Fått virus, pcen kjører treigt hele tiden, HJT Logg

[Insomniatic]

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:23, on 11.01.09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe

C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe

C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Mappe\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/index.php?autocom=my_forum

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programfiler\Winamp Toolbar\winamptb.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programfiler\Winamp Toolbar\winamptb.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programfiler\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background (User 'Default user')

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: @C:\Programfiler\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Programfiler\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: dopewars server (dopewars-server) - Unknown owner - C:\Programfiler\dopewars-1.5.12\dopewars.exe

O23 - Service: GtFlashSwitch - OptionNV - C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\Shared\hpqwmi.exe

O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programfiler\Viewpoint\Common\ViewpointService.exe

O24 - Desktop Component 0: (no name) - https://www.diskusjon.no/index.php?autocom=my_forum

 

--

End of file - 7170 bytes

Har kjørt Spybot S&D, men har fortsatt samme problem, i tillegg er det 2 prosesser som stadig går som heter iexplorer.exe men jeg bruker ikke internettexplorer i det hele tatt, og når jeg avslutter prosessen, så kommer de tilbake uansett

 

Noen som kan sjekke HJT loggen min å se om det er noe som ikke er som det skal?

På forhånd, takk

[snippsat]

Kjørt dette også så ser vi hvordan det ser ut.

 

Last ned MBAM til skrivebordet.

Velg Norsk språkdrakt-->kjør hurtig systemskann.

Når MBAM er ferdig åpner den en logg,den poster du.

---

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programmet kjører.

post logg C:\combofix.txt

[TRD4U]

Det er mulig dette ikke er det svaret du er ute etter, men her er ihvertfall mitt råd i denne situasjonen: Reinstaller Windows! Selvom dette høres tungvint ut og kanskje er det, dersom du har mye dokumenter og programmer, er det nok den beste løsningen. Jeg har dårlig erfaring med virus og antivirusprogramvare. Selv om programvaren påstår å ha slettet alle virus, virker PC'en fortsatt treg. Og eneste måten å bli helt sikker på at PC'en er ren, er å reinstallere.

 

Jeg ser ingenting som er skrikende galt i HJT loggen din, men det virker som det er mye rart der, som kan gjøre PC'en treg. B.la Yahoo, Google og Winamp toolbars. Igjen er nok en ny og frisk innstallasjon av Windows den beste måten å få ytelsen tilbake på topp. Og vi vet jo at det er sunt for en PC og bli reinnstallert i blant, da man blir kvitt mange .tmp-filer og annet rusk og rask. Lykke til!

[Insomniatic]

Det er mulig dette ikke er det svaret du er ute etter, men her er ihvertfall mitt råd i denne situasjonen: Reinstaller Windows! Selvom dette høres tungvint ut og kanskje er det, dersom du har mye dokumenter og programmer, er det nok den beste løsningen. Jeg har dårlig erfaring med virus og antivirusprogramvare. Selv om programvaren påstår å ha slettet alle virus, virker PC'en fortsatt treg. Og eneste måten å bli helt sikker på at PC'en er ren, er å reinstallere.

 

Jeg ser ingenting som er skrikende galt i HJT loggen din, men det virker som det er mye rart der, som kan gjøre PC'en treg. B.la Yahoo, Google og Winamp toolbars. Igjen er nok en ny og frisk innstallasjon av Windows den beste måten å få ytelsen tilbake på topp. Og vi vet jo at det er sunt for en PC og bli reinnstallert i blant, da man blir kvitt mange .tmp-filer og annet rusk og rask. Lykke til!

Pcen ble fuckt etter at jeg skulle kjøre en trainer til SA-MP. Derfor tror jeg det er virus

[Insomniatic]

Kjørt dette også så ser vi hvordan det ser ut.

 

Last ned MBAM til skrivebordet.

Velg Norsk språkdrakt-->kjør hurtig systemskann.

Når MBAM er ferdig åpner den en logg,den poster du.

---

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programmet kjører.

post logg C:\combofix.txt

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.32

Databaseversjon: 1616

Windows 5.1.2600 Service Pack 2

 

11.01.09 16:14:02

mbam-log-2009-01-11 (16-14-02).txt

 

Skanntype: Rask Skann

Objekter skannet: 67840

Tid tilbakelagt: 6 minute(s), 12 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-01-10.03 - Micke 2009-01-11 16:18:21.10 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.894.508 [GMT 1:00]

Kjører fra: c:\documents and settings\Micke.MICKES\Skrivebord\ComboFix.exe

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\msrdo20.dll

c:\windows\system32\rdocurs.dll

c:\windows\system32\taskkill.exe

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-11 til 2009-01-11 )))))))))))))))))))))))))))))))))

.

 

2009-01-11 16:06 . 2009-01-11 16:06 685,056 --a------ c:\windows\is-3QGMN.exe

2009-01-11 16:06 . 2009-01-11 16:06 10,809 --a------ c:\windows\is-3QGMN.msg

2009-01-11 16:06 . 2009-01-11 16:06 414 --a------ c:\windows\is-3QGMN.lst

2009-01-11 14:31 . 2009-01-11 14:31 <DIR> d-------- c:\programfiler\SDHelper (Spybot - Search & Destroy)

2009-01-11 14:31 . 2009-01-11 14:31 <DIR> d-------- c:\programfiler\Misc. Support Library (Spybot - Search & Destroy)

2009-01-11 14:31 . 2009-01-11 14:31 <DIR> d-------- c:\programfiler\File Scanner Library (Spybot - Search & Destroy)

2009-01-11 02:20 . 2009-01-11 15:48 <DIR> dr-h----- c:\documents and settings\Micke.MICKES\Siste

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-11 15:06 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware

2009-01-11 13:31 --------- d-----w c:\programfiler\TeaTimer (Spybot - Search & Destroy)

2009-01-11 13:28 --------- d-----w c:\documents and settings\Micke.MICKES\Programdata\wsInspector

2009-01-11 13:21 --------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\Avg7

2009-01-10 23:35 --------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\Google Updater

2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-01 20:33 --------- d-----w c:\documents and settings\Micke.MICKES\Programdata\Skype

2009-01-01 19:41 --------- d-----w c:\documents and settings\Micke.MICKES\Programdata\skypePM

2008-12-31 13:41 9,394 --sha-w c:\windows\system32\KGyGaAvL.sys

2008-12-24 22:36 --------- d-----w c:\documents and settings\Micke.MICKES\Programdata\LimeWire

2008-12-24 16:14 --------- d-----w c:\programfiler\Cheat Engine

2008-12-23 20:58 230,432 ----a-w C:\PA7311.DAT

2008-12-15 11:47 --------- d-----w c:\programfiler\MessengerDiscovery

2008-12-10 16:31 --------- d-----w c:\programfiler\Red Eye Remover

2008-12-07 01:30 --------- d-----w c:\programfiler\Skype

2008-12-07 01:30 --------- d-----w c:\programfiler\Fellesfiler\Skype

2008-12-07 01:30 --------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\Skype

2008-11-26 13:26 --------- d-----w c:\programfiler\iHabbix V3

2008-11-02 21:18 41,522 ----a-w c:\documents and settings\Micke.MICKES\java_plugin.exe

2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-03-21 17:11 32 ----a-r c:\documents and settings\All Users\hash.dat

2008-01-31 13:05 167 ----a-w c:\documents and settings\All Users.WINDOWS\Programdata\saopts.dat

2006-04-18 12:55 834 ----a-w c:\documents and settings\Micke\Programdata\wklnhst.dat

2005-05-13 16:12 217,073 --sha-r c:\windows\meta4.exe

2005-10-24 10:13 66,560 --sha-r c:\windows\MOTA113.exe

2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe

2006-06-18 19:27 80 --sh--r c:\windows\system32\744BE5167C.dll

2008-01-17 15:28 104 --sh--r c:\windows\system32\744BE5167C.sys

2008-02-03 18:30 168 --sh--r c:\windows\system32\7C16E54B74.sys

2005-10-07 18:14 308,224 --sha-r c:\windows\system32\avisynth.dll

2005-07-14 11:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll

2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll

2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll

2006-07-17 09:26 65,210 --sha-w c:\windows\system32\fhgniw.dat

2004-01-24 23:00 70,656 --sha-r c:\windows\system32\i420vfw.dll

2006-04-27 09:24 2,945,024 --sha-r c:\windows\system32\Smab.dll

2006-06-15 21:03 8,384 --sha-w c:\windows\system32\srsc.dat

2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe

2004-01-24 23:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll

.

 

------- Sigcheck -------

 

2006-06-12 16:47 57856 866618fe562b285a89b83ba6307e9015 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2004-08-04 13:00 57856 1efb05d36736d2b6df8fd81c76fa0be6 c:\windows\$NtUninstallKB896423$\spoolsv.exe

2008-04-14 17:23 57856 24a34b0cdda0adf220c85150f042d4bb c:\windows\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\spoolsv.exe

2006-06-12 16:47 57856 0c8dd504a38d2fa9a3443c2ab816124b c:\windows\system32\spoolsv.exe

2006-06-12 16:47 57856 0c8dd504a38d2fa9a3443c2ab816124b c:\windows\system32\dllcache\spoolsv.exe

.

((((((((((((((((((((((((((((( snapshot_2008-11-15_ 0.24.49,64 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe

+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe

+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe

+ 2007-11-30 12:39:50 17,784 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll

+ 2007-11-30 12:39:50 232,824 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe

+ 2007-11-30 12:39:50 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll

+ 2007-11-30 12:39:50 760,696 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe

+ 2007-11-30 12:39:50 385,912 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll

+ 2008-10-23 12:52:24 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll

+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll

+ 2008-10-23 12:45:15 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll

+ 2008-07-08 13:08:08 17,784 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll

+ 2008-07-08 13:08:08 232,824 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe

+ 2008-07-08 13:08:08 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll

+ 2008-07-09 07:44:45 760,696 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe

+ 2008-07-09 07:44:52 385,912 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll

+ 2008-08-26 08:30:43 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll

+ 2008-08-26 08:30:43 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll

+ 2008-08-26 08:30:43 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll

+ 2008-08-26 08:30:43 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll

+ 2008-08-26 08:30:43 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll

+ 2008-08-25 08:41:09 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe

+ 2008-08-26 08:30:43 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll

+ 2008-08-26 08:30:43 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll

+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll

+ 2008-08-26 08:30:43 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll

+ 2008-08-26 08:30:43 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll

+ 2008-10-03 17:31:14 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll

+ 2008-08-26 08:30:44 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll

+ 2008-08-26 08:30:44 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll

+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe

+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe

+ 2008-08-26 08:30:44 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll

+ 2008-08-26 08:30:44 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll

+ 2008-08-26 08:30:44 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll

+ 2008-08-27 09:30:46 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll

+ 2008-08-26 08:30:45 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll

+ 2008-08-26 08:30:45 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll

+ 2008-08-26 08:30:45 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll

+ 2008-08-26 08:30:45 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll

+ 2008-08-26 08:30:45 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll

+ 2007-03-06 02:01:51 214,752 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe

+ 2007-03-06 02:03:01 374,496 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll

+ 2008-08-26 08:30:45 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll

+ 2008-08-26 08:30:45 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll

+ 2008-08-26 08:30:45 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll

+ 2008-08-26 08:30:45 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll

+ 2008-10-17 01:03:32 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll

+ 2007-03-06 02:01:51 214,752 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe

+ 2007-03-06 02:03:01 374,496 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll

- 2008-08-06 14:22:02 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll

+ 2008-11-24 13:35:00 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll

- 2008-08-06 14:30:48 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll

+ 2008-11-24 13:43:36 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll

- 2008-08-06 14:22:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll

+ 2008-11-24 13:35:38 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll

- 2008-08-06 13:45:40 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2008-11-24 13:16:06 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

- 2008-08-06 14:22:44 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

+ 2008-11-24 13:35:40 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

- 2008-08-06 13:35:52 706,048 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

+ 2008-11-24 13:07:38 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

- 2008-08-06 13:35:52 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe

+ 2008-11-24 13:07:38 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe

- 2008-08-06 13:35:52 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2008-11-24 13:07:38 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

- 2008-08-06 13:42:04 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll

+ 2008-11-24 13:12:14 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll

- 2008-08-06 14:21:14 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

+ 2008-11-24 13:34:18 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

- 2008-08-06 14:24:14 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll

+ 2008-11-24 13:36:12 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll

+ 2008-11-24 13:43:16 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103471.exe

- 2008-08-06 14:24:56 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2008-11-24 13:34:04 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

- 2008-08-06 14:21:04 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

+ 2008-11-24 13:34:02 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

- 2008-08-06 13:35:52 50,808 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

+ 2008-11-24 13:07:38 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

- 1999-06-25 08:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE

+ 1999-06-25 09:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE

- 2008-08-26 08:30:43 124,928 ----a-w c:\windows\system32\advpack.dll

+ 2008-10-16 20:33:22 124,928 ----a-w c:\windows\system32\advpack.dll

- 2008-08-26 08:30:43 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll

+ 2008-10-16 20:33:22 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll

- 2008-07-18 20:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll

+ 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll

- 2008-08-26 08:30:43 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-10-16 20:33:22 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

- 2008-08-26 08:30:43 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-10-16 20:33:22 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

- 2008-08-26 08:30:43 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

+ 2008-10-16 20:33:22 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

- 2007-06-19 13:33:12 282,112 -c--a-w c:\windows\system32\dllcache\gdi32.dll

+ 2008-10-23 13:01:53 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll

- 2008-08-26 08:30:43 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

+ 2008-10-16 20:33:22 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

- 2008-08-25 08:41:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-10-16 13:15:01 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

- 2008-08-26 08:30:43 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

+ 2008-10-16 20:33:22 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

- 2008-08-26 08:30:43 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

+ 2008-10-16 20:33:23 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

- 2008-08-26 08:30:43 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

+ 2008-10-16 20:33:23 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

- 2008-08-26 08:30:43 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-10-16 20:33:23 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

- 2008-10-03 17:31:14 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

+ 2008-10-16 20:33:26 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

- 2008-08-26 08:30:44 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

+ 2008-10-16 20:33:26 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

- 2008-08-26 08:30:44 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

+ 2008-10-16 20:33:26 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

- 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe

+ 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe

- 2008-08-26 08:30:44 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-10-16 20:33:27 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

- 2008-08-26 08:30:44 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

+ 2008-10-16 20:33:27 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

- 2008-08-26 08:30:44 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-10-16 20:33:27 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

- 2008-08-27 09:30:46 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

- 2008-08-26 08:30:45 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-10-16 20:33:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

- 2008-08-26 08:30:45 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

+ 2008-10-16 20:33:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

- 2008-08-26 08:30:45 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2008-10-16 20:33:31 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

- 2008-08-26 08:30:45 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll

+ 2008-10-16 20:33:31 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll

- 2008-08-26 08:30:45 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-10-16 20:33:31 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

- 2006-08-24 12:19:52 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll

+ 2008-10-03 10:17:58 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll

- 2008-08-26 08:30:45 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

+ 2008-10-16 20:33:31 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

- 2008-08-26 08:30:45 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2008-10-16 20:33:32 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll

- 2008-08-26 08:30:45 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll

+ 2008-10-16 20:33:32 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll

- 2008-08-26 08:30:45 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2008-10-16 20:33:33 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

- 2008-07-18 20:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll

+ 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll

- 2008-07-18 20:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

+ 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

- 2008-07-18 20:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

+ 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

- 2008-07-18 20:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll

+ 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll

- 2008-07-18 20:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll

+ 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll

- 2008-07-18 20:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll

- 2008-08-26 08:30:43 347,136 ----a-w c:\windows\system32\dxtmsft.dll

+ 2008-10-16 20:33:22 347,136 ----a-w c:\windows\system32\dxtmsft.dll

- 2008-08-26 08:30:43 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-10-16 20:33:22 214,528 ----a-w c:\windows\system32\dxtrans.dll

- 2008-08-26 08:30:43 133,120 ----a-w c:\windows\system32\extmgr.dll

+ 2008-10-16 20:33:22 133,120 ----a-w c:\windows\system32\extmgr.dll

- 2008-08-26 08:30:43 63,488 ----a-w c:\windows\system32\icardie.dll

+ 2008-10-16 20:33:22 63,488 ----a-w c:\windows\system32\icardie.dll

- 2008-08-25 08:41:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe

+ 2008-10-16 13:15:01 70,656 ----a-w c:\windows\system32\ie4uinit.exe

- 2008-08-26 08:30:43 153,088 ----a-w c:\windows\system32\ieakeng.dll

+ 2008-10-16 20:33:22 153,088 ----a-w c:\windows\system32\ieakeng.dll

- 2008-08-26 08:30:43 230,400 ----a-w c:\windows\system32\ieaksie.dll

+ 2008-10-16 20:33:23 230,400 ----a-w c:\windows\system32\ieaksie.dll

- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll

+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll

- 2008-08-26 08:30:43 383,488 ----a-w c:\windows\system32\ieapfltr.dll

+ 2008-10-16 20:33:23 383,488 ----a-w c:\windows\system32\ieapfltr.dll

- 2008-08-26 08:30:43 384,512 ----a-w c:\windows\system32\iedkcs32.dll

+ 2008-10-16 20:33:23 384,512 ----a-w c:\windows\system32\iedkcs32.dll

- 2008-10-03 17:31:14 6,066,176 ----a-w c:\windows\system32\ieframe.dll

+ 2008-10-16 20:33:26 6,066,176 ----a-w c:\windows\system32\ieframe.dll

- 2008-08-26 08:30:44 44,544 ----a-w c:\windows\system32\iernonce.dll

+ 2008-10-16 20:33:26 44,544 ----a-w c:\windows\system32\iernonce.dll

- 2008-08-26 08:30:44 267,776 ----a-w c:\windows\system32\iertutil.dll

+ 2008-10-16 20:33:26 267,776 ----a-w c:\windows\system32\iertutil.dll

- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe

- 2008-08-26 08:30:44 27,648 ----a-w c:\windows\system32\jsproxy.dll

+ 2008-10-16 20:33:27 27,648 ----a-w c:\windows\system32\jsproxy.dll

- 2008-08-26 08:30:44 459,264 ----a-w c:\windows\system32\msfeeds.dll

+ 2008-10-16 20:33:27 459,264 ----a-w c:\windows\system32\msfeeds.dll

- 2008-08-26 08:30:44 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

+ 2008-10-16 20:33:27 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

- 2008-08-27 09:30:46 3,593,216 ----a-w c:\windows\system32\mshtml.dll

+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll

- 2008-08-26 08:30:45 477,696 ----a-w c:\windows\system32\mshtmled.dll

+ 2008-10-16 20:33:30 477,696 ----a-w c:\windows\system32\mshtmled.dll

- 2008-08-26 08:30:45 193,024 ----a-w c:\windows\system32\msrating.dll

+ 2008-10-16 20:33:30 193,024 ----a-w c:\windows\system32\msrating.dll

- 2008-08-26 08:30:45 671,232 ----a-w c:\windows\system32\mstime.dll

+ 2008-10-16 20:33:31 671,232 ----a-w c:\windows\system32\mstime.dll

- 2008-08-26 08:30:45 102,912 ----a-w c:\windows\system32\occache.dll

+ 2008-10-16 20:33:31 102,912 ----a-w c:\windows\system32\occache.dll

- 2008-11-13 15:49:06 71,642 ----a-w c:\windows\system32\perfc009.dat

+ 2009-01-01 20:37:20 71,642 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-13 15:49:06 80,272 ----a-w c:\windows\system32\perfc014.dat

+ 2009-01-01 20:37:20 80,272 ----a-w c:\windows\system32\perfc014.dat

- 2008-11-13 15:49:06 441,958 ----a-w c:\windows\system32\perfh009.dat

+ 2009-01-01 20:37:20 441,958 ----a-w c:\windows\system32\perfh009.dat

- 2008-11-13 15:49:06 445,030 ----a-w c:\windows\system32\perfh014.dat

+ 2009-01-01 20:37:20 445,030 ----a-w c:\windows\system32\perfh014.dat

- 2008-08-26 08:30:45 44,544 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-10-16 20:33:31 44,544 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll

+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll

- 2008-07-08 13:08:08 17,784 ------w c:\windows\system32\spmsg.dll

+ 2007-11-30 12:39:50 17,784 ------w c:\windows\system32\spmsg.dll

- 2006-08-24 12:19:52 246,814 ----a-w c:\windows\system32\strmdll.dll

+ 2008-10-03 10:17:58 247,326 ----a-w c:\windows\system32\strmdll.dll

- 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe

+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe

- 2008-08-26 08:30:45 105,984 ----a-w c:\windows\system32\url.dll

+ 2008-10-16 20:33:31 105,984 ----a-w c:\windows\system32\url.dll

- 2008-08-26 08:30:45 1,159,680 ----a-w c:\windows\system32\urlmon.dll

+ 2008-10-16 20:33:32 1,160,192 ----a-w c:\windows\system32\urlmon.dll

- 2008-08-26 08:30:45 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2008-10-16 20:33:32 233,472 ----a-w c:\windows\system32\webcheck.dll

.

-- Snapshot resatt til dagens dato --

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programfiler\Winamp Toolbar\winamptb.dll" [2008-03-19 1267040]

 

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

"Malwarebytes' Anti-Malware"="c:\programfiler\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-04 399504]

"InnoSetupRegFile.0000000001"="c:\windows\is-3QGMN.exe" [2009-01-11 685056]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 12:41 294912 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mappe\\err41beta\\client.exe"=

"c:\\Programfiler\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Programfiler\\Azureus\\Azureus.exe"=

"c:\\Program Files\\Mappe\\err31\\client.exe"=

"c:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

"c:\\Programfiler\\Fellesfiler\\AOL\\Loader\\aolload.exe"=

"c:\\Programfiler\\AIM6\\aim6.exe"=

"c:\\WINDOWS\\system32\\bcvsrv32.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944]

R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-06-01 200192]

R4 GtFlashSwitch;GtFlashSwitch;c:\programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\programfiler\Viewpoint\Common\ViewpointService.exe [2008-07-19 24652]

S3 C;C NDIS Protocol Driver;c:\windows\system32\Drivers\C.sys --> c:\windows\system32\Drivers\C.sys [?]

S3 CSNPD51;CSNPD51 NDIS Protocol Driver;c:\windows\system32\Drivers\CSNPD51.sys --> c:\windows\system32\Drivers\CSNPD51.sys [?]

S3 dopewars-server;dopewars server;c:\programfiler\dopewars-1.5.12\dopewars.exe -N --> c:\programfiler\dopewars-1.5.12\dopewars.exe -N [?]

S3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\drivers\dsreader.sys [2001-01-02 19677]

S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\system32\drivers\dump_wmimmc.sys --> c:\windows\system32\drivers\dump_wmimmc.sys [?]

S3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [2007-01-15 17152]

S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2007-01-15 122240]

S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-01-15 8064]

S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007-01-15 36992]

S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [2005-09-16 150272]

S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]

S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5035580A-2AC8-0B56-6E7B-CB07F4AC4A78}]

c:\windows\system32:winsock32.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2009-01-07 c:\windows\Tasks\Norton Security Scan.job

- c:\programfiler\Norton Security Scan\Nss.exe [2008-01-09 03:08]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-RunOnce-<NO NAME> - (no file)

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.diskusjon.no/index.php?autocom=my_forum

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Connection Wizard,ShellNext = iexplore

IE: &Winamp Toolbar Search - c:\documents and settings\All Users.WINDOWS\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Sothink SWF Catcher - c:\programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm

Trusted Zone: www.1startside.com

Trusted Zone: www.adobe.com

Trusted Zone: www.diskusjon.no

Trusted Zone: www.gta-siden.com

Trusted Zone: www.kfcgang.com

Trusted Zone: www.moviemistakes.com

Trusted Zone: www.mpcforum.com

Trusted Zone: www.onemorelevel.com

Trusted Zone: www.runescape.com

 

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

c:\windows\Downloaded Program Files\ssiPictureUploader.ocx - O16 -: {A243F6C2-34D2-4549-BCCD-A7BEF759B236}

hxxp://img.funtigo.com/images/uploader/ssiPictureUploader.cab

c:\windows\Downloaded Program Files\ssiPictureUploader.inf

FF - ProfilePath - c:\documents and settings\Micke.MICKES\Programdata\Mozilla\Firefox\Profiles\etzfkkna.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://www.diskusjon.no/index.php?autocom=my_forum

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\documents and settings\Micke.MICKES\Programdata\Mozilla\Firefox\Profiles\etzfkkna.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll

FF - component: c:\documents and settings\Micke.MICKES\Programdata\Mozilla\Firefox\Profiles\etzfkkna.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll

FF - component: c:\programfiler\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\programfiler\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\programfiler\Viewpoint\Viewpoint Media Player\npViewpoint.dll

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-11 16:23:12

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

 

c:\windows\system32:winsock32.exe 665090 bytes executable

 

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PsSdk30]

"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(672)

c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

.

Tidspunkt ferdig: 2009-01-11 16:29:02

ComboFix-quarantined-files.txt 2009-01-11 15:27:44

ComboFix2.txt 2008-11-14 23:25:19

ComboFix3.txt 2008-06-05 17:18:36

ComboFix4.txt 2008-06-05 15:30:46

ComboFix5.txt 2009-01-11 15:16:32

 

Pre-Run: 9 798 799 360 byte ledig

Post-Run: 9,785,425,920 byte ledig

 

448 --- E O F --- 2008-12-19 10:24:40

Endret 11. januar 2009 av Latterkongen

[snippsat]

Scann disse filer her virustotal

c:\windows\is-3QGMN.exe

c:\windows\is-3QGMN.msg

c:\windows\is-3QGMN.lst

c:\windows\system32\744BE5167C.dll

c:\windows\system32\744BE5167C.sys

c:\windows\system32\7C16E54B74.sys

 

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

 

File::

c:\documents and settings\All Users.WINDOWS\Programdata\saopts.dat

Endret 11. januar 2009 av SNIPPSAT

[Insomniatic]

Scann disse filer her virustotal

c:\windows\is-3QGMN.exe

c:\windows\is-3QGMN.msg

c:\windows\is-3QGMN.lst

c:\windows\system32\744BE5167C.dll

c:\windows\system32\744BE5167C.sys

c:\windows\system32\7C16E54B74.sys

 

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

 

File::

c:\documents and settings\All Users.WINDOWS\Programdata\saopts.dat

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-01-10.03 - Micke 2009-01-11 18:00:18.11 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.894.506 [GMT 1:00]

Kjører fra: c:\documents and settings\Micke.MICKES\Skrivebord\ComboFix.exe

Command switches brukt :: c:\documents and settings\Micke.MICKES\Skrivebord\CFScript.txt

* Opprettet nytt gjenopprettingspunkt

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

 

FILE ::

c:\documents and settings\All Users.WINDOWS\Programdata\saopts.dat

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users.WINDOWS\Programdata\saopts.dat

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-11 til 2009-01-11 )))))))))))))))))))))))))))))))))

.

 

2009-01-11 16:06 . 2009-01-11 16:06 685,056 --a------ c:\windows\isRS-000.tmp

2009-01-11 14:31 . 2009-01-11 14:31 <DIR> d-------- c:\programfiler\SDHelper (Spybot - Search & Destroy)

2009-01-11 14:31 . 2009-01-11 14:31 <DIR> d-------- c:\programfiler\Misc. Support Library (Spybot - Search & Destroy)

2009-01-11 14:31 . 2009-01-11 14:31 <DIR> d-------- c:\programfiler\File Scanner Library (Spybot - Search & Destroy)

2009-01-11 02:20 . 2009-01-11 17:58 <DIR> dr-h----- c:\documents and settings\Micke.MICKES\Siste

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-11 15:06 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware

2009-01-11 13:31 --------- d-----w c:\programfiler\TeaTimer (Spybot - Search & Destroy)

2009-01-11 13:28 --------- d-----w c:\documents and settings\Micke.MICKES\Programdata\wsInspector

2009-01-11 13:21 --------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\Avg7

2009-01-10 23:35 --------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\Google Updater

2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-01 20:33 --------- d-----w c:\documents and settings\Micke.MICKES\Programdata\Skype

2009-01-01 19:41 --------- d-----w c:\documents and settings\Micke.MICKES\Programdata\skypePM

2008-12-31 13:41 9,394 --sha-w c:\windows\system32\KGyGaAvL.sys

2008-12-24 22:36 --------- d-----w c:\documents and settings\Micke.MICKES\Programdata\LimeWire

2008-12-24 16:14 --------- d-----w c:\programfiler\Cheat Engine

2008-12-23 20:58 230,432 ----a-w C:\PA7311.DAT

2008-12-15 11:47 --------- d-----w c:\programfiler\MessengerDiscovery

2008-12-10 16:31 --------- d-----w c:\programfiler\Red Eye Remover

2008-12-07 01:30 --------- d-----w c:\programfiler\Skype

2008-12-07 01:30 --------- d-----w c:\programfiler\Fellesfiler\Skype

2008-12-07 01:30 --------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\Skype

2008-11-26 13:26 --------- d-----w c:\programfiler\iHabbix V3

2008-11-02 21:18 41,522 ----a-w c:\documents and settings\Micke.MICKES\java_plugin.exe

2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-03-21 17:11 32 ----a-r c:\documents and settings\All Users\hash.dat

2006-04-18 12:55 834 ----a-w c:\documents and settings\Micke\Programdata\wklnhst.dat

2005-05-13 16:12 217,073 --sha-r c:\windows\meta4.exe

2005-10-24 10:13 66,560 --sha-r c:\windows\MOTA113.exe

2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe

2006-06-18 19:27 80 --sh--r c:\windows\system32\744BE5167C.dll

2008-01-17 15:28 104 --sh--r c:\windows\system32\744BE5167C.sys

2008-02-03 18:30 168 --sh--r c:\windows\system32\7C16E54B74.sys

2005-10-07 18:14 308,224 --sha-r c:\windows\system32\avisynth.dll

2005-07-14 11:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll

2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll

2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll

2006-07-17 09:26 65,210 --sha-w c:\windows\system32\fhgniw.dat

2004-01-24 23:00 70,656 --sha-r c:\windows\system32\i420vfw.dll

2006-04-27 09:24 2,945,024 --sha-r c:\windows\system32\Smab.dll

2006-06-15 21:03 8,384 --sha-w c:\windows\system32\srsc.dat

2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe

2004-01-24 23:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll

.

 

------- Sigcheck -------

 

2006-06-12 16:47 57856 866618fe562b285a89b83ba6307e9015 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2004-08-04 13:00 57856 1efb05d36736d2b6df8fd81c76fa0be6 c:\windows\$NtUninstallKB896423$\spoolsv.exe

2008-04-14 17:23 57856 24a34b0cdda0adf220c85150f042d4bb c:\windows\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\spoolsv.exe

2006-06-12 16:47 57856 0c8dd504a38d2fa9a3443c2ab816124b c:\windows\system32\spoolsv.exe

2006-06-12 16:47 57856 0c8dd504a38d2fa9a3443c2ab816124b c:\windows\system32\dllcache\spoolsv.exe

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programfiler\Winamp Toolbar\winamptb.dll" [2008-03-19 1267040]

 

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 12:41 294912 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mappe\\err41beta\\client.exe"=

"c:\\Programfiler\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Programfiler\\Azureus\\Azureus.exe"=

"c:\\Program Files\\Mappe\\err31\\client.exe"=

"c:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

"c:\\Programfiler\\Fellesfiler\\AOL\\Loader\\aolload.exe"=

"c:\\Programfiler\\AIM6\\aim6.exe"=

"c:\\WINDOWS\\system32\\bcvsrv32.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944]

R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-06-01 200192]

R4 GtFlashSwitch;GtFlashSwitch;c:\programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\programfiler\Viewpoint\Common\ViewpointService.exe [2008-07-19 24652]

S3 C;C NDIS Protocol Driver;c:\windows\system32\Drivers\C.sys --> c:\windows\system32\Drivers\C.sys [?]

S3 CSNPD51;CSNPD51 NDIS Protocol Driver;c:\windows\system32\Drivers\CSNPD51.sys --> c:\windows\system32\Drivers\CSNPD51.sys [?]

S3 dopewars-server;dopewars server;c:\programfiler\dopewars-1.5.12\dopewars.exe -N --> c:\programfiler\dopewars-1.5.12\dopewars.exe -N [?]

S3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\drivers\dsreader.sys [2001-01-02 19677]

S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\system32\drivers\dump_wmimmc.sys --> c:\windows\system32\drivers\dump_wmimmc.sys [?]

S3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [2007-01-15 17152]

S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2007-01-15 122240]

S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-01-15 8064]

S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007-01-15 36992]

S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [2005-09-16 150272]

S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]

S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5035580A-2AC8-0B56-6E7B-CB07F4AC4A78}]

c:\windows\system32:winsock32.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2009-01-07 c:\windows\Tasks\Norton Security Scan.job

- c:\programfiler\Norton Security Scan\Nss.exe [2008-01-09 03:08]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.diskusjon.no/index.php?autocom=my_forum

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Connection Wizard,ShellNext = iexplore

IE: &Winamp Toolbar Search - c:\documents and settings\All Users.WINDOWS\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Sothink SWF Catcher - c:\programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm

Trusted Zone: www.1startside.com

Trusted Zone: www.adobe.com

Trusted Zone: www.diskusjon.no

Trusted Zone: www.gta-siden.com

Trusted Zone: www.kfcgang.com

Trusted Zone: www.moviemistakes.com

Trusted Zone: www.mpcforum.com

Trusted Zone: www.onemorelevel.com

Trusted Zone: www.runescape.com

 

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

c:\windows\Downloaded Program Files\ssiPictureUploader.ocx - O16 -: {A243F6C2-34D2-4549-BCCD-A7BEF759B236}

hxxp://img.funtigo.com/images/uploader/ssiPictureUploader.cab

c:\windows\Downloaded Program Files\ssiPictureUploader.inf

FF - ProfilePath - c:\documents and settings\Micke.MICKES\Programdata\Mozilla\Firefox\Profiles\etzfkkna.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://www.diskusjon.no/index.php?autocom=my_forum

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\documents and settings\Micke.MICKES\Programdata\Mozilla\Firefox\Profiles\etzfkkna.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll

FF - component: c:\documents and settings\Micke.MICKES\Programdata\Mozilla\Firefox\Profiles\etzfkkna.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll

FF - component: c:\programfiler\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\programfiler\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\programfiler\Viewpoint\Viewpoint Media Player\npViewpoint.dll

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-11 18:01:38

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

 

c:\windows\system32:winsock32.exe 665090 bytes executable

 

skanning vellykket

skjulte filer: 1

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PsSdk30]

"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(672)

c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

.

Tidspunkt ferdig: 2009-01-11 18:04:12

ComboFix-quarantined-files.txt 2009-01-11 17:03:44

ComboFix2.txt 2009-01-11 15:29:04

ComboFix3.txt 2008-11-14 23:25:19

ComboFix4.txt 2008-06-05 17:18:36

ComboFix5.txt 2009-01-11 16:59:10

 

Pre-Run: 9 756 418 048 byte ledig

Post-Run: 9,742,442,496 byte ledig

 

211 --- E O F --- 2008-12-19 10:24:40

[snippsat]

Hva ble resultatet av scanning på vitustotal?

[Insomniatic]

Hva ble resultatet av scanning på vitustotal?

Ingen infiserte

[snippsat]

Greit vi rydder litt.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

 

Auslogics Disk Defrag(gratis)

http://www.auslogics.com/en/software/disk-defrag

 

Auslogics Registry Defrag(gratis)

http://www.auslogics.com/en/software/registry-defrag

 

Last ned process explorer

Trykk på cpu-fane så forbruk kommer øverst,følg med

 

Si litt om pcen kjører bedere.