:27 . 2008-10-28 16:51 <DIR> dr------- C:\Documents and Settings\tinhar\Mine dokumenter 2008-10-14 10:27 . 2007-06-29 22:02 <DIR> d--h----- C:\Documents and Settings\tinhar\Maler 2008-10-14 10:27 . 2007-06-29 22:02 <DIR> d--h----- C:\Documents and Settings\tinhar\Lokale innstillinger 2008-10-14 10:27 . 2008-10-27 21:32 <DIR> dr------- C:\Documents and Settings\tinhar\Favoritter 2008-10-14 10:27 . 2007-06-29 22:02 <DIR> d--h----- C:\Documents and Settings\tinhar\AndrMask 2008-10-14 10:27 . 2008-10-28 16:36 <DIR> d-------- C:\Documents and Settings\tinhar 2008-10-14 07:55 . 2008-10-14 07:55 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-10-14 07:54 . 2006-06-20 09:50 453,248 --------- C:\WINDOWS\system32\dllcache\mrxsmb.sys 2008-10-14 07:54 . 2006-06-20 09:59 332,928 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-14 07:54 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-10-14 07:54 . 2008-10-17 08:53 382 --a------ C:\WINDOWS\ODBC.INI 2008-10-14 07:52 . 2008-10-14 07:53 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-10-14 07:52 . 2008-10-14 07:52 <DIR> d-------- C:\Programfiler\Microsoft.NET 2008-10-14 07:49 . 2007-06-29 22:02 <DIR> dr------- C:\Documents and Settings\bjasto2\Start-meny 2008-10-14 07:49 . 2007-06-29 22:02 <DIR> d--h----- C:\Documents and Settings\bjasto2\Skrivere 2008-10-14 07:49 . 2007-06-29 22:02 <DIR> d-------- C:\Documents and Settings\bjasto2\Skrivebord 2008-10-14 07:49 . 2008-10-14 07:49 <DIR> dr-h----- C:\Documents and Settings\bjasto2\Siste 2008-10-14 07:49 . 2007-06-29 22:02 <DIR> d-------- C:\Documents and Settings\bjasto2\Programdata\SampleView . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-28 15:46 --------- d-----w C:\Programfiler\Google 2008-10-14 18:11 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-10-14 06:54 --------- d-----w C:\Programfiler\Java . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Captcha"="rundll" [X] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "PDF Complete"="C:\Programfiler\PDF Complete\pdfsty.exe" [2007-02-20 331552] "PTHOSTTR"="C:\Programfiler\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-02-26 131072] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-02-26 155648] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-26 131072] "hpWirelessAssistant"="C:\Programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608] "QlbCtrl"="C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 159744] "CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "HP Software Update"="c:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "Cpqset"="C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960] "WatchDog"="C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe" [2006-09-05 184320] "AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 124928] "MsmqIntCert"="mqrt.dll" [2007-07-06 C:\WINDOWS\system32\mqrt.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213] DVD Check.lnk - C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe [2007-06-29 184320] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "MaxGPOScriptWait"= 32000 (0x7d00) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0] "Script"=lokadm.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\1] "Script"=pcbb.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0] "Script"=pushprinterconnections.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-213338\Scripts\Logon\0\0] "Script"=Sym2Server.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-213338\Scripts\Logon\1\0] "Script"=pushprinterconnections.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-213338\Scripts\Logon\1\1] "Script"=StdPrintAnsatte.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-213338\Scripts\Logon\2\0] "Script"=lerar_set.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-308029\Scripts\Logon\0\0] "Script"=Sym2Server.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-308029\Scripts\Logon\1\0] "Script"=pushprinterconnections.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-308029\Scripts\Logon\1\1] "Script"=StdPrintAnsatte.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-308029\Scripts\Logon\2\0] "Script"=lerar_set.bat [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R2 pdfcDispatcher;PDF Document Manager;C:\Programfiler\PDF Complete\pdfsvc.exe [2007-02-20 539936] S2 ASBroker;Logon Session Broker;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 36608] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3dec872-a393-11dd-9fb2-001b776a0c26}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . - - - - ORPHANS REMOVED - - - - HKCU-Run-VResLab - C:\Programfiler\VResLab\VResLab.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\tinhar\Programdata\Mozilla\Firefox\Profiles\df0t97u0.default\ FF -: plugin - C:\Programfiler\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-28 16:54:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe???????????????@?????0\????????@???????@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="C:\Programfiler\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\msdtc.exe C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\mqsvc.exe C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTStackServer.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\scardsvr.exe . ************************************************************************** . Completion time: 2008-10-28 16:55:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-28 15:55:45 Pre-Run: 104 599 617 536 byte ledig Post-Run: 104,576,122,880 byte ledig 270 --- E O F --- 2008-10-16 10:35:52 Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:59, on 2008-10-28 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\PDF Complete\pdfsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\PDF Complete\pdfsty.exe C:\Programfiler\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\imapi.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\Programfiler\Java\jre1.6.0_01\bin\jucheck.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ISAFarm:8080/array.dll?Get.Routing.Script R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PDF Complete] "C:\Programfiler\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [HP Software Update] c:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe O4 - HKLM\..\Run: [Captcha] rundll "C:\Programfiler\captcha.dll",captcha O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.foto.vg.no/uploader/ImageUploader4.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hfk.vgs.no O17 - HKLM\Software\..\Telephony: DomainName = hfk.vgs.no O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hfk.vgs.no O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hfk.vgs.no O20 - AppInit_DLLs: APSHook.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programfiler\PDF Complete\pdfsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe -- End of file - 7995 bytes Endret 28. oktober 2008 av Datamus Lenke til kommentar
Datamus Skrevet 28. oktober 2008 Forfatter Del Skrevet 28. oktober 2008 Det som var problemet var att det hele tiden var et lite icon nede med klokken og sa at pcn var ubeskyttet for virus og drit. og IE låste seg konstant, med mangen advarsler om at pcn var ubeskyttet for virus. Husker ikke hva det programmet het, men jeg gjorde et kjapt google søk og fant bare linker til hvordan få det vekk. Lenke til kommentar
Bruker-158599 Skrevet 28. oktober 2008 Del Skrevet 28. oktober 2008 Det som var problemet var att det hele tiden var et lite icon nede med klokken og sa at pcn var ubeskyttet for virus og drit.og IE låste seg konstant, med mangen advarsler om at pcn var ubeskyttet for virus. Husker ikke hva det programmet het, men jeg gjorde et kjapt google søk og fant bare linker til hvordan få det vekk. Har du antivirus på pc'n da? Lenke til kommentar
raWrz Skrevet 28. oktober 2008 Del Skrevet 28. oktober 2008 (endret) Det som var problemet var att det hele tiden var et lite icon nede med klokken og sa at pcn var ubeskyttet for virus og drit.og IE låste seg konstant, med mangen advarsler om at pcn var ubeskyttet for virus. Husker ikke hva det programmet het, men jeg gjorde et kjapt google søk og fant bare linker til hvordan få det vekk. het det antivirus 2008 eller noe lignende? edit: ser ut som om du ikke har antivirus program? Endret 28. oktober 2008 av Submit Lenke til kommentar
norbat Skrevet 28. oktober 2008 Del Skrevet 28. oktober 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\f49f4daa.dat Folder:: C:\WINDOWS\system32\813686 Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Captcha"=- Hvordan går det med problemet? Lenke til kommentar
Datamus Skrevet 28. oktober 2008 Forfatter Del Skrevet 28. oktober 2008 (endret) Cheers. skal prøve imorgen, er ikke min data. nei ikke noe antivirus såvidt jeg vet. tenkte å innstalere Avast der. Edit: Tror det var Virus Response lab 2009 som kom opp hele tiden. Endret 28. oktober 2008 av Datamus Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå