Gå til innhold

Trenger hjelp. for popups, og virus updates funker ikke.

Tanner

Av Tanner
i IKT-drift og sikkerhet

Anbefalte innlegg

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Se på dette:

Gå til Kontrollpanel->System->Maskinvare->Enhetsbehandling

Velg Vis->Vis skjulte enheter

Klikk på plusstegnet framfor "Drivere som ikke er Plug and Play-kompatible"

Bla deg ned til TDSSserv.sys (om du finner denne), høyreklikk på fila og velg Deaktiver.

 

Restart pc'n.

 

Du skal nå kunne komme deg på nett for å hente MBAM (se under), oppdatere og kjørt en skann som vil slette oppføringene til denne malwaren.

 

 

MBAM:

Last ned Malwarebytes Anti-Malware til skrivebordet.

Endre navnet på installeringsfila (mbam-setup.exe) til mb.exe

Kjør og installer programmet. Velg Norsk-språk

 

Kjør programmet uten oppdatering: Velg 'hurtig systemskann', klikk Skann.

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

 

Klikk på Vis resultat-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet.

 

Det vil deretter åpnes en logg i notisblokk. Den kan du kopiere og poste.

Lenke til kommentar
Tanner

Tanner

Skrevet
  • Forfatter
Skrevet

Logg

 

Malwarebytes' Anti-Malware 1.31

Databaseversjon: 1525

Windows 5.1.2600 Service Pack 3

 

20.12.2008 12:54:46

mbam-log-2008-12-20 (12-54-46).txt

 

Skanntype: Rask Skann

Objekter skannet: 51035

Tid tilbakelagt: 4 minute(s), 49 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 0

Registerfiler infisert: 17

Mapper infisert: 1

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdael.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{328ad527-902c-44f7-a043-5868ec39fdcd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6c83b3e0-6e5a-4b73-bbd0-552e4df22123}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{750ed100-2794-4ab1-8125-3207216de2cb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{750ed100-2794-4ab1-8125-3207216de2cb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{328ad527-902c-44f7-a043-5868ec39fdcd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6c83b3e0-6e5a-4b73-bbd0-552e4df22123}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750ed100-2794-4ab1-8125-3207216de2cb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750ed100-2794-4ab1-8125-3207216de2cb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{328ad527-902c-44f7-a043-5868ec39fdcd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6c83b3e0-6e5a-4b73-bbd0-552e4df22123}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{750ed100-2794-4ab1-8125-3207216de2cb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{750ed100-2794-4ab1-8125-3207216de2cb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{328ad527-902c-44f7-a043-5868ec39fdcd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{328ad527-902c-44f7-a043-5868ec39fdcd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6c83b3e0-6e5a-4b73-bbd0-552e4df22123}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{750ed100-2794-4ab1-8125-3207216de2cb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.139;85.255.112.133 -> Quarantined and deleted successfully.

 

Mapper infisert:

C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\WINDOWS\system32\kdael.exe (Rootkit.DNSChanger.H) -> Delete on reboot.

Lenke til kommentar
Tanner

Tanner

Skrevet
  • Forfatter
Skrevet (endret)

Sorry for sent svar, måtte restarte. Kjører rsit nå.

 

Logg:

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Olav Magne at 2008-12-20 13:06:20

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 81 GB (71%) free of 114 GB

Total RAM: 3062 MB (86% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:09:14, on 20.12.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe

C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Documents and Settings\Olav Magne\Skrivebord\RSIT.exe

C:\Programfiler\trend micro\Olav Magne.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [sMSERIAL] C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [WLSS] C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdael.exe] C:\WINDOWS\system32\kdael.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Wow Video&Audio] C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228908634640

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228908978218

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 5819 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\PCConfidential.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Programfiler\AVG\AVG8\avgssie.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Programfiler\Java\jre6\bin\ssv.dll [2008-11-19 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Programfiler\Java\jre6\bin\jp2ssv.dll [2008-11-19 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-19 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SMSERIAL"=C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]

"WLSS"=C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe [2007-04-23 190000]

"C:\WINDOWS\system32\kdael.exe"=C:\WINDOWS\system32\kdael.exe []

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-28 17331200]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

"Wow Video&Audio"=C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe [2007-05-03 951856]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-10-21 143360]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-10-21 172032]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-10-21 143360]

"SunJavaUpdateSched"=C:\Programfiler\Java\jre6\bin\jusched.exe [2008-11-19 136600]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Programfiler\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Programfiler\Messenger\msmsgs.exe [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Programfiler\MSN Messenger\MsnMsgr.Exe /background []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-02-20 741376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^AutoCAD Startup Accelerator.lnk]

C:\PROGRA~1\FELLES~1\AUTODE~1\ACSTAR~1.EXE [2006-03-05 11000]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2008-10-21 217088]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

scecli

scecli

scecli

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Programfiler\Xfire\xfire.exe"="C:\Programfiler\Xfire\xfire.exe:*:Enabled:Xfire"

"C:\Programfiler\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Programfiler\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"

"C:\Programfiler\Ventrilo\Ventrilo.exe"="C:\Programfiler\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"

"C:\Programfiler\Opera\opera.exe"="C:\Programfiler\Opera\opera.exe:*:Enabled:Opera Internet Browser"

"C:\Programfiler\EA Games\Ultima Online Mondain's Legacy\client.exe"="C:\Programfiler\EA Games\Ultima Online Mondain's Legacy\client.exe:*:Enabled:Ultima Online Client"

"C:\Programfiler\Messenger\msmsgs.exe"="C:\Programfiler\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Programfiler\mIRC\mirc.exe"="C:\Programfiler\mIRC\mirc.exe:*:Enabled:mIRC"

"C:\Programfiler\BearShare\BearShare.exe"="C:\Programfiler\BearShare\BearShare.exe:*:Enabled:BearShare"

"C:\Programfiler\Valve\hl.exe"="C:\Programfiler\Valve\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Documents and Settings\Olav Magne\Skrivebord\nega142_b2\nega142\Soldat.exe"="C:\Documents and Settings\Olav Magne\Skrivebord\nega142_b2\nega142\Soldat.exe:*:Enabled:Soldat"

"C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe:*:Enabled:Soldat"

"C:\Documents and Settings\Olav Magne\Skrivebord\Soldat\Soldat.exe"="C:\Documents and Settings\Olav Magne\Skrivebord\Soldat\Soldat.exe:*:Enabled:Soldat"

"C:\Programfiler\BitTornado\btdownloadgui.exe"="C:\Programfiler\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"

"C:\Programfiler\Counter-Strike\hl.exe"="C:\Programfiler\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Programfiler\Savage 2 - A Tortured Soul\savage2.exe"="C:\Programfiler\Savage 2 - A Tortured Soul\savage2.exe:*:Enabled:savage2"

"C:\Programfiler\pspvc\PSPVC (Server).exe"="C:\Programfiler\pspvc\PSPVC (Server).exe:*:Enabled:PSPVC (Server)"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200978c4-c7a9-11dd-8d99-0013e8647fb7}]

shell\AutoRun\command - F:\LaunchU3.exe -a

 

 

======File associations======

 

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"

.scr - install -

.scr - config -

 

======List of files/folders created in the last 1 months======

 

2008-12-20 13:06:21 ----D---- C:\Programfiler\trend micro

2008-12-20 13:06:20 ----D---- C:\rsit

2008-12-20 12:46:27 ----D---- C:\Documents and Settings\Olav Magne\Programdata\Malwarebytes

2008-12-20 12:46:16 ----D---- C:\Programfiler\Malwarebytes' Anti-Malware

2008-12-20 12:46:16 ----D---- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-12-20 12:26:58 ----D---- C:\Programfiler\Lavasoft

2008-12-20 12:26:57 ----D---- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-12-19 19:25:52 ----A---- C:\WINDOWS\system32\aswBoot.exe

2008-12-19 19:25:49 ----D---- C:\Programfiler\Alwil Software

2008-12-19 19:14:47 ----D---- C:\Documents and Settings\All Users\Programdata\Avg8

2008-12-18 19:30:06 ----D---- C:\Programfiler\AviSynth 2.5

2008-12-17 18:58:21 ----A---- C:\WINDOWS\system32\xinput1_3.dll

2008-12-17 18:58:20 ----A---- C:\WINDOWS\system32\xactengine2_7.dll

2008-12-17 18:58:18 ----A---- C:\WINDOWS\system32\d3dx10_33.dll

2008-12-17 18:58:18 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll

2008-12-17 18:58:15 ----A---- C:\WINDOWS\system32\d3dx9_33.dll

2008-12-17 18:58:14 ----A---- C:\WINDOWS\system32\xactengine2_6.dll

2008-12-17 18:58:14 ----A---- C:\WINDOWS\system32\xactengine2_5.dll

2008-12-17 18:58:13 ----A---- C:\WINDOWS\system32\xactengine2_4.dll

2008-12-17 18:58:13 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll

2008-12-17 18:58:13 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

2008-12-17 18:58:12 ----A---- C:\WINDOWS\system32\xinput1_2.dll

2008-12-17 18:58:12 ----A---- C:\WINDOWS\system32\xactengine2_3.dll

2008-12-17 18:58:12 ----A---- C:\WINDOWS\system32\d3dx9_31.dll

2008-12-17 18:58:11 ----A---- C:\WINDOWS\system32\xinput1_1.dll

2008-12-17 18:58:11 ----A---- C:\WINDOWS\system32\xactengine2_2.dll

2008-12-17 18:58:11 ----A---- C:\WINDOWS\system32\xactengine2_1.dll

2008-12-17 18:57:58 ----A---- C:\WINDOWS\system32\xactengine2_0.dll

2008-12-17 18:57:58 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll

2008-12-17 18:57:58 ----A---- C:\WINDOWS\system32\d3dx9_30.dll

2008-12-17 18:57:57 ----A---- C:\WINDOWS\system32\d3dx9_29.dll

2008-12-17 18:57:57 ----A---- C:\WINDOWS\system32\d3dx9_28.dll

2008-12-17 18:57:56 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll

2008-12-17 18:57:55 ----A---- C:\WINDOWS\system32\d3dx9_26.dll

2008-12-17 18:57:54 ----A---- C:\WINDOWS\system32\d3dx9_25.dll

2008-12-17 18:57:53 ----A---- C:\WINDOWS\system32\d3dx9_24.dll

2008-12-17 18:57:00 ----D---- C:\Programfiler\Savage 2 - A Tortured Soul

2008-12-16 20:24:13 ----A---- C:\WINDOWS\pspvc_path.ini

2008-12-16 20:24:00 ----D---- C:\Programfiler\pspvc

2008-12-16 20:11:13 ----D---- C:\ApolloDVD

2008-12-16 19:23:09 ----D---- C:\OpenCandy

2008-12-16 19:20:57 ----D---- C:\Programfiler\Free Offers from Freeze.com

2008-12-16 19:20:10 ----A---- C:\WINDOWS\system32\WINUTIL5.DLL

2008-12-16 19:20:09 ----D---- C:\Programfiler\Winferno

2008-12-16 19:20:09 ----A---- C:\WINDOWS\system32\CapiCom.dll

2008-12-16 19:19:28 ----D---- C:\Programfiler\Seekeen

2008-12-16 16:23:52 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

2008-12-16 16:08:26 ----D---- C:\Programfiler\Sierra

2008-12-13 15:38:10 ----D---- C:\Programfiler\Counter-Strike

2008-12-12 19:13:14 ----D---- C:\Documents and Settings\Olav Magne\Programdata\.BitTornado

2008-12-12 19:12:03 ----D---- C:\Programfiler\BitTornado

2008-12-11 21:37:44 ----A---- C:\WINDOWS\system32\xfcodec.dll

2008-12-11 20:26:24 ----D---- C:\Documents and Settings\Olav Magne\Programdata\U3

2008-12-11 18:40:11 ----RHD---- C:\Documents and Settings\Olav Magne\Programdata\SecuROM

2008-12-11 18:27:30 ----D---- C:\Programfiler\John Deere American Farmer Deluxe

2008-12-11 14:16:46 ----D---- C:\Documents and Settings\Olav Magne\Programdata\FarmingSimulator2008

2008-12-11 14:16:00 ----D---- C:\WINDOWS\system32\AGEIA

2008-12-11 14:15:59 ----D---- C:\Programfiler\AGEIA Technologies

2008-12-10 13:02:53 ----D---- C:\Fraps

2008-12-10 08:55:20 ----D---- C:\Soldat

2008-12-08 21:47:35 ----A---- C:\WINDOWS\DDPlayer.ini

2008-12-06 20:22:17 ----D---- C:\Documents and Settings\Olav Magne\Programdata\Publish Providers

2008-12-06 20:21:54 ----D---- C:\Documents and Settings\Olav Magne\Programdata\Sony

2008-12-06 19:53:28 ----D---- C:\Programfiler\Vstplugins

2008-12-06 19:53:23 ----D---- C:\Documents and Settings\All Users\Programdata\Sony

2008-12-06 19:53:06 ----D---- C:\Programfiler\Sony

2008-12-06 19:52:24 ----D---- C:\Programfiler\Sony Setup

2008-12-06 19:16:29 ----AD---- C:\Documents and Settings\All Users\Programdata\TEMP

2008-12-06 14:49:38 ----D---- C:\Programfiler\NuGardt Software

2008-12-05 20:38:30 ----A---- C:\WINDOWS\system32\wmpns.dll

2008-12-05 20:37:50 ----D---- C:\WINDOWS\Prefetch

2008-12-05 20:33:17 ----A---- C:\WINDOWS0001_.tmp

2008-12-05 20:18:25 ----D---- C:\69324f6932354081b7d2

2008-12-05 19:29:20 ----D---- C:\da0d37622b460af3e20f14

2008-11-28 15:48:59 ----D---- C:\Programfiler\Microsoft Works

2008-11-28 15:48:38 ----D---- C:\Programfiler\Microsoft Visual Studio

2008-11-28 15:47:46 ----D---- C:\Programfiler\Microsoft.NET

2008-11-28 15:45:13 ----D---- C:\WINDOWS\SHELLNEW

2008-11-28 15:44:51 ----D---- C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-11-28 15:44:21 ----RHD---- C:\MSOCache

2008-11-27 12:35:04 ----D---- C:\games

2008-11-26 14:07:22 ----D---- C:\Programfiler\Microsoft Office

2008-11-26 14:06:25 ----D---- C:\Programfiler\AnswerWorks 4.0

2008-11-26 14:06:15 ----D---- C:\Programfiler\Fellesfiler\Designer

2008-11-26 14:00:14 ----D---- C:\Programfiler\AutoCAD 2007

2008-11-26 14:00:14 ----D---- C:\Documents and Settings\Olav Magne\Programdata\Autodesk

2008-11-26 14:00:14 ----D---- C:\Documents and Settings\All Users\Programdata\Autodesk

2008-11-26 13:55:51 ----D---- C:\Programfiler\Fellesfiler\Autodesk Shared

2008-11-26 13:55:46 ----D---- C:\Programfiler\Autodesk

2008-11-26 13:55:41 ----A---- C:\WINDOWS\system32\d3dx9_27.dll

2008-11-26 12:15:13 ----D---- C:\Programfiler\Valve

2008-11-25 22:21:06 ----D---- C:\Programfiler\Disc2Phone

2008-11-25 22:19:38 ----D---- C:\Documents and Settings\Olav Magne\Programdata\Teleca

2008-11-25 22:10:08 ----D---- C:\Documents and Settings\Olav Magne\Programdata\Sony Ericsson

2008-11-25 22:09:52 ----D---- C:\Programfiler\Fellesfiler\Sony Ericsson Shared

2008-11-25 22:09:51 ----D---- C:\Programfiler\Fellesfiler\Teleca Shared

2008-11-25 22:09:48 ----D---- C:\Programfiler\Sony Ericsson

2008-11-25 22:08:14 ----D---- C:\Documents and Settings\All Users\Programdata\Teleca

2008-11-25 22:08:14 ----D---- C:\Documents and Settings\All Users\Programdata\Sony Ericsson

2008-11-24 22:09:15 ----A---- C:\WINDOWS\system32\NETw5r32.dll

2008-11-24 22:09:15 ----A---- C:\WINDOWS\system32\NETw5c32.dll

2008-11-23 15:11:54 ----D---- C:\Documents and Settings\Olav Magne\Programdata\dvdcss

2008-11-23 14:42:11 ----D---- C:\My Downloads

2008-11-23 14:42:03 ----D---- C:\Programfiler\BearShare

2008-11-23 13:35:34 ----D---- C:\Programfiler\mIRC

2008-11-23 13:35:34 ----D---- C:\Documents and Settings\Olav Magne\Programdata\mIRC

2008-11-21 15:27:55 ----D---- C:\Programfiler\CCleaner

 

======List of files/folders modified in the last 1 months======

 

2008-12-20 13:06:21 ----RD---- C:\Programfiler

2008-12-20 12:57:03 ----D---- C:\WINDOWS\Temp

2008-12-20 12:56:03 ----D---- C:\WINDOWS\system32\drivers

2008-12-20 12:56:03 ----D---- C:\WINDOWS\system32

2008-12-20 12:55:36 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-20 12:55:35 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-20 12:32:06 ----D---- C:\WINDOWS

2008-12-20 12:27:36 ----SHD---- C:\WINDOWS\Installer

2008-12-20 12:26:35 ----D---- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-12-19 22:43:33 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

2008-12-19 20:10:19 ----D---- C:\WINDOWS\system32\config

2008-12-18 22:10:18 ----D---- C:\Documents and Settings\Olav Magne\Programdata\Xfire

2008-12-18 17:01:45 ----HD---- C:\WINDOWS\inf

2008-12-17 18:58:22 ----D---- C:\WINDOWS\system32\DirectX

2008-12-17 18:58:10 ----RSD---- C:\WINDOWS\assembly

2008-12-17 18:57:17 ----D---- C:\WINDOWS\WinSxS

2008-12-17 15:32:51 ----D---- C:\Programfiler\Xfire

2008-12-17 09:49:38 ----HD---- C:\Programfiler\InstallShield Installation Information

2008-12-16 19:21:55 ----SD---- C:\WINDOWS\Tasks

2008-12-10 17:59:20 ----D---- C:\Documents and Settings\Olav Magne\Programdata\vlc

2008-12-10 12:36:28 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-10 12:31:03 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-08 21:48:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-12-07 13:47:17 ----D---- C:\WINDOWS\Debug

2008-12-05 20:36:45 ----D---- C:\WINDOWS\security

2008-12-05 20:34:59 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-05 20:33:51 ----D---- C:\WINDOWS\system32\oobe

2008-12-05 20:33:04 ----D---- C:\WINDOWS\EHome

2008-12-04 14:36:02 ----SD---- C:\Documents and Settings\Olav Magne\Programdata\Microsoft

2008-12-03 16:05:14 ----D---- C:\WINDOWS\Minidump

2008-11-30 19:53:09 ----DC---- C:\WINDOWS\system32\DRVSTORE

2008-11-30 16:26:48 ----RASH---- C:\boot.ini

2008-11-30 16:26:48 ----A---- C:\WINDOWS\win.ini

2008-11-30 16:26:48 ----A---- C:\WINDOWS\system.ini

2008-11-30 16:26:47 ----D---- C:\WINDOWS\pss

2008-11-29 21:29:04 ----D---- C:\Documents and Settings\Olav Magne\Programdata\Ventrilo

2008-11-28 16:18:25 ----D---- C:\WINDOWS\system32\wbem

2008-11-28 15:48:59 ----D---- C:\Programfiler\Fellesfiler\Microsoft Shared

2008-11-28 15:48:03 ----RSD---- C:\WINDOWS\Fonts

2008-11-28 15:47:47 ----SD---- C:\Documents and Settings\All Users\Programdata\Microsoft

2008-11-28 15:45:26 ----D---- C:\Programfiler\Fellesfiler\System

2008-11-27 09:05:30 ----D---- C:\WINDOWS\SoftwareDistribution

2008-11-26 15:35:35 ----D---- C:\WINDOWS\Microsoft.NET

2008-11-26 14:06:15 ----D---- C:\Programfiler\Fellesfiler

2008-11-26 14:04:32 ----D---- C:\WINDOWS\Help

2008-11-26 13:53:17 ----D---- C:\Programfiler\Internet Explorer

2008-11-25 22:17:00 ----D---- C:\WINDOWS\Registration

2008-11-25 15:25:44 ----D---- C:\Programfiler\Razor

2008-11-22 18:28:21 ----D---- C:\Programfiler\Fellesfiler\InstallShield

2008-11-21 13:18:36 ----D---- C:\Program Files

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]

R1 intelppm;Intel-prosessordriver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]

R1 WmiAcpi;Microsoft Windows Management-grensesnitt for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-17 21393]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]

R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]

R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]

R2 s24trans;WLAN transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-03-29 12416]

R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]

R3 CmBatt;Driver for Microsoft vekselstrømsadapter; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 HDAudBus;Microsoft UAA-bussdriver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Microsoft HID-klassedriver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-10-21 6048480]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]

R3 Ktp;Elantech Touchpad; C:\WINDOWS\system32\DRIVERS\Ktp.sys [2006-11-18 27776]

R3 mouhid;HID-driver for mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-04-25 12160]

R3 NETw4x32;Intel® Wireless WiFi Link kortdriver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-30 2206976]

R3 NIC1394;1394-nettverksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232]

R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2007-01-17 983936]

R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 aktivert hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Miniportdriver for Microsoft USB universell vertskontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 adi3urwc;adi3urwc; C:\WINDOWS\system32\drivers\adi3urwc.sys []

S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys []

S3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-08-28 3632384]

S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]

S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]

S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]

S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]

S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]

S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]

S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]

S3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Programfiler\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]

R2 JavaQuickStarterService;Java Quick Starter; C:\Programfiler\Java\jre6\bin\jqs.exe [2008-11-19 152984]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-18 66872]

R2 aawservice;Lavasoft Ad-Aware Service; C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe [2008-11-26 77944]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 odserv;Microsoft Office Diagnostics Service; C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

 

-----------------EOF-----------------

Endret av Tanner
Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix cheched:

 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll (file missing)

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdael.exe] C:\WINDOWS\system32\kdael.exe

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

 

Kjør hjt igjen og velg "Do a system scan and save a logfile". Loggfila poster du.

 

Fortell hvordan det går med oppdateringsproblemet.

Lenke til kommentar
Tanner

Tanner

Skrevet
  • Forfatter
Skrevet

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:33:10, on 20.12.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe

C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Programfiler\Opera\opera.exe

C:\Programfiler\Xfire\xfire.exe

C:\Programfiler\trend micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [sMSERIAL] C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [WLSS] C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Wow Video&Audio] C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228908634640

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228908978218

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 5447 bytes

 

 

Ad-Aware update funker nå.

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Da ser loggene dine fine ut :thumbup:

 

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc, fjern merket igjen for å aktivere funksjonen.

 

Etterpå lager du deg et gjenopprettingspunkt manuelt

Tilbehør->systemverktøy->systemgjenoppretting . Velg å opprette

et nytt. Navgi det og klikk opprett.

 

Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows.

 

Surt trygt.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...