Miisu Skrevet 6. desember 2008 Del Skrevet 6. desember 2008 (endret) Som overskriften sier: sysftray2 i mapåpen bolivar23 i oppstart. Virus? Skal legge til at maskinen er uhorvelig treg etter at dette programmet la seg inn. Kan jeg avinstalere eller må det fjernes på annet vis? Takker for all hjelp jeg kan få!! Endret 6. desember 2008 av Miisu Lenke til kommentar
norbat Skrevet 6. desember 2008 Del Skrevet 6. desember 2008 Det er malware, ja. Kjør gjennom veiledningen i følgende tråd. Loggene det spørres etter, poster du her i din egen tråd. Lenke til kommentar
Miisu Skrevet 8. desember 2008 Forfatter Del Skrevet 8. desember 2008 (endret) Det er malware, ja. Kjør gjennom veiledningen i følgende tråd. Loggene det spørres etter, poster du her i din egen tråd. Takker for hjelpen, her kommer loggene: Malware Malwarebytes' Anti-Malware 1.31 Databaseversjon: 1475 Windows 5.1.2600 Service Pack 3 08.12.2008 21:54:29 mbam-log-2008-12-08 (21-54-29).txt Skanntype: Rask Skann Objekter skannet: 60409 Tid tilbakelagt: 4 minute(s), 29 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 2 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcnnoj0etdj (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysftray2 (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Combo: ComboFix 08-12-07.01 - Trine Og Diana 2008-12-08 22:24:37.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1361 [GMT 1:00] Kjører fra: c:\documents and settings\Trine Og Diana\Skrivebord\ComboFix.exe * Resident AV is active ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-08 til 2008-12-08 ))))))))))))))))))))))))))))))))) . 2008-12-08 21:48 . 2008-12-08 21:48 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-08 21:48 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-08 21:48 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-06 21:18 . 2008-12-06 21:18 <DIR> d-------- c:\windows\LastGood 2008-12-06 15:53 . 2008-12-06 15:53 <DIR> d-------- c:\programfiler\Trend Micro 2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft 2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\programfiler\iTunes 2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\programfiler\iPod 2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-05 22:51 . 2008-12-05 22:51 <DIR> d-------- c:\programfiler\QuickTime 2008-12-05 22:07 . 2007-12-18 17:07 405,504 --a------ c:\windows\system32\cmdiag.cpl 2008-12-05 22:07 . 2006-11-20 14:43 241,664 --a------ c:\windows\system32\cmabout.dll 2008-12-05 22:07 . 2007-12-18 07:50 10,357 --a------ c:\windows\system32\cmdiag.ini 2008-12-05 22:07 . 2007-12-13 18:33 142 --a------ c:\windows\system32\cmabout.ini 2008-12-05 02:58 . 2008-12-05 02:58 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-01 23:47 . 2008-12-01 23:47 716,272 --a------ c:\windows\system32\drivers\sptd.sys 2008-11-30 17:26 . 2008-11-30 17:26 <DIR> d-------- C:\CloneDVDTemp 2008-11-30 15:05 . 2008-11-30 15:05 <DIR> d-------- c:\documents and settings\Trine Og Diana\Programdata\dvdcss 2008-11-30 05:17 . 2008-12-03 17:32 <DIR> d-------- c:\programfiler\DVDFab 5 2008-11-30 05:17 . 2008-11-30 05:18 <DIR> d-------- c:\documents and settings\Trine Og Diana\Programdata\Vso 2008-11-30 05:17 . 2008-11-30 05:17 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-11-30 05:17 . 2008-11-30 05:17 47,360 --a------ c:\documents and settings\Trine Og Diana\Programdata\pcouffin.sys 2008-11-30 04:51 . 2008-11-30 04:51 <DIR> d-------- c:\documents and settings\All Users\Programdata\Elaborate Bytes 2008-11-30 04:50 . 2008-11-30 04:50 <DIR> d-------- c:\programfiler\Elaborate Bytes 2008-11-28 00:51 . 2008-12-06 14:55 <DIR> d-------- c:\programfiler\Fellesfiler\Apple 2008-11-28 00:49 . 2008-11-28 00:49 <DIR> d-------- c:\programfiler\Bonjour 2008-11-28 00:33 . 2008-11-28 00:33 <DIR> d-------- c:\programfiler\Secunia 2008-11-27 14:53 . 2008-11-27 14:53 8,704 --ahs---- c:\windows\Thumbs.db 2008-11-26 18:46 . 2008-11-26 18:46 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information 2008-11-26 18:45 . 2008-11-26 18:45 <DIR> d--h----- c:\programfiler\CanonBJ 2008-11-26 18:42 . 2008-11-26 18:42 <DIR> d--h----- c:\documents and settings\All Users\Programdata\CanonBJ 2008-11-26 18:41 . 2007-10-22 06:00 223,744 --a------ c:\windows\system32\CNMLM97.DLL 2008-11-18 14:36 . 2008-11-18 14:36 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys 2008-11-18 03:48 . 2008-12-03 14:31 <DIR> d-------- c:\windows\myVRmfcax 2008-11-12 07:57 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 07:57 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-06 13:59 --------- d-----w c:\programfiler\Lavasoft 2008-12-06 13:58 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-06 13:53 --------- d-----w c:\programfiler\Enigma Software Group 2008-12-06 12:39 147,192 ----a-w c:\windows\system32\guard32.dll 2008-12-06 12:39 101,776 ----a-w c:\windows\system32\drivers\cmdguard.sys 2008-12-05 01:58 --------- d-----w c:\programfiler\Java 2008-12-02 02:08 --------- d-----w c:\documents and settings\All Users\Programdata\DVD Shrink 2008-12-01 23:56 --------- d-----w c:\programfiler\PokerStars 2008-11-30 04:22 --------- d-----w c:\programfiler\SlySoft 2008-11-30 04:22 --------- d-----w c:\programfiler\Canon 2008-11-30 03:44 --------- d-----w c:\programfiler\DVD Shrink 2008-11-28 01:42 --------- d-----w c:\documents and settings\Trine Og Diana\Programdata\LimeWire 2008-11-27 23:59 --------- d-----w c:\programfiler\Opera 2008-11-27 23:51 --------- d-----w c:\programfiler\Apple Software Update 2008-11-20 23:04 --------- d-----w c:\programfiler\SoIP-player 2008-11-20 03:04 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys 2008-11-19 19:05 --------- d-----w c:\programfiler\SUPERAntiSpyware 2008-11-19 02:29 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-11-12 12:04 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-11-06 19:06 93,128 ----a-w c:\windows\system32\ElbyCDIO.dll 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll 2007-03-30 13:54 702,096 ----a-w c:\programfiler\APR2007_d3dx10_33_x64.cab 2007-03-30 13:54 699,466 ----a-w c:\programfiler\APR2007_d3dx10_33_x86.cab 2007-03-30 13:54 56,902 ----a-w c:\programfiler\APR2007_xinput_x86.cab 2007-03-30 13:54 45,302 ----a-w c:\programfiler\dxdllreg_x86.cab 2007-03-30 13:54 199,384 ----a-w c:\programfiler\APR2007_XACT_x64.cab 2007-03-30 13:54 155,350 ----a-w c:\programfiler\APR2007_XACT_x86.cab 2007-03-30 13:54 100,434 ----a-w c:\programfiler\APR2007_xinput_x64.cab 2007-03-30 13:54 1,610,998 ----a-w c:\programfiler\APR2007_d3dx9_33_x64.cab 2007-03-30 13:54 1,610,311 ----a-w c:\programfiler\APR2007_d3dx9_33_x86.cab 2007-03-30 13:38 85,883 ----a-w c:\programfiler\dxupdate.cab 2007-03-30 13:38 77,160 ----a-w c:\programfiler\DSETUP.dll 2007-03-30 13:38 503,144 ----a-w c:\programfiler\DXSETUP.exe 2007-03-30 13:38 1,673,576 ----a-w c:\programfiler\dsetup32.dll 2008-07-25 18:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008072520080726\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-19 1805552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-08-14 352256] "Gainward"="c:\windows\TBPanel.exe" [2007-01-12 2162688] "Norman ZANDA"="c:\norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616] "OpwareSE2"="c:\programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776] "COMODO Firewall Pro"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-12-06 1797880] "COMODO Internet Security"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-12-06 1797880] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-05 136600] "nwiz"="nwiz.exe" [2007-11-06 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Exetender"="c:\programfiler\SoIP-player\GPlayer.exe" [2008-05-15 1958400] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-10-02 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-10-02 11:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-11-15 09:46 204288 c:\programfiler\Windows Media Player\wmpnscfg.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Media Player\\wmplayer.exe"= "c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\winver.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7887:TCP"= 7887:TCP:BitComet 7887 TCP "7887:UDP"= 7887:UDP:BitComet 7887 UDP R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-08-13 101776] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-08-13 31504] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024] R2 Ndiskio;Ndiskio;\??\c:\norman\Nse\bin\NDISKIO.SYS [2007-04-26 20448] R2 NVOY;Norman's Very Own supplY of resources;"c:\norman\npm\bin\nvoy.exe" [2008-03-05 121912] R2 X4HSX32Ex;X4HSX32Ex;\??\c:\programfiler\SoIP-player\X4HSX32Ex.Sys [2008-09-20 29856] R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792] R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-08 38496] R3 nsesvc;Norman Scanner Engine Service;"c:\norman\nse\bin\NSESVC.EXE" -daemon [2008-06-27 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2007-05-03 19512] R3 nvcoas;Norman Virus Control on-access component;"c:\norman\Nvc\bin\nvcoas.exe" [2008-01-15 191544] R3 NVCScheduler;Norman Virus Control Scheduler;"c:\norman\Npm\bin\NVCSCHED.EXE" [2008-03-05 154680] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] S1 b768beaa;b768beaa;c:\windows\system32\drivers\b768beaa.sys [] S3 nvcfsr;nvcfsr;\??\c:\norman\Nvc\bin\nvcfsr.sys [2007-04-26 6712] S3 nvcoafl51;nvcoafl51;\??\c:\norman\Nvc\bin\nvcoafl51.sys [2007-04-26 30264] S3 nvcoaft51;nvcoaft51;\??\c:\norman\Nvc\bin\nvcoaft51.sys [2007-04-26 129848] S3 nvcoarc51;nvcoarc51;\??\c:\norman\Nvc\bin\nvcoarc51.sys [2007-04-26 23224] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808] S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2007-12-22 83208] S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2007-12-30 15112] S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2007-12-30 108552] S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2008-02-04 100360] S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2008-02-04 23176] S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2007-12-30 98568] S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2008-02-04 98952] S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2007-05-14 61536] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2007-05-14 9360] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2007-05-14 97088] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se44mgmt.sys [2007-05-14 88624] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);c:\windows\system32\DRIVERS\se44nd5.sys [2007-05-14 18704] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se44obex.sys [2007-05-14 86432] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);c:\windows\system32\DRIVERS\se44unic.sys [2007-05-14 90800] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [] S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\DRIVERS\z530bus.sys [2008-10-08 58288] S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\DRIVERS\z530mdfl.sys [2008-10-08 8336] S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\DRIVERS\z530mdm.sys [2008-10-08 94064] S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\z530mgmt.sys [2008-10-08 85408] S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\z530obex.sys [2008-10-08 83344] *Newly Created Service* - AAWSERVICE *Newly Created Service* - CATCHME *Newly Created Service* - MBAMSWISSARMY . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.db.no/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game01.zylom.com/activex/zylomgamesplayer.cab c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf FireFox -: Profile - c:\documents and settings\Trine Og Diana\Programdata\Mozilla\Firefox\Profiles\aztt2aer.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.vg.no . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-08 22:26:11 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\guard32.dll c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'lsass.exe'(816) c:\windows\system32\guard32.dll . Tidspunkt ferdig: 2008-12-08 22:27:10 ComboFix-quarantined-files.txt 2008-12-08 21:27:07 ComboFix2.txt 2008-12-08 21:19:00 Pre-Run: 293 627 006 976 byte ledig Post-Run: 293,609,844,736 byte ledig 235 --- E O F --- 2008-11-13 12:01:54 Hij: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:21:13, on 08.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\Bin\Zanda.exe C:\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\TBPanel.exe C:\Norman\Npm\Bin\ZLH.EXE C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\COMODO\Firewall\cmdagent.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\Windows Media Player\WMPNetwk.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Npm\bin\NVCSCHED.EXE C:\WINDOWS\System32\alg.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Norman\nse\bin\NSESVC.EXE C:\Norman\Nvc\Bin\Nip.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\Bin\cclaw.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Trine Og Diana\Skrivebord\tavekk.exe\HijackThis.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.db.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [OpwareSE2] "C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programfiler\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Programfiler\SoIP-player\GPlayer.exe /runonstartup" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre6\bin\jp2iexp.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programfiler\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138020578359 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190028706015 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.eurofoto.no/uploader/ImageUploader4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programfiler\COMODO\Firewall\cmdagent.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9970 bytes Takker for all hjelp jeg kan få her :-) Endret 8. desember 2008 av Miisu Lenke til kommentar
norbat Skrevet 8. desember 2008 Del Skrevet 8. desember 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. dirlook:: c:\windows\myVRmfcax filelook:: c:\windows\system32\drivers\b768beaa.sys Lenke til kommentar
Miisu Skrevet 9. desember 2008 Forfatter Del Skrevet 9. desember 2008 Her er loggen. Jeg vet ikke helt hva du mete med å lagre fila "som". At det sklulle være navnet på fila? Det gjore jeg, for valget på filformat var kun Alle-txt... Får gjøre det igjen om det er feil :-) Takk igjen!! ComboFix 08-12-07.01 - Trine Og Diana 2008-12-09 10:42:22.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1357 [GMT 1:00] Kjører fra: c:\documents and settings\Trine Og Diana\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Trine Og Diana\Skrivebord\CFScript.txt..txt * Opprettet nytt gjenopprettingspunkt * Resident AV is active ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-09 til 2008-12-09 ))))))))))))))))))))))))))))))))) . 2008-12-08 21:48 . 2008-12-08 21:48 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-08 21:48 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-08 21:48 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-06 21:18 . 2008-12-06 21:18 <DIR> d-------- c:\windows\LastGood 2008-12-06 15:53 . 2008-12-06 15:53 <DIR> d-------- c:\programfiler\Trend Micro 2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft 2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\programfiler\iTunes 2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\programfiler\iPod 2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-05 22:51 . 2008-12-05 22:51 <DIR> d-------- c:\programfiler\QuickTime 2008-12-05 22:07 . 2007-12-18 17:07 405,504 --a------ c:\windows\system32\cmdiag.cpl 2008-12-05 22:07 . 2006-11-20 14:43 241,664 --a------ c:\windows\system32\cmabout.dll 2008-12-05 22:07 . 2007-12-18 07:50 10,357 --a------ c:\windows\system32\cmdiag.ini 2008-12-05 22:07 . 2007-12-13 18:33 142 --a------ c:\windows\system32\cmabout.ini 2008-12-05 02:58 . 2008-12-05 02:58 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-01 23:47 . 2008-12-01 23:47 716,272 --a------ c:\windows\system32\drivers\sptd.sys 2008-11-30 17:26 . 2008-11-30 17:26 <DIR> d-------- C:\CloneDVDTemp 2008-11-30 15:05 . 2008-11-30 15:05 <DIR> d-------- c:\documents and settings\Trine Og Diana\Programdata\dvdcss 2008-11-30 05:17 . 2008-12-03 17:32 <DIR> d-------- c:\programfiler\DVDFab 5 2008-11-30 05:17 . 2008-11-30 05:18 <DIR> d-------- c:\documents and settings\Trine Og Diana\Programdata\Vso 2008-11-30 05:17 . 2008-11-30 05:17 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-11-30 05:17 . 2008-11-30 05:17 47,360 --a------ c:\documents and settings\Trine Og Diana\Programdata\pcouffin.sys 2008-11-30 04:51 . 2008-11-30 04:51 <DIR> d-------- c:\documents and settings\All Users\Programdata\Elaborate Bytes 2008-11-30 04:50 . 2008-11-30 04:50 <DIR> d-------- c:\programfiler\Elaborate Bytes 2008-11-28 00:51 . 2008-12-06 14:55 <DIR> d-------- c:\programfiler\Fellesfiler\Apple 2008-11-28 00:49 . 2008-11-28 00:49 <DIR> d-------- c:\programfiler\Bonjour 2008-11-28 00:33 . 2008-11-28 00:33 <DIR> d-------- c:\programfiler\Secunia 2008-11-27 14:53 . 2008-11-27 14:53 8,704 --ahs---- c:\windows\Thumbs.db 2008-11-26 18:46 . 2008-11-26 18:46 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information 2008-11-26 18:45 . 2008-11-26 18:45 <DIR> d--h----- c:\programfiler\CanonBJ 2008-11-26 18:42 . 2008-11-26 18:42 <DIR> d--h----- c:\documents and settings\All Users\Programdata\CanonBJ 2008-11-26 18:41 . 2007-10-22 06:00 223,744 --a------ c:\windows\system32\CNMLM97.DLL 2008-11-18 14:36 . 2008-11-18 14:36 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys 2008-11-18 03:48 . 2008-12-03 14:31 <DIR> d-------- c:\windows\myVRmfcax 2008-11-12 07:57 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 07:57 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-06 13:59 --------- d-----w c:\programfiler\Lavasoft 2008-12-06 13:58 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-06 13:53 --------- d-----w c:\programfiler\Enigma Software Group 2008-12-06 12:39 147,192 ----a-w c:\windows\system32\guard32.dll 2008-12-06 12:39 101,776 ----a-w c:\windows\system32\drivers\cmdguard.sys 2008-12-05 01:58 --------- d-----w c:\programfiler\Java 2008-12-02 02:08 --------- d-----w c:\documents and settings\All Users\Programdata\DVD Shrink 2008-12-01 23:56 --------- d-----w c:\programfiler\PokerStars 2008-11-30 04:22 --------- d-----w c:\programfiler\SlySoft 2008-11-30 04:22 --------- d-----w c:\programfiler\Canon 2008-11-30 03:44 --------- d-----w c:\programfiler\DVD Shrink 2008-11-28 01:42 --------- d-----w c:\documents and settings\Trine Og Diana\Programdata\LimeWire 2008-11-27 23:59 --------- d-----w c:\programfiler\Opera 2008-11-27 23:51 --------- d-----w c:\programfiler\Apple Software Update 2008-11-20 23:04 --------- d-----w c:\programfiler\SoIP-player 2008-11-20 03:04 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys 2008-11-19 19:05 --------- d-----w c:\programfiler\SUPERAntiSpyware 2008-11-19 02:29 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-11-12 12:04 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-11-06 19:06 93,128 ----a-w c:\windows\system32\ElbyCDIO.dll 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll 2007-03-30 13:54 702,096 ----a-w c:\programfiler\APR2007_d3dx10_33_x64.cab 2007-03-30 13:54 699,466 ----a-w c:\programfiler\APR2007_d3dx10_33_x86.cab 2007-03-30 13:54 56,902 ----a-w c:\programfiler\APR2007_xinput_x86.cab 2007-03-30 13:54 45,302 ----a-w c:\programfiler\dxdllreg_x86.cab 2007-03-30 13:54 199,384 ----a-w c:\programfiler\APR2007_XACT_x64.cab 2007-03-30 13:54 155,350 ----a-w c:\programfiler\APR2007_XACT_x86.cab 2007-03-30 13:54 100,434 ----a-w c:\programfiler\APR2007_xinput_x64.cab 2007-03-30 13:54 1,610,998 ----a-w c:\programfiler\APR2007_d3dx9_33_x64.cab 2007-03-30 13:54 1,610,311 ----a-w c:\programfiler\APR2007_d3dx9_33_x86.cab 2007-03-30 13:38 85,883 ----a-w c:\programfiler\dxupdate.cab 2007-03-30 13:38 77,160 ----a-w c:\programfiler\DSETUP.dll 2007-03-30 13:38 503,144 ----a-w c:\programfiler\DXSETUP.exe 2007-03-30 13:38 1,673,576 ----a-w c:\programfiler\dsetup32.dll 2008-07-25 18:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008072520080726\index.dat . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\b768beaa.sys -- Invalid filepath or file no longer exist ---- Directory of c:\windows\myVRmfcax ---- 2008-12-02 17:19 657952 --a------ c:\windows\myVRmfcax\myVRmfcax-1.00700.ocx 2008-11-18 03:48 32815 --a------ c:\windows\myVRmfcax\uninstall.exe 2008-11-04 20:35 560 --a------ c:\windows\myVRmfcax\uninstall.exe.manifest 2008-11-04 20:35 380 --a------ c:\windows\myVRmfcax\myVRmfcax.lic (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-19 1805552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-08-14 352256] "Gainward"="c:\windows\TBPanel.exe" [2007-01-12 2162688] "Norman ZANDA"="c:\norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616] "OpwareSE2"="c:\programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776] "COMODO Firewall Pro"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-12-06 1797880] "COMODO Internet Security"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-12-06 1797880] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-05 136600] "nwiz"="nwiz.exe" [2007-11-06 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Exetender"="c:\programfiler\SoIP-player\GPlayer.exe" [2008-05-15 1958400] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-10-02 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-10-02 11:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-11-15 09:46 204288 c:\programfiler\Windows Media Player\wmpnscfg.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Media Player\\wmplayer.exe"= "c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\winver.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7887:TCP"= 7887:TCP:BitComet 7887 TCP "7887:UDP"= 7887:UDP:BitComet 7887 UDP R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-08-13 101776] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-08-13 31504] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024] R2 Ndiskio;Ndiskio;\??\c:\norman\Nse\bin\NDISKIO.SYS [2007-04-26 20448] R2 NVOY;Norman's Very Own supplY of resources;"c:\norman\npm\bin\nvoy.exe" [2008-03-05 121912] R2 X4HSX32Ex;X4HSX32Ex;\??\c:\programfiler\SoIP-player\X4HSX32Ex.Sys [2008-09-20 29856] R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792] R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-08 38496] R3 nsesvc;Norman Scanner Engine Service;"c:\norman\nse\bin\NSESVC.EXE" -daemon [2008-06-27 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2007-05-03 19512] R3 nvcoas;Norman Virus Control on-access component;"c:\norman\Nvc\bin\nvcoas.exe" [2008-01-15 191544] R3 NVCScheduler;Norman Virus Control Scheduler;"c:\norman\Npm\bin\NVCSCHED.EXE" [2008-03-05 154680] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] S1 b768beaa;b768beaa;c:\windows\system32\drivers\b768beaa.sys [] S3 nvcfsr;nvcfsr;\??\c:\norman\Nvc\bin\nvcfsr.sys [2007-04-26 6712] S3 nvcoafl51;nvcoafl51;\??\c:\norman\Nvc\bin\nvcoafl51.sys [2007-04-26 30264] S3 nvcoaft51;nvcoaft51;\??\c:\norman\Nvc\bin\nvcoaft51.sys [2007-04-26 129848] S3 nvcoarc51;nvcoarc51;\??\c:\norman\Nvc\bin\nvcoarc51.sys [2007-04-26 23224] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808] S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2007-12-22 83208] S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2007-12-30 15112] S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2007-12-30 108552] S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2008-02-04 100360] S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2008-02-04 23176] S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2007-12-30 98568] S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2008-02-04 98952] S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2007-05-14 61536] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2007-05-14 9360] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2007-05-14 97088] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se44mgmt.sys [2007-05-14 88624] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);c:\windows\system32\DRIVERS\se44nd5.sys [2007-05-14 18704] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se44obex.sys [2007-05-14 86432] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);c:\windows\system32\DRIVERS\se44unic.sys [2007-05-14 90800] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [] S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\DRIVERS\z530bus.sys [2008-10-08 58288] S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\DRIVERS\z530mdfl.sys [2008-10-08 8336] S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\DRIVERS\z530mdm.sys [2008-10-08 94064] S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\z530mgmt.sys [2008-10-08 85408] S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\z530obex.sys [2008-10-08 83344] *Newly Created Service* - AAWSERVICE *Newly Created Service* - CATCHME *Newly Created Service* - MBAMSWISSARMY . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.db.no/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game01.zylom.com/activex/zylomgamesplayer.cab c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf FireFox -: Profile - c:\documents and settings\Trine Og Diana\Programdata\Mozilla\Firefox\Profiles\aztt2aer.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.vg.no . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-09 10:43:59 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\guard32.dll c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'lsass.exe'(816) c:\windows\system32\guard32.dll . Tidspunkt ferdig: 2008-12-09 10:44:56 ComboFix-quarantined-files.txt 2008-12-09 09:44:53 ComboFix2.txt 2008-12-08 21:27:11 ComboFix3.txt 2008-12-08 21:19:00 Pre-Run: 293 591 060 480 byte ledig Post-Run: 293,575,409,664 byte ledig 246 --- E O F --- 2008-11-13 12:01:54 Lenke til kommentar
norbat Skrevet 9. desember 2008 Del Skrevet 9. desember 2008 Vet du hva dette er for ei mappe?: c:\windows\myVRmfcax Lenke til kommentar
Miisu Skrevet 9. desember 2008 Forfatter Del Skrevet 9. desember 2008 Vet du hva dette er for ei mappe?:c:\windows\myVRmfcax Hmm, nei. Inni ligger: myVRmfcax-1.00700.ocx uninstall.exe.manifest myVRmfcax.lic uninstall Kan ikke si jeg har sett noe som heter dette noe sted nei... Lenke til kommentar
norbat Skrevet 10. desember 2008 Del Skrevet 10. desember 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. Folder:: c:\windows\myVRmfcax Driver:: b768beaa Lenke til kommentar
Miisu Skrevet 15. desember 2008 Forfatter Del Skrevet 15. desember 2008 Her kommer den: ComboFix 08-12-15.01 - Trine Og Diana 2008-12-15 20:22:55.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2046.1389 [GMT 1:00] Kjører fra: c:\documents and settings\Trine Og Diana\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Trine Og Diana\Skrivebord\CFScript.txt * Opprettet nytt gjenopprettingspunkt * Resident AV is active ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\myVRmfcax c:\windows\myVRmfcax\myVRmfcax-1.00700.ocx c:\windows\myVRmfcax\myVRmfcax.lic c:\windows\myVRmfcax\uninstall.exe c:\windows\myVRmfcax\uninstall.exe.manifest c:\windows\system32\tmp.reg . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_b768beaa ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-15 til 2008-12-15 ))))))))))))))))))))))))))))))))) . 2008-12-08 21:48 . 2008-12-08 21:48 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-08 21:48 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-08 21:48 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-06 15:53 . 2008-12-06 15:53 <DIR> d-------- c:\programfiler\Trend Micro 2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft 2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\programfiler\iTunes 2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\programfiler\iPod 2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-05 22:51 . 2008-12-05 22:51 <DIR> d-------- c:\programfiler\QuickTime 2008-12-05 22:07 . 2007-12-18 17:07 405,504 --a------ c:\windows\system32\cmdiag.cpl 2008-12-05 22:07 . 2006-11-20 14:43 241,664 --a------ c:\windows\system32\cmabout.dll 2008-12-05 22:07 . 2007-12-18 07:50 10,357 --a------ c:\windows\system32\cmdiag.ini 2008-12-05 22:07 . 2007-12-13 18:33 142 --a------ c:\windows\system32\cmabout.ini 2008-12-05 02:58 . 2008-12-05 02:58 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-01 23:47 . 2008-12-01 23:47 716,272 --a------ c:\windows\system32\drivers\sptd.sys 2008-11-30 17:26 . 2008-11-30 17:26 <DIR> d-------- C:\CloneDVDTemp 2008-11-30 15:05 . 2008-11-30 15:05 <DIR> d-------- c:\documents and settings\Trine Og Diana\Programdata\dvdcss 2008-11-30 05:17 . 2008-12-03 17:32 <DIR> d-------- c:\programfiler\DVDFab 5 2008-11-30 05:17 . 2008-11-30 05:18 <DIR> d-------- c:\documents and settings\Trine Og Diana\Programdata\Vso 2008-11-30 05:17 . 2008-11-30 05:17 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-11-30 05:17 . 2008-11-30 05:17 47,360 --a------ c:\documents and settings\Trine Og Diana\Programdata\pcouffin.sys 2008-11-30 04:51 . 2008-11-30 04:51 <DIR> d-------- c:\documents and settings\All Users\Programdata\Elaborate Bytes 2008-11-30 04:50 . 2008-11-30 04:50 <DIR> d-------- c:\programfiler\Elaborate Bytes 2008-11-28 00:51 . 2008-12-06 14:55 <DIR> d-------- c:\programfiler\Fellesfiler\Apple 2008-11-28 00:49 . 2008-11-28 00:49 <DIR> d-------- c:\programfiler\Bonjour 2008-11-28 00:33 . 2008-11-28 00:33 <DIR> d-------- c:\programfiler\Secunia 2008-11-27 14:53 . 2008-11-27 14:53 8,704 --ahs---- c:\windows\Thumbs.db 2008-11-26 18:46 . 2008-11-26 18:46 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information 2008-11-26 18:45 . 2008-11-26 18:45 <DIR> d--h----- c:\programfiler\CanonBJ 2008-11-26 18:42 . 2008-11-26 18:42 <DIR> d--h----- c:\documents and settings\All Users\Programdata\CanonBJ 2008-11-26 18:41 . 2007-10-22 06:00 223,744 --a------ c:\windows\system32\CNMLM97.DLL 2008-11-18 14:36 . 2008-11-18 14:36 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-12 20:22 --------- d-----w c:\programfiler\SUPERAntiSpyware 2008-12-11 12:04 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-12-06 13:59 --------- d-----w c:\programfiler\Lavasoft 2008-12-06 13:58 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-06 13:53 --------- d-----w c:\programfiler\Enigma Software Group 2008-12-06 12:39 147,192 ----a-w c:\windows\system32\guard32.dll 2008-12-06 12:39 101,776 ----a-w c:\windows\system32\drivers\cmdguard.sys 2008-12-05 01:58 --------- d-----w c:\programfiler\Java 2008-12-02 02:08 --------- d-----w c:\documents and settings\All Users\Programdata\DVD Shrink 2008-12-01 23:56 --------- d-----w c:\programfiler\PokerStars 2008-11-30 04:22 --------- d-----w c:\programfiler\SlySoft 2008-11-30 04:22 --------- d-----w c:\programfiler\Canon 2008-11-30 03:44 --------- d-----w c:\programfiler\DVD Shrink 2008-11-28 01:42 --------- d-----w c:\documents and settings\Trine Og Diana\Programdata\LimeWire 2008-11-27 23:59 --------- d-----w c:\programfiler\Opera 2008-11-27 23:51 --------- d-----w c:\programfiler\Apple Software Update 2008-11-20 23:04 --------- d-----w c:\programfiler\SoIP-player 2008-11-20 03:04 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys 2008-11-19 02:29 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-11-06 19:06 93,128 ----a-w c:\windows\system32\ElbyCDIO.dll 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2007-03-30 13:54 702,096 ----a-w c:\programfiler\APR2007_d3dx10_33_x64.cab 2007-03-30 13:54 699,466 ----a-w c:\programfiler\APR2007_d3dx10_33_x86.cab 2007-03-30 13:54 56,902 ----a-w c:\programfiler\APR2007_xinput_x86.cab 2007-03-30 13:54 45,302 ----a-w c:\programfiler\dxdllreg_x86.cab 2007-03-30 13:54 199,384 ----a-w c:\programfiler\APR2007_XACT_x64.cab 2007-03-30 13:54 155,350 ----a-w c:\programfiler\APR2007_XACT_x86.cab 2007-03-30 13:54 100,434 ----a-w c:\programfiler\APR2007_xinput_x64.cab 2007-03-30 13:54 1,610,998 ----a-w c:\programfiler\APR2007_d3dx9_33_x64.cab 2007-03-30 13:54 1,610,311 ----a-w c:\programfiler\APR2007_d3dx9_33_x86.cab 2007-03-30 13:38 85,883 ----a-w c:\programfiler\dxupdate.cab 2007-03-30 13:38 77,160 ----a-w c:\programfiler\DSETUP.dll 2007-03-30 13:38 503,144 ----a-w c:\programfiler\DXSETUP.exe 2007-03-30 13:38 1,673,576 ----a-w c:\programfiler\dsetup32.dll 2008-07-25 18:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008072520080726\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-12-08_22.18.31,75 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE + 2008-08-26 08:30:43 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll + 2008-08-26 08:30:43 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll + 2008-08-26 08:30:43 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll + 2008-08-26 08:30:43 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll + 2008-08-26 08:30:43 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll + 2008-08-25 08:41:09 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe + 2008-08-26 08:30:43 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll + 2008-08-26 08:30:43 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll + 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll + 2008-08-26 08:30:43 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll + 2008-08-26 08:30:43 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll + 2008-10-03 17:31:14 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll + 2008-08-26 08:30:44 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll + 2008-08-26 08:30:44 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll + 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe + 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe + 2008-08-26 08:30:44 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll + 2008-08-26 08:30:44 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll + 2008-08-26 08:30:44 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll + 2008-08-27 09:30:46 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll + 2008-08-26 08:30:45 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll + 2008-08-26 08:30:45 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll + 2008-08-26 08:30:45 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll + 2008-08-26 08:30:45 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll + 2008-08-26 08:30:45 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll + 2007-03-06 02:01:51 214,752 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe + 2007-03-06 02:03:01 374,496 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll + 2008-08-26 08:30:45 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll + 2008-08-26 08:30:45 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll + 2008-08-26 08:30:45 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll + 2008-08-26 08:30:45 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll - 2008-11-12 12:04:37 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2008-12-11 12:03:59 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe - 2008-11-12 12:04:37 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2008-12-11 12:04:00 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2008-11-12 12:04:37 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2008-12-11 12:04:00 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe - 2008-11-12 12:04:37 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe + 2008-12-11 12:04:00 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe - 2008-11-12 12:04:37 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe + 2008-12-11 12:04:00 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe - 2008-11-12 12:04:37 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2008-12-11 12:04:00 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2008-11-12 12:04:37 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2008-12-11 12:04:00 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2008-11-12 12:04:37 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe + 2008-12-11 12:04:00 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2008-11-12 12:04:37 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2008-12-11 12:04:00 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe - 2008-11-12 12:04:37 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe + 2008-12-11 12:04:00 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2008-11-12 12:04:37 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2008-12-11 12:04:00 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe - 2008-08-26 08:30:43 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-10-16 20:33:22 124,928 ----a-w c:\windows\system32\advpack.dll - 2008-08-26 08:30:43 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll + 2008-10-16 20:33:22 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll - 2008-08-26 08:30:43 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll + 2008-10-16 20:33:22 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll - 2008-08-26 08:30:43 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-10-16 20:33:22 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll - 2008-08-26 08:30:43 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll + 2008-10-16 20:33:22 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll + 2008-10-23 12:43:42 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll - 2008-08-26 08:30:43 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-10-16 20:33:22 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2008-08-25 08:41:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe + 2008-10-16 13:15:01 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe - 2008-08-26 08:30:43 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll + 2008-10-16 20:33:22 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll - 2008-08-26 08:30:43 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll + 2008-10-16 20:33:23 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll - 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll + 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll - 2008-08-26 08:30:43 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-10-16 20:33:23 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2008-08-26 08:30:43 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll + 2008-10-16 20:33:23 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll - 2008-10-03 17:31:14 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-10-16 20:33:26 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll - 2008-08-26 08:30:44 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll + 2008-10-16 20:33:26 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll - 2008-08-26 08:30:44 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-10-16 20:33:26 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe + 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe - 2008-08-26 08:30:44 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll + 2008-10-16 20:33:27 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll - 2006-10-18 18:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe + 2008-06-18 00:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe - 2008-08-26 08:30:44 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-10-16 20:33:27 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2008-08-26 08:30:44 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-10-16 20:33:27 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-08-27 09:30:46 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll + 2008-10-17 01:03:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll - 2008-08-26 08:30:45 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll + 2008-10-16 20:33:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll - 2008-08-26 08:30:45 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll + 2008-10-16 20:33:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll - 2008-08-26 08:30:45 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll + 2008-10-16 20:33:31 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll - 2008-08-26 08:30:45 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll + 2008-10-16 20:33:31 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll - 2008-08-26 08:30:45 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-10-16 20:33:31 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll - 2008-04-14 16:22:28 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll + 2008-10-03 10:04:49 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll - 2008-08-26 08:30:45 105,984 -c--a-w c:\windows\system32\dllcache\url.dll + 2008-10-16 20:33:31 105,984 -c--a-w c:\windows\system32\dllcache\url.dll - 2008-08-26 08:30:45 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll + 2008-10-16 20:33:32 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll - 2008-08-26 08:30:45 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll + 2008-10-16 20:33:32 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll - 2008-08-26 08:30:45 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll + 2008-10-16 20:33:33 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll - 2006-10-18 19:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll + 2008-06-18 04:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll - 2006-10-18 19:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll + 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll - 2008-08-26 08:30:43 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-10-16 20:33:22 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2008-08-26 08:30:43 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-10-16 20:33:22 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2008-08-26 08:30:43 133,120 ----a-w c:\windows\system32\extmgr.dll + 2008-10-16 20:33:22 133,120 ----a-w c:\windows\system32\extmgr.dll - 2008-08-26 08:30:43 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-10-16 20:33:22 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-08-25 08:41:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe + 2008-10-16 13:15:01 70,656 ----a-w c:\windows\system32\ie4uinit.exe - 2008-08-26 08:30:43 153,088 ----a-w c:\windows\system32\ieakeng.dll + 2008-10-16 20:33:22 153,088 ----a-w c:\windows\system32\ieakeng.dll - 2008-08-26 08:30:43 230,400 ----a-w c:\windows\system32\ieaksie.dll + 2008-10-16 20:33:23 230,400 ----a-w c:\windows\system32\ieaksie.dll - 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll + 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll - 2008-08-26 08:30:43 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-10-16 20:33:23 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-08-26 08:30:43 384,512 ----a-w c:\windows\system32\iedkcs32.dll + 2008-10-16 20:33:23 384,512 ----a-w c:\windows\system32\iedkcs32.dll - 2008-10-03 17:31:14 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-10-16 20:33:26 6,066,176 ----a-w c:\windows\system32\ieframe.dll - 2008-08-26 08:30:44 44,544 ----a-w c:\windows\system32\iernonce.dll + 2008-10-16 20:33:26 44,544 ----a-w c:\windows\system32\iernonce.dll - 2008-08-26 08:30:44 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-10-16 20:33:26 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2008-08-26 08:30:44 27,648 ----a-w c:\windows\system32\jsproxy.dll + 2008-10-16 20:33:27 27,648 ----a-w c:\windows\system32\jsproxy.dll - 2006-10-18 18:03:58 100,864 ----a-w c:\windows\system32\logagent.exe + 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe - 2008-11-03 15:10:26 17,318,336 ----a-w c:\windows\system32\MRT.exe + 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe - 2008-08-26 08:30:44 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-10-16 20:33:27 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-08-26 08:30:44 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-10-16 20:33:27 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-08-27 09:30:46 3,593,216 ----a-w c:\windows\system32\mshtml.dll + 2008-10-17 01:03:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll - 2008-08-26 08:30:45 477,696 ----a-w c:\windows\system32\mshtmled.dll + 2008-10-16 20:33:30 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2008-08-26 08:30:45 193,024 ----a-w c:\windows\system32\msrating.dll + 2008-10-16 20:33:30 193,024 ----a-w c:\windows\system32\msrating.dll - 2008-08-26 08:30:45 671,232 ----a-w c:\windows\system32\mstime.dll + 2008-10-16 20:33:31 671,232 ----a-w c:\windows\system32\mstime.dll - 2008-08-26 08:30:45 102,912 ----a-w c:\windows\system32\occache.dll + 2008-10-16 20:33:31 102,912 ----a-w c:\windows\system32\occache.dll - 2008-08-26 08:30:45 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-10-16 20:33:31 44,544 ----a-w c:\windows\system32\pngfilt.dll - 2008-07-08 13:08:08 17,784 ------w c:\windows\system32\spmsg.dll + 2007-11-30 12:39:50 17,784 ------w c:\windows\system32\spmsg.dll - 2008-07-11 12:42:28 62,976 ------w c:\windows\system32\tzchange.exe + 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe - 2008-08-26 08:30:45 105,984 ----a-w c:\windows\system32\url.dll + 2008-10-16 20:33:31 105,984 ----a-w c:\windows\system32\url.dll - 2008-08-26 08:30:45 1,159,680 ----a-w c:\windows\system32\urlmon.dll + 2008-10-16 20:33:32 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-08-26 08:30:45 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-10-16 20:33:32 233,472 ----a-w c:\windows\system32\webcheck.dll - 2006-10-18 19:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll + 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll - 2006-10-18 19:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll + 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll + 2008-12-15 19:47:17 16,384 ----atw c:\windows\temp\Perflib_Perfdata_3cc.dat - 2008-12-06 12:58:19 1,500 ----a-w c:\windows\UI\BIOSCTL.DAT + 2008-12-15 19:49:24 1,500 ----a-w c:\windows\UI\BIOSCTL.DAT . -- Snapshot resatt til dagens dato -- . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-12 1809648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-08-14 352256] "Gainward"="c:\windows\TBPanel.exe" [2007-01-12 2162688] "Norman ZANDA"="c:\norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616] "OpwareSE2"="c:\programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776] "COMODO Firewall Pro"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-12-06 1797880] "COMODO Internet Security"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-12-06 1797880] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-05 136600] "nwiz"="nwiz.exe" [2007-11-06 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Exetender"="c:\programfiler\SoIP-player\GPlayer.exe" [2008-05-15 1958400] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-10-02 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-12 21:22 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-11-15 09:46 204288 c:\programfiler\Windows Media Player\wmpnscfg.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Media Player\\wmplayer.exe"= "c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\winver.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7887:TCP"= 7887:TCP:BitComet 7887 TCP "7887:UDP"= 7887:UDP:BitComet 7887 UDP R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-08-13 101776] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-08-13 31504] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024] R2 Ndiskio;Ndiskio;\??\c:\norman\Nse\bin\NDISKIO.SYS [2007-04-26 20448] R2 NVOY;Norman's Very Own supplY of resources;"c:\norman\npm\bin\nvoy.exe" [2008-03-05 121912] R2 X4HSX32Ex;X4HSX32Ex;\??\c:\programfiler\SoIP-player\X4HSX32Ex.Sys [2008-09-20 29856] R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792] R3 nsesvc;Norman Scanner Engine Service;"c:\norman\nse\bin\NSESVC.EXE" -daemon [2008-06-27 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2007-05-03 19512] R3 nvcoas;Norman Virus Control on-access component;"c:\norman\Nvc\bin\nvcoas.exe" [2008-01-15 191544] R3 NVCScheduler;Norman Virus Control Scheduler;"c:\norman\Npm\bin\NVCSCHED.EXE" [2008-03-05 154680] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] S3 nvcfsr;nvcfsr;\??\c:\norman\Nvc\bin\nvcfsr.sys [2007-04-26 6712] S3 nvcoafl51;nvcoafl51;\??\c:\norman\Nvc\bin\nvcoafl51.sys [2007-04-26 30264] S3 nvcoaft51;nvcoaft51;\??\c:\norman\Nvc\bin\nvcoaft51.sys [2007-04-26 129848] S3 nvcoarc51;nvcoarc51;\??\c:\norman\Nvc\bin\nvcoarc51.sys [2007-04-26 23224] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808] S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2007-12-22 83208] S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2007-12-30 15112] S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2007-12-30 108552] S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2008-02-04 100360] S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2008-02-04 23176] S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2007-12-30 98568] S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2008-02-04 98952] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [] S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\DRIVERS\z530bus.sys [2008-10-08 58288] S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\DRIVERS\z530mdfl.sys [2008-10-08 8336] S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\DRIVERS\z530mdm.sys [2008-10-08 94064] S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\z530mgmt.sys [2008-10-08 85408] S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\z530obex.sys [2008-10-08 83344] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.db.no/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game01.zylom.com/activex/zylomgamesplayer.cab c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf FF - ProfilePath - c:\documents and settings\Trine Og Diana\Programdata\Mozilla\Firefox\Profiles\aztt2aer.default\ FF - prefs.js: browser.startup.homepage - www.vg.no FF - plugin: c:\programfiler\Opera\program\plugins\npdivx32.dll FF - plugin: c:\programfiler\Opera\program\plugins\NPOFF12.DLL . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-15 20:48:03 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(792) c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\norman\npm\bin\elogsvc.exe c:\norman\npm\bin\Zanda.exe c:\programfiler\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\scardsvr.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\COMODO\Firewall\cmdagent.exe c:\programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\programfiler\Windows Media Player\wmpnetwk.exe c:\norman\npm\bin\Njeeves.exe c:\norman\NVC\bin\Nip.exe c:\norman\NVC\bin\CClaw.exe c:\windows\system32\imapi.exe . ************************************************************************** . Tidspunkt ferdig: 2008-12-15 20:53:10 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2008-12-15 19:52:59 ComboFix2.txt 2008-12-09 09:44:57 ComboFix3.txt 2008-12-08 21:27:11 ComboFix4.txt 2008-12-08 21:19:00 Pre-Run: 294 167 138 304 byte ledig Post-Run: 294,274,285,568 byte ledig 454 --- E O F --- 2008-12-11 18:12:15 Lenke til kommentar
Miisu Skrevet 15. desember 2008 Forfatter Del Skrevet 15. desember 2008 (endret) må få med at etter denne siste CF kjøringen med den filen så ble maskinen helt sirup. kjørte CF igjen (uten noe fil) og den ble noe bedre. for den som skjønner slikt... her er siste logg: ComboFix 08-12-15.01 - Trine Og Diana 2008-12-15 21:33:22.8 - NTFSx86 Kjører fra: c:\documents and settings\Trine Og Diana\Skrivebord\ComboFix.exe * Resident AV is active ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-15 til 2008-12-15 ))))))))))))))))))))))))))))))))) . 2008-12-08 21:48 . 2008-12-08 21:48 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-08 21:48 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-08 21:48 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-06 15:53 . 2008-12-06 15:53 <DIR> d-------- c:\programfiler\Trend Micro 2008-12-06 14:59 . 2008-12-06 14:59 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft 2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\programfiler\iTunes 2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\programfiler\iPod 2008-12-05 22:53 . 2008-12-05 22:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-05 22:51 . 2008-12-05 22:51 <DIR> d-------- c:\programfiler\QuickTime 2008-12-05 22:07 . 2007-12-18 17:07 405,504 --a------ c:\windows\system32\cmdiag.cpl 2008-12-05 22:07 . 2006-11-20 14:43 241,664 --a------ c:\windows\system32\cmabout.dll 2008-12-05 22:07 . 2007-12-18 07:50 10,357 --a------ c:\windows\system32\cmdiag.ini 2008-12-05 22:07 . 2007-12-13 18:33 142 --a------ c:\windows\system32\cmabout.ini 2008-12-05 02:58 . 2008-12-05 02:58 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-01 23:47 . 2008-12-01 23:47 716,272 --a------ c:\windows\system32\drivers\sptd.sys 2008-11-30 17:26 . 2008-11-30 17:26 <DIR> d-------- C:\CloneDVDTemp 2008-11-30 15:05 . 2008-11-30 15:05 <DIR> d-------- c:\documents and settings\Trine Og Diana\Programdata\dvdcss 2008-11-30 05:17 . 2008-12-03 17:32 <DIR> d-------- c:\programfiler\DVDFab 5 2008-11-30 05:17 . 2008-11-30 05:18 <DIR> d-------- c:\documents and settings\Trine Og Diana\Programdata\Vso 2008-11-30 05:17 . 2008-11-30 05:17 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-11-30 05:17 . 2008-11-30 05:17 47,360 --a------ c:\documents and settings\Trine Og Diana\Programdata\pcouffin.sys 2008-11-30 04:51 . 2008-11-30 04:51 <DIR> d-------- c:\documents and settings\All Users\Programdata\Elaborate Bytes 2008-11-30 04:50 . 2008-11-30 04:50 <DIR> d-------- c:\programfiler\Elaborate Bytes 2008-11-28 00:51 . 2008-12-06 14:55 <DIR> d-------- c:\programfiler\Fellesfiler\Apple 2008-11-28 00:49 . 2008-11-28 00:49 <DIR> d-------- c:\programfiler\Bonjour 2008-11-28 00:33 . 2008-11-28 00:33 <DIR> d-------- c:\programfiler\Secunia 2008-11-27 14:53 . 2008-11-27 14:53 8,704 --ahs---- c:\windows\Thumbs.db 2008-11-26 18:46 . 2008-11-26 18:46 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information 2008-11-26 18:45 . 2008-11-26 18:45 <DIR> d--h----- c:\programfiler\CanonBJ 2008-11-26 18:42 . 2008-11-26 18:42 <DIR> d--h----- c:\documents and settings\All Users\Programdata\CanonBJ 2008-11-26 18:41 . 2007-10-22 06:00 223,744 --a------ c:\windows\system32\CNMLM97.DLL 2008-11-18 14:36 . 2008-11-18 14:36 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-12 20:22 --------- d-----w c:\programfiler\SUPERAntiSpyware 2008-12-11 12:04 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-12-06 13:59 --------- d-----w c:\programfiler\Lavasoft 2008-12-06 13:58 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-06 13:53 --------- d-----w c:\programfiler\Enigma Software Group 2008-12-06 12:39 147,192 ----a-w c:\windows\system32\guard32.dll 2008-12-06 12:39 101,776 ----a-w c:\windows\system32\drivers\cmdguard.sys 2008-12-05 01:58 --------- d-----w c:\programfiler\Java 2008-12-02 02:08 --------- d-----w c:\documents and settings\All Users\Programdata\DVD Shrink 2008-12-01 23:56 --------- d-----w c:\programfiler\PokerStars 2008-11-30 04:22 --------- d-----w c:\programfiler\SlySoft 2008-11-30 04:22 --------- d-----w c:\programfiler\Canon 2008-11-30 03:44 --------- d-----w c:\programfiler\DVD Shrink 2008-11-28 01:42 --------- d-----w c:\documents and settings\Trine Og Diana\Programdata\LimeWire 2008-11-27 23:59 --------- d-----w c:\programfiler\Opera 2008-11-27 23:51 --------- d-----w c:\programfiler\Apple Software Update 2008-11-20 23:04 --------- d-----w c:\programfiler\SoIP-player 2008-11-20 03:04 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys 2008-11-19 02:29 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-11-06 19:06 93,128 ----a-w c:\windows\system32\ElbyCDIO.dll 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2007-03-30 13:54 702,096 ----a-w c:\programfiler\APR2007_d3dx10_33_x64.cab 2007-03-30 13:54 699,466 ----a-w c:\programfiler\APR2007_d3dx10_33_x86.cab 2007-03-30 13:54 56,902 ----a-w c:\programfiler\APR2007_xinput_x86.cab 2007-03-30 13:54 45,302 ----a-w c:\programfiler\dxdllreg_x86.cab 2007-03-30 13:54 199,384 ----a-w c:\programfiler\APR2007_XACT_x64.cab 2007-03-30 13:54 155,350 ----a-w c:\programfiler\APR2007_XACT_x86.cab 2007-03-30 13:54 100,434 ----a-w c:\programfiler\APR2007_xinput_x64.cab 2007-03-30 13:54 1,610,998 ----a-w c:\programfiler\APR2007_d3dx9_33_x64.cab 2007-03-30 13:54 1,610,311 ----a-w c:\programfiler\APR2007_d3dx9_33_x86.cab 2007-03-30 13:38 85,883 ----a-w c:\programfiler\dxupdate.cab 2007-03-30 13:38 77,160 ----a-w c:\programfiler\DSETUP.dll 2007-03-30 13:38 503,144 ----a-w c:\programfiler\DXSETUP.exe 2007-03-30 13:38 1,673,576 ----a-w c:\programfiler\dsetup32.dll 2008-07-25 18:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008072520080726\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-12 1809648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-08-14 352256] "Gainward"="c:\windows\TBPanel.exe" [2007-01-12 2162688] "Norman ZANDA"="c:\norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616] "OpwareSE2"="c:\programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776] "COMODO Firewall Pro"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-12-06 1797880] "COMODO Internet Security"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-12-06 1797880] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-05 136600] "nwiz"="nwiz.exe" [2007-11-06 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Exetender"="c:\programfiler\SoIP-player\GPlayer.exe" [2008-05-15 1958400] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-10-02 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-12 21:22 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-11-15 09:46 204288 c:\programfiler\Windows Media Player\wmpnscfg.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Media Player\\wmplayer.exe"= "c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\winver.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7887:TCP"= 7887:TCP:BitComet 7887 TCP "7887:UDP"= 7887:UDP:BitComet 7887 UDP R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-08-13 101776] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-08-13 31504] R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024] R2 Ndiskio;Ndiskio;\??\c:\norman\Nse\bin\NDISKIO.SYS [2007-04-26 20448] R2 NVOY;Norman's Very Own supplY of resources;"c:\norman\npm\bin\nvoy.exe" [2008-03-05 121912] R2 X4HSX32Ex;X4HSX32Ex;\??\c:\programfiler\SoIP-player\X4HSX32Ex.Sys [2008-09-20 29856] R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792] R3 nsesvc;Norman Scanner Engine Service;"c:\norman\nse\bin\NSESVC.EXE" -daemon [2008-06-27 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2007-05-03 19512] R3 nvcoas;Norman Virus Control on-access component;"c:\norman\Nvc\bin\nvcoas.exe" [2008-01-15 191544] R3 NVCScheduler;Norman Virus Control Scheduler;"c:\norman\Npm\bin\NVCSCHED.EXE" [2008-03-05 154680] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] S3 nvcfsr;nvcfsr;\??\c:\norman\Nvc\bin\nvcfsr.sys [2007-04-26 6712] S3 nvcoafl51;nvcoafl51;\??\c:\norman\Nvc\bin\nvcoafl51.sys [2007-04-26 30264] S3 nvcoaft51;nvcoaft51;\??\c:\norman\Nvc\bin\nvcoaft51.sys [2007-04-26 129848] S3 nvcoarc51;nvcoarc51;\??\c:\norman\Nvc\bin\nvcoarc51.sys [2007-04-26 23224] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808] S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2007-12-22 83208] S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2007-12-30 15112] S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2007-12-30 108552] S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2008-02-04 100360] S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2008-02-04 23176] S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2007-12-30 98568] S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2008-02-04 98952] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [] S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\DRIVERS\z530bus.sys [2008-10-08 58288] S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\DRIVERS\z530mdfl.sys [2008-10-08 8336] S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\DRIVERS\z530mdm.sys [2008-10-08 94064] S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\z530mgmt.sys [2008-10-08 85408] S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\z530obex.sys [2008-10-08 83344] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.db.no/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game01.zylom.com/activex/zylomgamesplayer.cab c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf FF - ProfilePath - c:\documents and settings\Trine Og Diana\Programdata\Mozilla\Firefox\Profiles\aztt2aer.default\ FF - prefs.js: browser.startup.homepage - www.vg.no FF - plugin: c:\programfiler\Opera\program\plugins\npdivx32.dll FF - plugin: c:\programfiler\Opera\program\plugins\NPOFF12.DLL . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-15 21:38:15 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(792) c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL . Tidspunkt ferdig: 2008-12-15 21:39:19 ComboFix-quarantined-files.txt 2008-12-15 20:39:16 ComboFix2.txt 2008-12-15 19:53:12 ComboFix3.txt 2008-12-09 09:44:57 ComboFix4.txt 2008-12-08 21:27:11 ComboFix5.txt 2008-12-15 20:32:24 Pre-Run: 294 298 951 680 byte ledig Post-Run: 294,277,062,656 byte ledig 222 --- E O F --- 2008-12-11 18:12:15 Endret 15. desember 2008 av Miisu Lenke til kommentar
norbat Skrevet 15. desember 2008 Del Skrevet 15. desember 2008 Så hvordan er situasjonen nå - kjører pc'n ok? Lenke til kommentar
Miisu Skrevet 15. desember 2008 Forfatter Del Skrevet 15. desember 2008 Så hvordan er situasjonen nå - kjører pc'n ok? nei nå er den helt på tur. har logget seg av internett (av seg selv) ingen program svarer eller lukker osv. Nå må jeg skrive dette fra laptop... så ille har den aldri vært faktisk. Lenke til kommentar
norbat Skrevet 15. desember 2008 Del Skrevet 15. desember 2008 (endret) Kjør en systemfilsjekk: Start->Kjør skriv: sfc /scannow Edit: Du kjører ikke med to brannmurer (comodo og Norman) ? Endret 15. desember 2008 av norbat Lenke til kommentar
Miisu Skrevet 15. desember 2008 Forfatter Del Skrevet 15. desember 2008 (endret) der har vi det ja. det er jo nettopp det jeg gjør. trodde ikke Norman var brannmur men kun antivirus jeg da. så da må norman av? -det står kun at jeg har "Virus- og Spionvareberskyttelse". Trodde med det at det var ok å kjøre de samtidig. Har kjørt den saken din nå og ting sernoe smoodere ut. Enn så lenge. hehe :-) Endret 15. desember 2008 av Miisu Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå