Krillekongen Skrevet 21. januar 2009 Del Skrevet 21. januar 2009 Hei! Har scannet pcen min med HJT.. Har fått MSN-virus, men har ikke peiling på hvordan. Men men. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:02:49, on 21.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\GIGABYTE\GEST\gest.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\syst32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\GIGABYTE\GEST\GSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [syst32] syst32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe -- End of file - 5646 bytes Lenke til kommentar
raWrz Skrevet 21. januar 2009 Del Skrevet 21. januar 2009 hei Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt. Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig.La programmet oppdatere seg og velg Utfør hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Notis: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål. Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen. Hvis du blir spurt om å restarte maskinen, gjør du det med en gang. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies __ Last ned Combofix (av sUBs), og legg det på Skrivebordet. Kjør combofix.exe, og følg veiledningen. Du vil under oppstart av combofix bli anbefalt å installere gjenopprettingskonsollen (om du ikke har den installert fra før). Det sier du ja til. Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser. Hva gjør ComboFix: - ComboFix er et multifix-program som er laget for å fjerne en hel del kjente infeksjoner, samt lager en logg/rapport som viser filer/prosesser/registeroppføringer som ligger på PC-en. Loggen kan avgjøre om det fortsatt ligger noe på PC-en som skal fjernes. Det kreves da at noen med erfaring kan lese loggen og fortelle hvordan man skal gå videre. PS: Combofix vil blant ramse opp alle filer som har blitt opprettet den siste måneden, og kan i enkelte tilfeller også fortelle fullt navn og annen informasjon som kan betraktes som sensitiv. Av den grunn bør du gå gjennom loggen og se om du finner informasjon du ikke vil dele med alle, og sensurere det. Post loggfilen fra Combofix (c:\combofix.txt) Lenke til kommentar
Krillekongen Skrevet 21. januar 2009 Forfatter Del Skrevet 21. januar 2009 Aight Logg: ComboFix 09-01-20.05 - Brage 2009-01-21 18:28:19.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1211 [GMT 1:00] Kjører fra: c:\documents and settings\Brage\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . I:\autorun.inf . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-21 til 2009-01-21 ))))))))))))))))))))))))))))))))) . 2009-01-21 18:02 . 2009-01-21 18:02 <DIR> d-------- c:\program files\Trend Micro 2009-01-21 15:56 . 2009-01-21 17:59 <DIR> d-------- c:\windows\SxsCaPendDel 2009-01-19 15:59 . 2009-01-19 15:59 <DIR> d-------- C:\SIMTOWER 2009-01-19 15:59 . 1995-04-19 00:00 188,960 --a------ c:\windows\system\WINGDE.DLL 2009-01-19 15:59 . 1995-04-19 00:00 92,208 --a------ c:\windows\system\WING.DLL 2009-01-19 15:59 . 1995-04-19 00:00 27,136 --a------ c:\windows\system\WAVMIX16.DLL 2009-01-19 15:59 . 1995-04-19 00:00 12,800 --a------ c:\windows\system\WING32.DLL 2009-01-19 15:59 . 1995-04-19 00:00 6,736 --a------ c:\windows\system\WINGDIB.DRV 2009-01-19 15:59 . 1995-04-19 00:00 5,024 --a------ c:\windows\system\WINGPAL.WND 2009-01-19 15:59 . 1995-04-19 00:00 1,966 --a------ c:\windows\system\DVA.386 2009-01-18 15:04 . 2009-01-18 15:08 42,496 --a------ C:\noob.MSNFix 2009-01-17 22:14 . 2009-01-18 15:38 42,496 -r-hs---- c:\windows\syst32.exe 2009-01-15 21:02 . 2009-01-21 18:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-15 21:02 . 2009-01-15 21:02 <DIR> d-------- c:\documents and settings\Brage\Application Data\Malwarebytes 2009-01-15 21:02 . 2009-01-15 21:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-01-15 21:02 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-15 21:02 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-15 19:31 . 2009-01-15 19:31 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts 2009-01-14 00:17 . 2009-01-14 00:17 8 --a------ c:\windows\system32\nvModes.dat 2009-01-12 18:20 . 2009-01-12 18:20 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Shockwave 2009-01-08 23:41 . 2009-01-21 15:52 <DIR> d-------- c:\program files\Red Kawa 2009-01-08 23:41 . 2009-01-08 23:41 <DIR> d-------- c:\program files\AviSynth 2.5 2009-01-08 23:41 . 2009-01-08 23:41 <DIR> d-------- C:\OpenCandy 2009-01-08 00:12 . 2009-01-08 22:57 69 --a------ c:\windows\NeroDigital.ini 2009-01-07 23:59 . 2009-01-07 23:59 <DIR> d-------- c:\program files\Free WMV to AVI MPEG Converter 2009-01-07 23:59 . 2005-04-05 14:15 2,469,888 --a------ c:\windows\system32\NCTAudioCompress3.dll 2009-01-07 23:59 . 2005-03-22 12:23 2,183,168 --a------ c:\windows\system32\NCTVideoCompress.dll 2009-01-07 23:59 . 2005-04-07 15:47 1,810,432 --a------ c:\windows\system32\NCTAudioCompress2.dll 2009-01-07 23:59 . 2005-03-23 18:21 987,136 --a------ c:\windows\system32\NCTVideoCoreM.dll 2009-01-07 23:59 . 2008-08-16 17:01 487,424 --a------ c:\windows\system32\msvcp70.dll 2009-01-07 23:59 . 2005-03-28 15:48 348,160 --a------ c:\windows\system32\NCTWMAFile2.dll 2009-01-07 23:59 . 2008-08-16 17:01 344,064 --a------ c:\windows\system32\msvcr70.dll 2009-01-07 23:59 . 2005-03-19 19:52 290,816 --a------ c:\windows\system32\NCTAVIFile.dll 2009-01-07 23:59 . 2005-03-19 19:53 196,608 --a------ c:\windows\system32\NCTWMVFile.dll 2009-01-07 23:59 . 2005-03-16 16:57 139,264 --a------ c:\windows\system32\NCTVideoFile.dll 2009-01-07 23:59 . 2005-04-06 13:56 90,112 --a------ c:\windows\system32\NCTAudioFormatSettings3.dll 2009-01-07 23:22 . 2009-01-07 23:22 <DIR> d-------- c:\documents and settings\Brage\Application Data\Xilisoft Corporation 2009-01-07 22:00 . 2009-01-21 16:31 <DIR> d-------- c:\documents and settings\Brage\Application Data\Eltima Software 2009-01-07 00:56 . 2009-01-07 00:56 136,374 --a------ C:\scr.bmp 2009-01-07 00:54 . 2009-01-21 16:31 <DIR> d-------- c:\program files\Eltima Software 2009-01-06 00:24 . 2008-04-14 04:15 26,112 --a------ c:\windows\system32\drivers\usbser.sys 2009-01-06 00:24 . 2008-04-14 04:15 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys 2009-01-06 00:24 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll 2009-01-06 00:24 . 2009-01-06 00:24 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-01-06 00:24 . 2009-01-06 00:24 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-01-06 00:21 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll 2009-01-06 00:21 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll 2009-01-06 00:21 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys 2009-01-06 00:21 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys 2009-01-06 00:21 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-01-06 00:21 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys 2009-01-06 00:18 . 2009-01-06 00:18 <DIR> d-------- c:\program files\Common Files\Nokia 2009-01-06 00:15 . 2009-01-06 00:15 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Installations 2009-01-04 23:35 . 2009-01-04 23:35 754 --a------ c:\windows\WORDPAD.INI 2009-01-04 19:37 . 2009-01-04 19:37 <DIR> d-------- c:\documents and settings\Brage\Teen_Models 2008-12-28 18:02 . 2008-12-28 18:02 <DIR> d-------- c:\program files\MSBuild 2008-12-28 18:00 . 2008-12-28 18:00 <DIR> d-------- c:\windows\system32\XPSViewer 2008-12-28 17:59 . 2008-12-28 17:59 <DIR> d-------- c:\program files\Reference Assemblies 2008-12-28 17:59 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-12-28 17:58 . 2008-12-28 17:58 <DIR> d-------- c:\windows\system32\xlive 2008-12-24 15:10 . 2008-12-24 15:10 0 --a------ c:\windows\system32\msexcr.ini 2008-12-23 14:13 . 2008-12-23 14:39 23 --a------ c:\windows\popcinfot.dat 2008-12-21 18:55 . 2008-12-21 18:55 <DIR> d-------- c:\program files\Microsoft Silverlight 2008-12-21 18:53 . 2008-12-21 18:53 <DIR> d-------- c:\program files\Microsoft 2008-12-21 18:52 . 2008-12-21 18:52 <DIR> d-------- c:\program files\Windows Live SkyDrive 2008-12-21 15:29 . 2008-12-21 15:29 <DIR> d-------- c:\program files\Direct MIDI to MP3 Converter 2008-12-21 03:01 . 2008-12-31 18:36 <DIR> d-------- c:\documents and settings\Brage\Application Data\Audacity . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-21 17:34 16,608 ----a-w c:\windows\gdrv.sys 2009-01-21 17:33 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet 2009-01-21 17:33 --------- d-----w c:\documents and settings\Brage\Application Data\WTablet 2009-01-21 14:56 --------- d-----w c:\program files\Windows Live 2009-01-19 23:22 --------- d-----w c:\documents and settings\Brage\Application Data\uTorrent 2009-01-19 17:02 --------- d-----w c:\documents and settings\Brage\Application Data\FileZilla 2009-01-15 16:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-15 16:08 --------- d-----w c:\program files\AGEIA Technologies 2009-01-11 00:57 --------- d-----w c:\documents and settings\Brage\Application Data\InstallShield Installation Information 2009-01-08 22:56 --------- d-----w c:\program files\Common Files\Adobe 2009-01-05 23:21 --------- d-----w c:\program files\Nokia 2008-12-22 20:03 --------- d-----w c:\documents and settings\Brage\Application Data\Nero 2008-12-22 19:54 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Nero 2008-12-20 21:58 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-18 20:57 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 19:17 --------- d-----w c:\program files\AltoMP3 Gold 2008-12-10 19:17 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2008-12-10 14:03 26,112 ----a-w c:\windows\WAVEMIX.DLL 2008-12-10 14:03 21,008 ----a-w c:\windows\CTL3D.DLL 2008-12-10 14:03 13,712 ----a-w c:\windows\INSPACE.SCR 2008-12-07 18:14 --------- d-----w c:\documents and settings\Brage\Application Data\dvdcss 2008-12-07 14:40 --------- d-----w c:\program files\ARWizard3 2008-12-06 14:53 --------- d-----w c:\program files\Tablet 2008-11-30 17:57 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-30 17:57 --------- d-----w c:\documents and settings\Brage\Application Data\DAEMON Tools 2008-11-29 15:41 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ALM 2008-11-29 12:33 --------- d-----w c:\program files\CCleaner 2008-11-28 18:29 --------- d-----w c:\program files\Adobe Media Player 2008-11-28 18:27 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-11-24 13:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles 2008-11-22 18:27 --------- d-----w c:\program files\Steam 2008-11-22 15:32 --------- d-----w c:\documents and settings\Brage\Application Data\Thinstall 2008-10-20 17:02 22,328 ----a-w c:\documents and settings\Brage\Application Data\PnkBstrK.sys 2008-09-29 14:10 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-09-29 14:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-09-29 14:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092920080930\index.dat 2008-09-29 14:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-18_14.59.32.31 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll + 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll + 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe + 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll + 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll + 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll + 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll + 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll + 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll + 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe + 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll + 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll + 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll + 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll + 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll + 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll + 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll + 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll + 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe + 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe + 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll + 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll + 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll + 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll + 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll + 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll + 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll + 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll + 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll + 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll + 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll + 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll + 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll - 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll - 2008-07-18 17:40:48 94,920 ----a-w c:\windows\system32\cdm.dll + 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\cdm.dll - 2008-08-26 07:24:28 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll + 2008-10-16 20:38:34 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll - 2008-07-18 17:40:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll + 2008-10-16 13:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll - 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll + 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll - 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll - 2008-08-26 07:24:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll + 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll - 2008-04-14 08:00:00 285,184 -c--a-w c:\windows\system32\dllcache\gdi32.dll + 2008-10-23 12:36:14 286,720 -c--a-w c:\windows\system32\dllcache\gdi32.dll - 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe + 2008-10-16 13:11:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe - 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll + 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll - 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll + 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll - 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll + 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll - 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll + 2008-10-16 20:38:35 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll - 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll - 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll + 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll - 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe + 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe - 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll + 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll - 2008-07-12 19:24:53 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe + 2008-06-18 00:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe - 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll + 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll - 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll + 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll - 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll + 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll - 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll + 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll - 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll + 2008-10-16 20:38:39 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll - 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll - 2008-09-08 10:41:42 333,824 -c--a-w c:\windows\system32\dllcache\srv.sys + 2008-12-11 10:57:09 333,952 -c--a-w c:\windows\system32\dllcache\srv.sys - 2008-04-14 08:00:00 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll + 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll - 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll + 2008-10-16 20:38:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll - 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll + 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll - 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll + 2008-10-16 20:38:39 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll - 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll + 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll - 2008-07-12 19:25:02 937,984 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll + 2008-06-18 04:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll - 2008-07-12 19:25:42 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll + 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll - 2008-07-18 17:39:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll + 2008-10-16 13:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll - 2008-07-18 17:40:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe + 2008-10-16 13:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe - 2008-07-18 17:39:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll + 2008-10-16 13:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll - 2008-07-18 17:39:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll + 2008-10-16 13:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll - 2008-07-18 17:40:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll + 2008-10-16 13:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll - 2008-07-18 17:39:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll - 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll + 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll - 2008-04-14 08:00:00 285,184 ----a-w c:\windows\system32\gdi32.dll + 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll - 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe + 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe - 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll + 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll - 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll + 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll - 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll + 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll - 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll + 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll - 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll - 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll + 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll - 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll + 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll - 2008-07-12 19:24:53 100,864 ----a-w c:\windows\system32\logagent.exe + 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe - 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll + 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll - 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll + 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll + 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll - 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll + 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll - 2008-07-18 17:37:34 270,880 ----a-w c:\windows\system32\mucltui.dll + 2008-10-16 13:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll - 2008-07-18 17:37:32 210,976 ----a-w c:\windows\system32\muweb.dll + 2008-10-16 13:06:48 208,744 ----a-w c:\windows\system32\muweb.dll - 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll + 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll - 2008-12-28 17:02:53 66,690 ----a-w c:\windows\system32\perfc009.dat + 2009-01-18 14:00:53 66,690 ----a-w c:\windows\system32\perfc009.dat - 2008-12-28 17:02:53 427,906 ----a-w c:\windows\system32\perfh009.dat + 2009-01-18 14:00:53 427,906 ----a-w c:\windows\system32\perfh009.dat - 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll + 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll - 2008-04-14 08:00:00 246,814 ----a-w c:\windows\system32\strmdll.dll + 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll - 2008-07-11 12:51:51 62,976 ----a-w c:\windows\system32\tzchange.exe + 2008-10-23 10:17:49 62,976 ----a-w c:\windows\system32\tzchange.exe - 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll + 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll - 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll + 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll - 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll + 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll - 2008-07-12 19:25:02 937,984 ----a-w c:\windows\system32\wmnetmgr.dll + 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll - 2008-07-12 19:25:42 2,450,944 ----a-w c:\windows\system32\wmvcore.dll + 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll - 2008-07-18 17:39:44 563,912 ----a-w c:\windows\system32\wuapi.dll + 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll - 2008-07-18 17:40:42 53,448 ----a-w c:\windows\system32\wuauclt.exe + 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe - 2008-07-18 17:39:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll + 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll - 2008-07-18 17:39:46 325,832 ----a-w c:\windows\system32\wucltui.dll + 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll - 2008-07-18 17:40:20 36,552 ----a-w c:\windows\system32\wups.dll + 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\wups.dll - 2008-07-18 17:40:40 45,768 ----a-w c:\windows\system32\wups2.dll + 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\wups2.dll - 2008-07-18 17:39:44 205,000 ----a-w c:\windows\system32\wuweb.dll + 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll . -- Snapshot resatt til dagens dato -- . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-17 13672448] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-17 86016] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "syst32"="syst32.exe" [2009-01-18 c:\windows\syst32.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] -r------- 2007-08-29 09:55 1966080 c:\windows\system32\xRaidSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 10:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a------ 2003-12-22 08:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2003-12-05 15:41 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2004-05-04 19:51 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] --a------ 2004-05-05 10:51 491520 c:\windows\system32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05] --a------ 2004-04-01 20:21 49152 c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] -r------- 2007-03-20 07:36 36864 c:\windows\RaidTool\xInsIDE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher] --a------ 2007-08-02 15:30 3096576 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-10-17 13:39 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-09-19 11:14 16844800 c:\windows\RTHDCPL.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GIGABYTE\\GEST\\run.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "e:\\Programmer\\Steam\\steamapps\\erebus313\\team fortress 2\\hl2.exe"= "e:\\utorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "e:\\Programmer\\Steam\\Steam.exe"= "e:\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "e:\\Programmer\\Steam\\steamapps\\erebus313\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "d:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "e:\\Programmer\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-09-29 97928] R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-09-01 47624] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-06 15144] R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-29 875288] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 231704] R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-09-29 76040] R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-06 3032360] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 01:57] 2009-01-21 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 20:22] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.yahoo.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Brage\Application Data\Mozilla\Firefox\Profiles\gw2fwx64.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-21 18:34:00 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1229272821-2139871995-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3ED1A19E-E9EB-04C7-D110-21E8B3E4DEDA}*] "oanncjjplndhahiifccgbiibcfdbek"=hex:6b,61,6a,61,6f,6d,6d,68,68,65,6f,70,62,69, 6f,6e,70,6a,62,69,69,65,00,00 "nahoimpgfhkphahmampblpmjmbkg"=hex:6b,61,6a,61,6f,6d,6d,68,68,65,6f,70,62,69, 6f,6e,70,6a,62,69,69,65,00,00 [HKEY_USERS\S-1-5-21-1229272821-2139871995-1801674531-1003\Software\SecuROM\License information*] "datasecu"=hex:0e,a6,2a,87,2f,aa,79,c0,22,31,c1,3c,c5,06,90,d1,bf,8b,e4,2f,b9, 82,e7,f0,87,4a,59,06,a7,89,90,33,75,bc,47,0c,57,a0,74,f2,f1,67,15,15,65,21,\ "rkeysecu"=hex:0b,27,b0,eb,66,5f,66,ea,46,6b,80,26,32,03,e0,ca . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\AVG\AVG8\avgrsx.exe c:\windows\system32\WTablet\Pen_TabletUser.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Tidspunkt ferdig: 2009-01-21 18:36:22 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-01-21 17:36:19 ComboFix2.txt 2009-01-18 14:00:07 Pre-Run: 4 173 266 944 bytes free Post-Run: 4,350,025,728 bytes free 476 --- E O F --- 2009-01-19 14:42:57 Lenke til kommentar
norbat Skrevet 22. januar 2009 Del Skrevet 22. januar 2009 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: c:\windows\syst32.exe C:\noob.MSNFix Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "syst32"=- Lenke til kommentar
Krillekongen Skrevet 23. januar 2009 Forfatter Del Skrevet 23. januar 2009 Here it is: ComboFix 09-01-21.04 - Brage 2009-01-23 23:49:19.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1149 [GMT 1:00] Kjører fra: c:\documents and settings\Brage\Desktop\ComboFix.exe Command switches brukt :: c:\documents and settings\Brage\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt FILE :: C:\noob.MSNFix c:\windows\syst32.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\noob.MSNFix c:\windows\syst32.exe I:\autorun.inf . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-23 til 2009-01-23 ))))))))))))))))))))))))))))))))) . 2009-01-22 16:34 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll 2009-01-22 16:34 . 2008-07-10 11:00 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll 2009-01-22 16:34 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll 2009-01-22 16:34 . 2008-07-30 06:20 509,448 --a------ c:\windows\system32\XAudio2_2.dll 2009-01-22 16:34 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll 2009-01-22 16:34 . 2008-07-30 06:20 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll 2009-01-22 16:34 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll 2009-01-21 19:09 . 2009-01-21 19:09 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-01-21 18:02 . 2009-01-21 18:02 <DIR> d-------- c:\program files\Trend Micro 2009-01-21 15:56 . 2009-01-21 17:59 <DIR> d-------- c:\windows\SxsCaPendDel 2009-01-19 15:59 . 1995-04-19 00:00 188,960 --a------ c:\windows\system\WINGDE.DLL 2009-01-19 15:59 . 1995-04-19 00:00 92,208 --a------ c:\windows\system\WING.DLL 2009-01-19 15:59 . 1995-04-19 00:00 27,136 --a------ c:\windows\system\WAVMIX16.DLL 2009-01-19 15:59 . 1995-04-19 00:00 12,800 --a------ c:\windows\system\WING32.DLL 2009-01-19 15:59 . 1995-04-19 00:00 6,736 --a------ c:\windows\system\WINGDIB.DRV 2009-01-19 15:59 . 1995-04-19 00:00 5,024 --a------ c:\windows\system\WINGPAL.WND 2009-01-19 15:59 . 1995-04-19 00:00 1,966 --a------ c:\windows\system\DVA.386 2009-01-15 21:02 . 2009-01-21 18:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-15 21:02 . 2009-01-15 21:02 <DIR> d-------- c:\documents and settings\Brage\Application Data\Malwarebytes 2009-01-15 21:02 . 2009-01-15 21:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-01-15 21:02 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-15 21:02 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-15 19:31 . 2009-01-15 19:31 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts 2009-01-14 00:17 . 2009-01-14 00:17 8 --a------ c:\windows\system32\nvModes.dat 2009-01-12 18:20 . 2009-01-12 18:20 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Shockwave 2009-01-08 23:41 . 2009-01-21 15:52 <DIR> d-------- c:\program files\Red Kawa 2009-01-08 23:41 . 2009-01-08 23:41 <DIR> d-------- c:\program files\AviSynth 2.5 2009-01-08 23:41 . 2009-01-08 23:41 <DIR> d-------- C:\OpenCandy 2009-01-08 00:12 . 2009-01-08 22:57 69 --a------ c:\windows\NeroDigital.ini 2009-01-07 23:59 . 2009-01-07 23:59 <DIR> d-------- c:\program files\Free WMV to AVI MPEG Converter 2009-01-07 23:59 . 2005-04-05 14:15 2,469,888 --a------ c:\windows\system32\NCTAudioCompress3.dll 2009-01-07 23:59 . 2005-03-22 12:23 2,183,168 --a------ c:\windows\system32\NCTVideoCompress.dll 2009-01-07 23:59 . 2005-04-07 15:47 1,810,432 --a------ c:\windows\system32\NCTAudioCompress2.dll 2009-01-07 23:59 . 2005-03-23 18:21 987,136 --a------ c:\windows\system32\NCTVideoCoreM.dll 2009-01-07 23:59 . 2008-08-16 17:01 487,424 --a------ c:\windows\system32\msvcp70.dll 2009-01-07 23:59 . 2005-03-28 15:48 348,160 --a------ c:\windows\system32\NCTWMAFile2.dll 2009-01-07 23:59 . 2008-08-16 17:01 344,064 --a------ c:\windows\system32\msvcr70.dll 2009-01-07 23:59 . 2005-03-19 19:52 290,816 --a------ c:\windows\system32\NCTAVIFile.dll 2009-01-07 23:59 . 2005-03-19 19:53 196,608 --a------ c:\windows\system32\NCTWMVFile.dll 2009-01-07 23:59 . 2005-03-16 16:57 139,264 --a------ c:\windows\system32\NCTVideoFile.dll 2009-01-07 23:59 . 2005-04-06 13:56 90,112 --a------ c:\windows\system32\NCTAudioFormatSettings3.dll 2009-01-07 23:22 . 2009-01-07 23:22 <DIR> d-------- c:\documents and settings\Brage\Application Data\Xilisoft Corporation 2009-01-07 22:00 . 2009-01-21 16:31 <DIR> d-------- c:\documents and settings\Brage\Application Data\Eltima Software 2009-01-07 00:56 . 2009-01-07 00:56 136,374 --a------ C:\scr.bmp 2009-01-07 00:54 . 2009-01-21 16:31 <DIR> d-------- c:\program files\Eltima Software 2009-01-06 00:24 . 2008-04-14 04:15 26,112 --a------ c:\windows\system32\drivers\usbser.sys 2009-01-06 00:24 . 2008-04-14 04:15 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys 2009-01-06 00:24 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll 2009-01-06 00:24 . 2009-01-06 00:24 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-01-06 00:24 . 2009-01-06 00:24 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-01-06 00:21 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll 2009-01-06 00:21 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll 2009-01-06 00:21 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys 2009-01-06 00:21 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys 2009-01-06 00:21 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-01-06 00:21 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys 2009-01-06 00:18 . 2009-01-06 00:18 <DIR> d-------- c:\program files\Common Files\Nokia 2009-01-06 00:15 . 2009-01-06 00:15 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Installations 2009-01-04 23:35 . 2009-01-04 23:35 754 --a------ c:\windows\WORDPAD.INI 2009-01-04 19:37 . 2009-01-04 19:37 <DIR> d-------- c:\documents and settings\Brage\Teen_Models 2008-12-28 18:02 . 2008-12-28 18:02 <DIR> d-------- c:\program files\MSBuild 2008-12-28 18:00 . 2008-12-28 18:00 <DIR> d-------- c:\windows\system32\XPSViewer 2008-12-28 17:59 . 2008-12-28 17:59 <DIR> d-------- c:\program files\Reference Assemblies 2008-12-28 17:59 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-12-28 17:58 . 2008-12-28 17:58 <DIR> d-------- c:\windows\system32\xlive 2008-12-24 15:10 . 2008-12-24 15:10 0 --a------ c:\windows\system32\msexcr.ini 2008-12-23 14:13 . 2008-12-23 14:39 23 --a------ c:\windows\popcinfot.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-23 22:50 16,608 ----a-w c:\windows\gdrv.sys 2009-01-23 22:06 --------- d-----w c:\documents and settings\Brage\Application Data\uTorrent 2009-01-23 14:42 --------- d-----w c:\documents and settings\Brage\Application Data\WTablet 2009-01-23 14:39 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY\Application Data\WTablet 2009-01-22 23:01 --------- d-----w c:\documents and settings\Brage\Application Data\FileZilla 2009-01-22 22:49 --------- d-----w c:\documents and settings\Brage\Application Data\dvdcss 2009-01-22 15:30 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-21 18:10 --------- d-----w c:\program files\Windows Live 2009-01-15 16:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-15 16:08 --------- d-----w c:\program files\AGEIA Technologies 2009-01-11 00:57 --------- d-----w c:\documents and settings\Brage\Application Data\InstallShield Installation Information 2009-01-08 22:56 --------- d-----w c:\program files\Common Files\Adobe 2009-01-05 23:21 --------- d-----w c:\program files\Nokia 2008-12-31 17:36 --------- d-----w c:\documents and settings\Brage\Application Data\Audacity 2008-12-22 20:03 --------- d-----w c:\documents and settings\Brage\Application Data\Nero 2008-12-22 19:54 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Nero 2008-12-21 17:55 --------- d-----w c:\program files\Microsoft Silverlight 2008-12-21 17:53 --------- d-----w c:\program files\Microsoft 2008-12-21 17:52 --------- d-----w c:\program files\Windows Live SkyDrive 2008-12-21 14:29 --------- d-----w c:\program files\Direct MIDI to MP3 Converter 2008-12-20 21:58 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-20 21:55 202,040 ----a-w c:\windows\system32\PnkBstrB.exe 2008-12-17 17:41 66,872 ----a-w c:\windows\system32\PnkBstrA.exe 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 19:17 --------- d-----w c:\program files\AltoMP3 Gold 2008-12-10 19:17 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2008-12-10 14:03 26,112 ----a-w c:\windows\WAVEMIX.DLL 2008-12-10 14:03 21,008 ----a-w c:\windows\CTL3D.DLL 2008-12-10 14:03 13,712 ----a-w c:\windows\INSPACE.SCR 2008-12-07 14:40 --------- d-----w c:\program files\ARWizard3 2008-12-06 14:53 --------- d-----w c:\program files\Tablet 2008-12-04 21:55 307,560 ----a-w c:\windows\WLXPGSS.SCR 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-11-30 17:57 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-30 17:57 --------- d-----w c:\documents and settings\Brage\Application Data\DAEMON Tools 2008-11-29 15:41 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\ALM 2008-11-29 12:33 --------- d-----w c:\program files\CCleaner 2008-11-28 18:29 --------- d-----w c:\program files\Adobe Media Player 2008-11-28 18:27 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-11-24 13:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-20 17:02 22,328 ----a-w c:\documents and settings\Brage\Application Data\PnkBstrK.sys 2008-09-29 14:10 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-09-29 14:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-09-29 14:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092920080930\index.dat 2008-09-29 14:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((( snapshot_2009-01-21_18.35.48.96 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-21 18:09:52 236,392 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll + 2009-01-21 18:09:26 62,288 ----a-r c:\windows\Installer\{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}\IconWlc.exe + 2009-01-22 14:46:10 80,395 ----a-r c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe + 2009-01-21 18:10:10 132,096 ----a-r c:\windows\Installer\{F73A5B18-EB75-4B2C-B32D-9457576E2417}\WLXPhotoGalleryIcon.exe + 2007-11-06 19:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll + 2007-11-07 00:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll + 2007-11-07 00:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-17 13672448] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-17 86016] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] -r------- 2007-08-29 09:55 1966080 c:\windows\system32\xRaidSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 10:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a------ 2003-12-22 08:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2003-12-05 15:41 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2004-05-04 19:51 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] --a------ 2004-05-05 10:51 491520 c:\windows\system32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05] --a------ 2004-04-01 20:21 49152 c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] -r------- 2007-03-20 07:36 36864 c:\windows\RaidTool\xInsIDE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher] --a------ 2007-08-02 15:30 3096576 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-10-17 13:39 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-09-19 11:14 16844800 c:\windows\RTHDCPL.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GIGABYTE\\GEST\\run.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "e:\\Programmer\\Steam\\steamapps\\erebus313\\team fortress 2\\hl2.exe"= "e:\\utorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "e:\\Programmer\\Steam\\Steam.exe"= "e:\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "e:\\Programmer\\Steam\\steamapps\\erebus313\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "d:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "e:\\Programmer\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "e:\\Games\\F.E.A.R. 2 SP Demo\\FEAR2SPDemo.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-09-29 97928] R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-09-01 47624] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-06 15144] R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-29 875288] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 231704] R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-09-29 76040] R4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-06 3032360] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 01:57] 2009-01-23 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 20:22] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.yahoo.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Brage\Application Data\Mozilla\Firefox\Profiles\gw2fwx64.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-23 23:50:31 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1229272821-2139871995-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3ED1A19E-E9EB-04C7-D110-21E8B3E4DEDA}*] "oanncjjplndhahiifccgbiibcfdbek"=hex:6b,61,6a,61,6f,6d,6d,68,68,65,6f,70,62,69, 6f,6e,70,6a,62,69,69,65,00,00 "nahoimpgfhkphahmampblpmjmbkg"=hex:6b,61,6a,61,6f,6d,6d,68,68,65,6f,70,62,69, 6f,6e,70,6a,62,69,69,65,00,00 [HKEY_USERS\S-1-5-21-1229272821-2139871995-1801674531-1003\Software\SecuROM\License information*] "datasecu"=hex:0e,a6,2a,87,2f,aa,79,c0,22,31,c1,3c,c5,06,90,d1,bf,8b,e4,2f,b9, 82,e7,f0,87,4a,59,06,a7,89,90,33,75,bc,47,0c,57,a0,74,f2,f1,67,15,15,65,21,\ "rkeysecu"=hex:0b,27,b0,eb,66,5f,66,ea,46,6b,80,26,32,03,e0,ca . Tidspunkt ferdig: 2009-01-23 23:51:28 ComboFix-quarantined-files.txt 2009-01-23 22:51:26 ComboFix2.txt 2009-01-21 17:36:23 ComboFix3.txt 2009-01-18 14:00:07 Pre-Run: 5 128 560 640 bytes free Post-Run: 5,130,510,336 bytes free 268 --- E O F --- 2009-01-19 14:42:57 Lenke til kommentar
norbat Skrevet 24. januar 2009 Del Skrevet 24. januar 2009 Hvordan går det med problemet nå? Lenke til kommentar
Krillekongen Skrevet 24. januar 2009 Forfatter Del Skrevet 24. januar 2009 Ser ut til at msn-driten er borte, samt annet smårusk jeg har irritert meg over Nok en gang, tusen takk! Lenke til kommentar
norbat Skrevet 24. januar 2009 Del Skrevet 24. januar 2009 Avintaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows. Surt trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå