Hjelp med HJT logg?

[Krillekongen]

Hei! Har scannet pcen min med HJT.. Har fått MSN-virus, men har ikke peiling på hvordan.

Men men.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:02:49, on 21.01.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\GIGABYTE\GEST\gest.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\syst32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\GIGABYTE\GEST\GSvr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [syst32] syst32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

 

--

End of file - 5646 bytes

 

 

[raWrz]

hei

 

Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet.

 

Kjør fila og installer programmet. Velg Norsk språkdrakt.

• Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig.
  

La programmet oppdatere seg og velg Utfør hurtig systemskann.

 

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

 

Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet.

 

Notis:

Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål.

Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen.

Hvis du blir spurt om å restarte maskinen, gjør du det med en gang.

 

Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies

 

 

__

 

 

Last ned Combofix (av sUBs), og legg det på Skrivebordet.

 

Kjør combofix.exe, og følg veiledningen.

• Du vil under oppstart av combofix bli anbefalt å installere gjenopprettingskonsollen (om du ikke har den installert fra før). Det sier du ja til.
  
• Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser.
  

Hva gjør ComboFix:

 

- ComboFix er et multifix-program som er laget for å fjerne en hel del kjente infeksjoner, samt lager en logg/rapport som viser filer/prosesser/registeroppføringer som ligger på PC-en. Loggen kan avgjøre om det fortsatt ligger noe på PC-en som skal fjernes. Det kreves da at noen med erfaring kan lese loggen og fortelle hvordan man skal gå videre.

 

PS: Combofix vil blant ramse opp alle filer som har blitt opprettet den siste måneden, og kan i enkelte tilfeller også fortelle fullt navn og annen informasjon som kan betraktes som sensitiv. Av den grunn bør du gå gjennom loggen og se om du finner informasjon du ikke vil dele med alle, og sensurere det.

 

Post loggfilen fra Combofix (c:\combofix.txt)

[Krillekongen]

Aight

 

Logg:

 

ComboFix 09-01-20.05 - Brage 2009-01-21 18:28:19.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1211 [GMT 1:00]

Kjører fra: c:\documents and settings\Brage\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

I:\autorun.inf

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-21 til 2009-01-21 )))))))))))))))))))))))))))))))))

.

 

2009-01-21 18:02 . 2009-01-21 18:02 <DIR> d-------- c:\program files\Trend Micro

2009-01-21 15:56 . 2009-01-21 17:59 <DIR> d-------- c:\windows\SxsCaPendDel

2009-01-19 15:59 . 2009-01-19 15:59 <DIR> d-------- C:\SIMTOWER

2009-01-19 15:59 . 1995-04-19 00:00 188,960 --a------ c:\windows\system\WINGDE.DLL

2009-01-19 15:59 . 1995-04-19 00:00 92,208 --a------ c:\windows\system\WING.DLL

2009-01-19 15:59 . 1995-04-19 00:00 27,136 --a------ c:\windows\system\WAVMIX16.DLL

2009-01-19 15:59 . 1995-04-19 00:00 12,800 --a------ c:\windows\system\WING32.DLL

2009-01-19 15:59 . 1995-04-19 00:00 6,736 --a------ c:\windows\system\WINGDIB.DRV

2009-01-19 15:59 . 1995-04-19 00:00 5,024 --a------ c:\windows\system\WINGPAL.WND

2009-01-19 15:59 . 1995-04-19 00:00 1,966 --a------ c:\windows\system\DVA.386

2009-01-18 15:04 . 2009-01-18 15:08 42,496 --a------ C:\noob.MSNFix

2009-01-17 22:14 . 2009-01-18 15:38 42,496 -r-hs---- c:\windows\syst32.exe

2009-01-15 21:02 . 2009-01-21 18:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-15 21:02 . 2009-01-15 21:02 <DIR> d-------- c:\documents and settings\Brage\Application Data\Malwarebytes

2009-01-15 21:02 . 2009-01-15 21:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2009-01-15 21:02 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-15 21:02 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-15 19:31 . 2009-01-15 19:31 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts

2009-01-14 00:17 . 2009-01-14 00:17 8 --a------ c:\windows\system32\nvModes.dat

2009-01-12 18:20 . 2009-01-12 18:20 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Shockwave

2009-01-08 23:41 . 2009-01-21 15:52 <DIR> d-------- c:\program files\Red Kawa

2009-01-08 23:41 . 2009-01-08 23:41 <DIR> d-------- c:\program files\AviSynth 2.5

2009-01-08 23:41 . 2009-01-08 23:41 <DIR> d-------- C:\OpenCandy

2009-01-08 00:12 . 2009-01-08 22:57 69 --a------ c:\windows\NeroDigital.ini

2009-01-07 23:59 . 2009-01-07 23:59 <DIR> d-------- c:\program files\Free WMV to AVI MPEG Converter

2009-01-07 23:59 . 2005-04-05 14:15 2,469,888 --a------ c:\windows\system32\NCTAudioCompress3.dll

2009-01-07 23:59 . 2005-03-22 12:23 2,183,168 --a------ c:\windows\system32\NCTVideoCompress.dll

2009-01-07 23:59 . 2005-04-07 15:47 1,810,432 --a------ c:\windows\system32\NCTAudioCompress2.dll

2009-01-07 23:59 . 2005-03-23 18:21 987,136 --a------ c:\windows\system32\NCTVideoCoreM.dll

2009-01-07 23:59 . 2008-08-16 17:01 487,424 --a------ c:\windows\system32\msvcp70.dll

2009-01-07 23:59 . 2005-03-28 15:48 348,160 --a------ c:\windows\system32\NCTWMAFile2.dll

2009-01-07 23:59 . 2008-08-16 17:01 344,064 --a------ c:\windows\system32\msvcr70.dll

2009-01-07 23:59 . 2005-03-19 19:52 290,816 --a------ c:\windows\system32\NCTAVIFile.dll

2009-01-07 23:59 . 2005-03-19 19:53 196,608 --a------ c:\windows\system32\NCTWMVFile.dll

2009-01-07 23:59 . 2005-03-16 16:57 139,264 --a------ c:\windows\system32\NCTVideoFile.dll

2009-01-07 23:59 . 2005-04-06 13:56 90,112 --a------ c:\windows\system32\NCTAudioFormatSettings3.dll

2009-01-07 23:22 . 2009-01-07 23:22 <DIR> d-------- c:\documents and settings\Brage\Application Data\Xilisoft Corporation

2009-01-07 22:00 . 2009-01-21 16:31 <DIR> d-------- c:\documents and settings\Brage\Application Data\Eltima Software

2009-01-07 00:56 . 2009-01-07 00:56 136,374 --a------ C:\scr.bmp

2009-01-07 00:54 . 2009-01-21 16:31 <DIR> d-------- c:\program files\Eltima Software

2009-01-06 00:24 . 2008-04-14 04:15 26,112 --a------ c:\windows\system32\drivers\usbser.sys

2009-01-06 00:24 . 2008-04-14 04:15 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys

2009-01-06 00:24 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll

2009-01-06 00:24 . 2009-01-06 00:24 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-01-06 00:24 . 2009-01-06 00:24 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-01-06 00:21 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll

2009-01-06 00:21 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll

2009-01-06 00:21 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys

2009-01-06 00:21 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys

2009-01-06 00:21 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys

2009-01-06 00:21 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys

2009-01-06 00:18 . 2009-01-06 00:18 <DIR> d-------- c:\program files\Common Files\Nokia

2009-01-06 00:15 . 2009-01-06 00:15 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Installations

2009-01-04 23:35 . 2009-01-04 23:35 754 --a------ c:\windows\WORDPAD.INI

2009-01-04 19:37 . 2009-01-04 19:37 <DIR> d-------- c:\documents and settings\Brage\Teen_Models

2008-12-28 18:02 . 2008-12-28 18:02 <DIR> d-------- c:\program files\MSBuild

2008-12-28 18:00 . 2008-12-28 18:00 <DIR> d-------- c:\windows\system32\XPSViewer

2008-12-28 17:59 . 2008-12-28 17:59 <DIR> d-------- c:\program files\Reference Assemblies

2008-12-28 17:59 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2008-12-28 17:58 . 2008-12-28 17:58 <DIR> d-------- c:\windows\system32\xlive

2008-12-24 15:10 . 2008-12-24 15:10 0 --a------ c:\windows\system32\msexcr.ini

2008-12-23 14:13 . 2008-12-23 14:39 23 --a------ c:\windows\popcinfot.dat

2008-12-21 18:55 . 2008-12-21 18:55 <DIR> d-------- c:\program files\Microsoft Silverlight

2008-12-21 18:53 . 2008-12-21 18:53 <DIR> d-------- c:\program files\Microsoft

2008-12-21 18:52 . 2008-12-21 18:52 <DIR> d-------- c:\program files\Windows Live SkyDrive

2008-12-21 15:29 . 2008-12-21 15:29 <DIR> d-------- c:\program files\Direct MIDI to MP3 Converter

2008-12-21 03:01 . 2008-12-31 18:36 <DIR> d-------- c:\documents and settings\Brage\Application Data\Audacity

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-21 17:34 16,608 ----a-w c:\windows\gdrv.sys

2009-01-21 17:33 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet

2009-01-21 17:33 --------- d-----w c:\documents and settings\Brage\Application Data\WTablet

2009-01-21 14:56 --------- d-----w c:\program files\Windows Live

2009-01-19 23:22 --------- d-----w c:\documents and settings\Brage\Application Data\uTorrent

2009-01-19 17:02 --------- d-----w c:\documents and settings\Brage\Application Data\FileZilla

2009-01-15 16:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-01-15 16:08 --------- d-----w c:\program files\AGEIA Technologies

2009-01-11 00:57 --------- d-----w c:\documents and settings\Brage\Application Data\InstallShield Installation Information

2009-01-08 22:56 --------- d-----w c:\program files\Common Files\Adobe

2009-01-05 23:21 --------- d-----w c:\program files\Nokia

2008-12-22 20:03 --------- d-----w c:\documents and settings\Brage\Application Data\Nero

2008-12-22 19:54 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Nero

2008-12-20 21:58 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-18 20:57 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-10 19:17 --------- d-----w c:\program files\AltoMP3 Gold

2008-12-10 19:17 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP

2008-12-10 14:03 26,112 ----a-w c:\windows\WAVEMIX.DLL

2008-12-10 14:03 21,008 ----a-w c:\windows\CTL3D.DLL

2008-12-10 14:03 13,712 ----a-w c:\windows\INSPACE.SCR

2008-12-07 18:14 --------- d-----w c:\documents and settings\Brage\Application Data\dvdcss

2008-12-07 14:40 --------- d-----w c:\program files\ARWizard3

2008-12-06 14:53 --------- d-----w c:\program files\Tablet

2008-11-30 17:57 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-11-30 17:57 --------- d-----w c:\documents and settings\Brage\Application Data\DAEMON Tools

2008-11-29 15:41 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ALM

2008-11-29 12:33 --------- d-----w c:\program files\CCleaner

2008-11-28 18:29 --------- d-----w c:\program files\Adobe Media Player

2008-11-28 18:27 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-11-24 13:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles

2008-11-22 18:27 --------- d-----w c:\program files\Steam

2008-11-22 15:32 --------- d-----w c:\documents and settings\Brage\Application Data\Thinstall

2008-10-20 17:02 22,328 ----a-w c:\documents and settings\Brage\Application Data\PnkBstrK.sys

2008-09-29 14:10 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

2008-09-29 14:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

2008-09-29 14:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092920080930\index.dat

2008-09-29 14:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-18_14.59.32.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll

+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll

+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe

+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll

+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe

+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll

+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll

+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll

+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll

+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll

+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll

+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe

+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll

+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll

+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll

+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll

+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll

+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll

+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll

+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll

+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe

+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe

+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll

+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll

+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll

+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll

+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll

+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll

+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll

+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll

+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll

+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll

+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll

+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll

+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll

+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll

+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll

- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll

+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll

- 2008-07-18 17:40:48 94,920 ----a-w c:\windows\system32\cdm.dll

+ 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\cdm.dll

- 2008-08-26 07:24:28 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll

+ 2008-10-16 20:38:34 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll

- 2008-07-18 17:40:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll

+ 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll

- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

- 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

- 2008-08-26 07:24:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

+ 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll

- 2008-04-14 08:00:00 285,184 -c--a-w c:\windows\system32\dllcache\gdi32.dll

+ 2008-10-23 12:36:14 286,720 -c--a-w c:\windows\system32\dllcache\gdi32.dll

- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

- 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-10-16 13:11:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe

- 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

+ 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll

- 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

+ 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll

- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

- 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-10-16 20:38:35 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll

- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

- 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

+ 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll

- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

- 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe

+ 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe

- 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

- 2008-07-12 19:24:53 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe

+ 2008-06-18 00:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe

- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

- 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

- 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

- 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

+ 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll

- 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll

- 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll

+ 2008-10-16 20:38:39 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll

- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

- 2008-09-08 10:41:42 333,824 -c--a-w c:\windows\system32\dllcache\srv.sys

+ 2008-12-11 10:57:09 333,952 -c--a-w c:\windows\system32\dllcache\srv.sys

- 2008-04-14 08:00:00 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll

+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll

- 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

+ 2008-10-16 20:38:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll

- 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll

- 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll

+ 2008-10-16 20:38:39 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll

- 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll

- 2008-07-12 19:25:02 937,984 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll

+ 2008-06-18 04:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll

- 2008-07-12 19:25:42 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll

+ 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll

- 2008-07-18 17:39:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll

+ 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll

- 2008-07-18 17:40:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

+ 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

- 2008-07-18 17:39:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

+ 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

- 2008-07-18 17:39:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll

+ 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll

- 2008-07-18 17:40:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll

+ 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll

- 2008-07-18 17:39:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll

- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll

+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll

- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll

- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll

+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll

- 2008-04-14 08:00:00 285,184 ----a-w c:\windows\system32\gdi32.dll

+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll

- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll

+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll

- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe

+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe

- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll

+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll

- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll

+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll

- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll

+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll

- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll

+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll

- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll

+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll

- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll

+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll

- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll

+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll

- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll

+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll

- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe

- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll

+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll

- 2008-07-12 19:24:53 100,864 ----a-w c:\windows\system32\logagent.exe

+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe

- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll

+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll

- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll

+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll

- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll

+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll

- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll

+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll

- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll

+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll

- 2008-07-18 17:37:34 270,880 ----a-w c:\windows\system32\mucltui.dll

+ 2008-10-16 13:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll

- 2008-07-18 17:37:32 210,976 ----a-w c:\windows\system32\muweb.dll

+ 2008-10-16 13:06:48 208,744 ----a-w c:\windows\system32\muweb.dll

- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll

+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll

- 2008-12-28 17:02:53 66,690 ----a-w c:\windows\system32\perfc009.dat

+ 2009-01-18 14:00:53 66,690 ----a-w c:\windows\system32\perfc009.dat

- 2008-12-28 17:02:53 427,906 ----a-w c:\windows\system32\perfh009.dat

+ 2009-01-18 14:00:53 427,906 ----a-w c:\windows\system32\perfh009.dat

- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll

+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll

- 2008-04-14 08:00:00 246,814 ----a-w c:\windows\system32\strmdll.dll

+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll

- 2008-07-11 12:51:51 62,976 ----a-w c:\windows\system32\tzchange.exe

+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\system32\tzchange.exe

- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll

+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll

- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll

+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll

- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll

- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll

+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll

- 2008-07-12 19:25:02 937,984 ----a-w c:\windows\system32\wmnetmgr.dll

+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll

- 2008-07-12 19:25:42 2,450,944 ----a-w c:\windows\system32\wmvcore.dll

+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll

- 2008-07-18 17:39:44 563,912 ----a-w c:\windows\system32\wuapi.dll

+ 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll

- 2008-07-18 17:40:42 53,448 ----a-w c:\windows\system32\wuauclt.exe

+ 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe

- 2008-07-18 17:39:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll

+ 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

- 2008-07-18 17:39:46 325,832 ----a-w c:\windows\system32\wucltui.dll

+ 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll

- 2008-07-18 17:40:20 36,552 ----a-w c:\windows\system32\wups.dll

+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\wups.dll

- 2008-07-18 17:40:40 45,768 ----a-w c:\windows\system32\wups2.dll

+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\wups2.dll

- 2008-07-18 17:39:44 205,000 ----a-w c:\windows\system32\wuweb.dll

+ 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll

.

-- Snapshot resatt til dagens dato --

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-17 13672448]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-17 86016]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"syst32"="syst32.exe" [2009-01-18 c:\windows\syst32.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

-r------- 2007-08-29 09:55 1966080 c:\windows\system32\xRaidSetup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-04-01 10:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a------ 2003-12-22 08:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2003-12-05 15:41 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2004-05-04 19:51 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]

--a------ 2004-05-05 10:51 491520 c:\windows\system32\hphmon05.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

--a------ 2004-04-01 20:21 49152 c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

-r------- 2007-03-20 07:36 36864 c:\windows\RaidTool\xInsIDE.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]

--a------ 2007-08-02 15:30 3096576 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-10-17 13:39 1630208 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-09-19 11:14 16844800 c:\windows\RTHDCPL.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"e:\\Programmer\\Steam\\steamapps\\erebus313\\team fortress 2\\hl2.exe"=

"e:\\utorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"e:\\Programmer\\Steam\\Steam.exe"=

"e:\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"e:\\Programmer\\Steam\\steamapps\\erebus313\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"d:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

"e:\\Programmer\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-09-29 97928]

R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-09-01 47624]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-06 15144]

R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-29 875288]

R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 231704]

R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-09-29 76040]

R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-06 3032360]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 01:57]

 

2009-01-21 c:\windows\Tasks\HP Usg Daily.job

- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 20:22]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.yahoo.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://www.yahoo.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\Brage\Application Data\Mozilla\Firefox\Profiles\gw2fwx64.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-21 18:34:00

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-1229272821-2139871995-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3ED1A19E-E9EB-04C7-D110-21E8B3E4DEDA}*]

"oanncjjplndhahiifccgbiibcfdbek"=hex:6b,61,6a,61,6f,6d,6d,68,68,65,6f,70,62,69,

6f,6e,70,6a,62,69,69,65,00,00

"nahoimpgfhkphahmampblpmjmbkg"=hex:6b,61,6a,61,6f,6d,6d,68,68,65,6f,70,62,69,

6f,6e,70,6a,62,69,69,65,00,00

 

[HKEY_USERS\S-1-5-21-1229272821-2139871995-1801674531-1003\Software\SecuROM\License information*]

"datasecu"=hex:0e,a6,2a,87,2f,aa,79,c0,22,31,c1,3c,c5,06,90,d1,bf,8b,e4,2f,b9,

82,e7,f0,87,4a,59,06,a7,89,90,33,75,bc,47,0c,57,a0,74,f2,f1,67,15,15,65,21,\

"rkeysecu"=hex:0b,27,b0,eb,66,5f,66,ea,46,6b,80,26,32,03,e0,ca

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\windows\system32\WTablet\Pen_TabletUser.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-01-21 18:36:22 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-01-21 17:36:19

ComboFix2.txt 2009-01-18 14:00:07

 

Pre-Run: 4 173 266 944 bytes free

Post-Run: 4,350,025,728 bytes free

 

476 --- E O F --- 2009-01-19 14:42:57

 

 

[norbat]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

 

 

File::

c:\windows\syst32.exe

C:\noob.MSNFix

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"syst32"=-

[Krillekongen]

Here it is:

 

ComboFix 09-01-21.04 - Brage 2009-01-23 23:49:19.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1149 [GMT 1:00]

Kjører fra: c:\documents and settings\Brage\Desktop\ComboFix.exe

Command switches brukt :: c:\documents and settings\Brage\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

 

FILE ::

C:\noob.MSNFix

c:\windows\syst32.exe

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\noob.MSNFix

c:\windows\syst32.exe

I:\autorun.inf

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-23 til 2009-01-23 )))))))))))))))))))))))))))))))))

.

 

2009-01-22 16:34 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll

2009-01-22 16:34 . 2008-07-10 11:00 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll

2009-01-22 16:34 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll

2009-01-22 16:34 . 2008-07-30 06:20 509,448 --a------ c:\windows\system32\XAudio2_2.dll

2009-01-22 16:34 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll

2009-01-22 16:34 . 2008-07-30 06:20 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll

2009-01-22 16:34 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll

2009-01-21 19:09 . 2009-01-21 19:09 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2009-01-21 18:02 . 2009-01-21 18:02 <DIR> d-------- c:\program files\Trend Micro

2009-01-21 15:56 . 2009-01-21 17:59 <DIR> d-------- c:\windows\SxsCaPendDel

2009-01-19 15:59 . 1995-04-19 00:00 188,960 --a------ c:\windows\system\WINGDE.DLL

2009-01-19 15:59 . 1995-04-19 00:00 92,208 --a------ c:\windows\system\WING.DLL

2009-01-19 15:59 . 1995-04-19 00:00 27,136 --a------ c:\windows\system\WAVMIX16.DLL

2009-01-19 15:59 . 1995-04-19 00:00 12,800 --a------ c:\windows\system\WING32.DLL

2009-01-19 15:59 . 1995-04-19 00:00 6,736 --a------ c:\windows\system\WINGDIB.DRV

2009-01-19 15:59 . 1995-04-19 00:00 5,024 --a------ c:\windows\system\WINGPAL.WND

2009-01-19 15:59 . 1995-04-19 00:00 1,966 --a------ c:\windows\system\DVA.386

2009-01-15 21:02 . 2009-01-21 18:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-15 21:02 . 2009-01-15 21:02 <DIR> d-------- c:\documents and settings\Brage\Application Data\Malwarebytes

2009-01-15 21:02 . 2009-01-15 21:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2009-01-15 21:02 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-15 21:02 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-15 19:31 . 2009-01-15 19:31 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts

2009-01-14 00:17 . 2009-01-14 00:17 8 --a------ c:\windows\system32\nvModes.dat

2009-01-12 18:20 . 2009-01-12 18:20 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Shockwave

2009-01-08 23:41 . 2009-01-21 15:52 <DIR> d-------- c:\program files\Red Kawa

2009-01-08 23:41 . 2009-01-08 23:41 <DIR> d-------- c:\program files\AviSynth 2.5

2009-01-08 23:41 . 2009-01-08 23:41 <DIR> d-------- C:\OpenCandy

2009-01-08 00:12 . 2009-01-08 22:57 69 --a------ c:\windows\NeroDigital.ini

2009-01-07 23:59 . 2009-01-07 23:59 <DIR> d-------- c:\program files\Free WMV to AVI MPEG Converter

2009-01-07 23:59 . 2005-04-05 14:15 2,469,888 --a------ c:\windows\system32\NCTAudioCompress3.dll

2009-01-07 23:59 . 2005-03-22 12:23 2,183,168 --a------ c:\windows\system32\NCTVideoCompress.dll

2009-01-07 23:59 . 2005-04-07 15:47 1,810,432 --a------ c:\windows\system32\NCTAudioCompress2.dll

2009-01-07 23:59 . 2005-03-23 18:21 987,136 --a------ c:\windows\system32\NCTVideoCoreM.dll

2009-01-07 23:59 . 2008-08-16 17:01 487,424 --a------ c:\windows\system32\msvcp70.dll

2009-01-07 23:59 . 2005-03-28 15:48 348,160 --a------ c:\windows\system32\NCTWMAFile2.dll

2009-01-07 23:59 . 2008-08-16 17:01 344,064 --a------ c:\windows\system32\msvcr70.dll

2009-01-07 23:59 . 2005-03-19 19:52 290,816 --a------ c:\windows\system32\NCTAVIFile.dll

2009-01-07 23:59 . 2005-03-19 19:53 196,608 --a------ c:\windows\system32\NCTWMVFile.dll

2009-01-07 23:59 . 2005-03-16 16:57 139,264 --a------ c:\windows\system32\NCTVideoFile.dll

2009-01-07 23:59 . 2005-04-06 13:56 90,112 --a------ c:\windows\system32\NCTAudioFormatSettings3.dll

2009-01-07 23:22 . 2009-01-07 23:22 <DIR> d-------- c:\documents and settings\Brage\Application Data\Xilisoft Corporation

2009-01-07 22:00 . 2009-01-21 16:31 <DIR> d-------- c:\documents and settings\Brage\Application Data\Eltima Software

2009-01-07 00:56 . 2009-01-07 00:56 136,374 --a------ C:\scr.bmp

2009-01-07 00:54 . 2009-01-21 16:31 <DIR> d-------- c:\program files\Eltima Software

2009-01-06 00:24 . 2008-04-14 04:15 26,112 --a------ c:\windows\system32\drivers\usbser.sys

2009-01-06 00:24 . 2008-04-14 04:15 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys

2009-01-06 00:24 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll

2009-01-06 00:24 . 2009-01-06 00:24 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-01-06 00:24 . 2009-01-06 00:24 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-01-06 00:21 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll

2009-01-06 00:21 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll

2009-01-06 00:21 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys

2009-01-06 00:21 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys

2009-01-06 00:21 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys

2009-01-06 00:21 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys

2009-01-06 00:18 . 2009-01-06 00:18 <DIR> d-------- c:\program files\Common Files\Nokia

2009-01-06 00:15 . 2009-01-06 00:15 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Installations

2009-01-04 23:35 . 2009-01-04 23:35 754 --a------ c:\windows\WORDPAD.INI

2009-01-04 19:37 . 2009-01-04 19:37 <DIR> d-------- c:\documents and settings\Brage\Teen_Models

2008-12-28 18:02 . 2008-12-28 18:02 <DIR> d-------- c:\program files\MSBuild

2008-12-28 18:00 . 2008-12-28 18:00 <DIR> d-------- c:\windows\system32\XPSViewer

2008-12-28 17:59 . 2008-12-28 17:59 <DIR> d-------- c:\program files\Reference Assemblies

2008-12-28 17:59 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2008-12-28 17:58 . 2008-12-28 17:58 <DIR> d-------- c:\windows\system32\xlive

2008-12-24 15:10 . 2008-12-24 15:10 0 --a------ c:\windows\system32\msexcr.ini

2008-12-23 14:13 . 2008-12-23 14:39 23 --a------ c:\windows\popcinfot.dat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-23 22:50 16,608 ----a-w c:\windows\gdrv.sys

2009-01-23 22:06 --------- d-----w c:\documents and settings\Brage\Application Data\uTorrent

2009-01-23 14:42 --------- d-----w c:\documents and settings\Brage\Application Data\WTablet

2009-01-23 14:39 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet

2009-01-22 23:01 --------- d-----w c:\documents and settings\Brage\Application Data\FileZilla

2009-01-22 22:49 --------- d-----w c:\documents and settings\Brage\Application Data\dvdcss

2009-01-22 15:30 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-21 18:10 --------- d-----w c:\program files\Windows Live

2009-01-15 16:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-01-15 16:08 --------- d-----w c:\program files\AGEIA Technologies

2009-01-11 00:57 --------- d-----w c:\documents and settings\Brage\Application Data\InstallShield Installation Information

2009-01-08 22:56 --------- d-----w c:\program files\Common Files\Adobe

2009-01-05 23:21 --------- d-----w c:\program files\Nokia

2008-12-31 17:36 --------- d-----w c:\documents and settings\Brage\Application Data\Audacity

2008-12-22 20:03 --------- d-----w c:\documents and settings\Brage\Application Data\Nero

2008-12-22 19:54 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Nero

2008-12-21 17:55 --------- d-----w c:\program files\Microsoft Silverlight

2008-12-21 17:53 --------- d-----w c:\program files\Microsoft

2008-12-21 17:52 --------- d-----w c:\program files\Windows Live SkyDrive

2008-12-21 14:29 --------- d-----w c:\program files\Direct MIDI to MP3 Converter

2008-12-20 21:58 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-12-20 21:55 202,040 ----a-w c:\windows\system32\PnkBstrB.exe

2008-12-17 17:41 66,872 ----a-w c:\windows\system32\PnkBstrA.exe

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-10 19:17 --------- d-----w c:\program files\AltoMP3 Gold

2008-12-10 19:17 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP

2008-12-10 14:03 26,112 ----a-w c:\windows\WAVEMIX.DLL

2008-12-10 14:03 21,008 ----a-w c:\windows\CTL3D.DLL

2008-12-10 14:03 13,712 ----a-w c:\windows\INSPACE.SCR

2008-12-07 14:40 --------- d-----w c:\program files\ARWizard3

2008-12-06 14:53 --------- d-----w c:\program files\Tablet

2008-12-04 21:55 307,560 ----a-w c:\windows\WLXPGSS.SCR

2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll

2008-11-30 17:57 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-11-30 17:57 --------- d-----w c:\documents and settings\Brage\Application Data\DAEMON Tools

2008-11-29 15:41 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ALM

2008-11-29 12:33 --------- d-----w c:\program files\CCleaner

2008-11-28 18:29 --------- d-----w c:\program files\Adobe Media Player

2008-11-28 18:27 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-11-24 13:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles

2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-20 17:02 22,328 ----a-w c:\documents and settings\Brage\Application Data\PnkBstrK.sys

2008-09-29 14:10 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

2008-09-29 14:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

2008-09-29 14:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092920080930\index.dat

2008-09-29 14:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

 

((((((((((((((((((((((((((((( snapshot_2009-01-21_18.35.48.96 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-21 18:09:52 236,392 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll

+ 2009-01-21 18:09:26 62,288 ----a-r c:\windows\Installer\{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}\IconWlc.exe

+ 2009-01-22 14:46:10 80,395 ----a-r c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe

+ 2009-01-21 18:10:10 132,096 ----a-r c:\windows\Installer\{F73A5B18-EB75-4B2C-B32D-9457576E2417}\WLXPhotoGalleryIcon.exe

+ 2007-11-06 19:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

+ 2007-11-07 00:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

+ 2007-11-07 00:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-17 13672448]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-17 86016]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

-r------- 2007-08-29 09:55 1966080 c:\windows\system32\xRaidSetup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-04-01 10:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a------ 2003-12-22 08:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2003-12-05 15:41 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2004-05-04 19:51 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]

--a------ 2004-05-05 10:51 491520 c:\windows\system32\hphmon05.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

--a------ 2004-04-01 20:21 49152 c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

-r------- 2007-03-20 07:36 36864 c:\windows\RaidTool\xInsIDE.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]

--a------ 2007-08-02 15:30 3096576 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-10-17 13:39 1630208 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-09-19 11:14 16844800 c:\windows\RTHDCPL.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"e:\\Programmer\\Steam\\steamapps\\erebus313\\team fortress 2\\hl2.exe"=

"e:\\utorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"e:\\Programmer\\Steam\\Steam.exe"=

"e:\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"e:\\Programmer\\Steam\\steamapps\\erebus313\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"d:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

"e:\\Programmer\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"e:\\Games\\F.E.A.R. 2 SP Demo\\FEAR2SPDemo.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-09-29 97928]

R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-09-01 47624]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-06 15144]

R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-29 875288]

R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 231704]

R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-09-29 76040]

R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-06 3032360]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 01:57]

 

2009-01-23 c:\windows\Tasks\HP Usg Daily.job

- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 20:22]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.yahoo.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://www.yahoo.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\Brage\Application Data\Mozilla\Firefox\Profiles\gw2fwx64.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-23 23:50:31

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-1229272821-2139871995-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3ED1A19E-E9EB-04C7-D110-21E8B3E4DEDA}*]

"oanncjjplndhahiifccgbiibcfdbek"=hex:6b,61,6a,61,6f,6d,6d,68,68,65,6f,70,62,69,

6f,6e,70,6a,62,69,69,65,00,00

"nahoimpgfhkphahmampblpmjmbkg"=hex:6b,61,6a,61,6f,6d,6d,68,68,65,6f,70,62,69,

6f,6e,70,6a,62,69,69,65,00,00

 

[HKEY_USERS\S-1-5-21-1229272821-2139871995-1801674531-1003\Software\SecuROM\License information*]

"datasecu"=hex:0e,a6,2a,87,2f,aa,79,c0,22,31,c1,3c,c5,06,90,d1,bf,8b,e4,2f,b9,

82,e7,f0,87,4a,59,06,a7,89,90,33,75,bc,47,0c,57,a0,74,f2,f1,67,15,15,65,21,\

"rkeysecu"=hex:0b,27,b0,eb,66,5f,66,ea,46,6b,80,26,32,03,e0,ca

.

Tidspunkt ferdig: 2009-01-23 23:51:28

ComboFix-quarantined-files.txt 2009-01-23 22:51:26

ComboFix2.txt 2009-01-21 17:36:23

ComboFix3.txt 2009-01-18 14:00:07

 

Pre-Run: 5 128 560 640 bytes free

Post-Run: 5,130,510,336 bytes free

 

268 --- E O F --- 2009-01-19 14:42:57

 

 

[norbat]

Hvordan går det med problemet nå?

[Krillekongen]

Ser ut til at msn-driten er borte, samt annet smårusk jeg har irritert meg over

 

Nok en gang, tusen takk!

[norbat]

Avintaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør)

Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere.

 

Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows.

 

Surt trygt.