yamahaen Skrevet 28. mars 2009 Del Skrevet 28. mars 2009 her er dem mbam Klikk for å se/fjerne spoilerteksten nedenfor Malwarebytes' Anti-Malware 1.35Databaseversjon: 1905 Windows 5.1.2600 Service Pack 3 27.03.2009 18:55:52 mbam-log-2009-03-27 (18-55-52).txt Skanntype: Full Skann (C:\|D:\|E:\|F:\|H:\|I:\|) Objekter skannet: 203130 Tid tilbakelagt: 1 hour(s), 36 minute(s), 34 second(s) Minneprosesser infisert: 1 Minnemoduler infisert: 7 Registernøkler infisert: 12 Registerverdier infisert: 7 Registerfiler infisert: 8 Mapper infisert: 0 Filer infisert: 35 Minneprosesser infisert: C:\WINDOWS\fxsteller.exe (Backdoor.Bot) -> Unloaded process successfully. Minnemoduler infisert: C:\WINDOWS\system32\finozute.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jezegisu.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\tizowehu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nasijuye.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\harizepu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\rtubcx.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\__c0045B86.dat (Trojan.Vundo) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cbffaaad-43bb-451e-9d99-cb7d98b4fb07} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cbffaaad-43bb-451e-9d99-cb7d98b4fb07} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31baf02b-1e32-4aaf-9015-c3417acea9d6} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{31baf02b-1e32-4aaf-9015-c3417acea9d6} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31baf02b-1e32-4aaf-9015-c3417acea9d6} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cbffaaad-43bb-451e-9d99-cb7d98b4fb07} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0045b86 (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3431d0a8 (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gunajumemu (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm3702e334 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f458f01c.exe (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jezegisu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jezegisu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jezegisu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\tizowehu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\tizowehu.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\rtubcx.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\finozute.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\etuzonif.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nodekoto.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\otokedon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wavenimu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uminevaw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\harizepu.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\tizowehu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nasijuye.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jezegisu.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\__c0045B86.dat (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\fxsteller.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\_A00F458F01C.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\bmf.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\bmfx.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\brustad\Local Settings\Temp\IXP000.TMP\hiddenX.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\brustad\Local Settings\Temp\IXP001.TMP\hiddenX.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\brustad\Local Settings\Temporary Internet Files\Content.IE5\VSJOE78R\ps[1].jpg (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\P2P_Max\P2P_MaxToolbarHelper.exe (Adware.Speedapps) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{008C57D9-94A2-42E8-B73E-44544ADCD145}\RP55\A0021068.EXE (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\303369.exe (Trojan.Crypt) -> Quarantined and deleted successfully. C:\WINDOWS\system32\medowuje.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drhwbn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gamonedo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gipekoji.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gldx.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kokaziho.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lebavura.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\setelojo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jogejase.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ovfsthavdbrblpabxddquwaqfhjwwjuctcfsjl.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\ovfsthexvitwioloojuwcmuybwivfkoscfmpne.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\ovfsthvgyvayppbakkkoqewugxkiuruabpjncx.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\ovfsthxmqwumsmwxwghwpxrjoniltwkbipxmta.sys (Trojan.Agent) -> Quarantined and deleted successfully. Hjt Klikk for å se/fjerne spoilerteksten nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:51:49, on 27.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxctcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lexmark 5400 Series\lxctmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LClock\lclock.exe C:\Program Files\RocketDock\RocketDock.exe C:\program files\steam\steam.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\STK02N\STK02NM.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\brustad\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488 R3 - URLSearchHook: P2P Max Toolbar - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Program Files\P2P_Max\tbP2P_.dll O1 - Hosts: 82.98.235.133 browser-security.microsoft.com O1 - Hosts: 82.98.235.133 url.adtrgt.com O1 - Hosts: 82.98.235.133 best-click-scanner.info O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com O1 - Hosts: 82.98.235.133 onlinenotifyq.net O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com O2 - BHO: Lexmark Verktøylinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: P2P Max Toolbar - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Program Files\P2P_Max\tbP2P_.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Verktøylinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: P2P Max Toolbar - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Program Files\P2P_Max\tbP2P_.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: STK02N 2.3 PNP Monitor.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: rtubcx.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 8912 bytes combofix Klikk for å se/fjerne spoilerteksten nedenfor ComboFix 09-03-26.03 - brustad 2009-03-27 19:41:50.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.398 [GMT 0:00] Kjører fra: c:\documents and settings\brustad\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\ayapiheb.ini c:\windows\system32\behipaya.dll c:\windows\system32\ejariwur.ini c:\windows\system32\kihepela.dll c:\windows\system32\navafono.dll c:\windows\system32\nivzbh.dll c:\windows\system32\tewehipo.dll c:\windows\system32\toteduba.dll ----- BITS: Mulige infiserte sider ----- hxxp://82.98.235.205 . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-27 til 2009-03-27 ))))))))))))))))))))))))))))))))) . 2009-03-27 17:59 . 2009-03-27 17:59 <DIR> d-------- c:\program files\NCH Software 2009-03-27 17:59 . 2009-03-27 17:59 <DIR> d-------- c:\documents and settings\brustad\Application Data\Recordpad 2009-03-27 17:59 . 2009-03-27 18:00 <DIR> d-------- c:\documents and settings\brustad\Application Data\NCH Swift Sound 2009-03-27 17:59 . 2009-03-27 19:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2009-03-27 17:58 . 2009-03-27 18:00 <DIR> d-------- c:\program files\NCH Swift Sound 2009-03-27 16:42 . 2009-03-27 16:42 <DIR> d-------- c:\documents and settings\brustad\Application Data\Malwarebytes 2009-03-27 16:41 . 2009-03-27 16:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-27 16:41 . 2009-03-27 16:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-27 16:41 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-27 16:41 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-27 15:55 . 2009-03-27 15:55 5,505 --a------ C:\bust.exe 2009-03-26 02:28 . 2009-03-26 02:28 45,568 --a------ C:\scaneripx.exe 2009-03-25 18:26 . 2009-03-25 18:26 <DIR> d-------- c:\program files\MSN Messenger 2009-03-24 23:07 . 2009-03-24 23:07 0 --a------ c:\windows\system32\drivers\ovfsth.sys 2009-03-24 22:15 . 2009-03-27 18:22 43 --a------ c:\windows\system32\ovfsthsbgdpcnkdgsqhvsvgartrdlieyjgfqat.dat 2009-03-24 22:14 . 2009-03-27 18:22 20,629 --a------ c:\windows\system32\ovfsthqrnokyuaeqtuwylslkxonfhsdqefrtjk.dat 2009-03-24 21:52 . 2009-03-24 21:52 2,713 ---hs---- c:\windows\system32\jogekini.dll 2009-03-24 17:57 . 2009-03-24 17:57 <DIR> d-------- C:\Videos 2009-03-24 17:55 . 2009-03-24 17:58 <DIR> d-------- c:\program files\Cool YouTube Downloader 2009-03-15 19:55 . 2009-03-15 19:57 <DIR> d-------- C:\DestinatorApps 2009-03-06 19:48 . 2009-03-06 19:51 43,520 --a------ c:\windows\system32\CmdLineExt03.dll 2009-03-06 19:29 . 2009-03-06 19:29 <DIR> d-------- c:\program files\Sierra 2009-03-04 22:25 . 2009-03-27 19:01 45 --a------ C:\TEST.XML 2009-03-04 21:23 . 2009-03-07 18:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Test Drive Unlimited 2009-03-04 20:51 . 2009-03-04 20:51 <DIR> d-------- c:\program files\Vuze 2009-03-04 20:51 . 2009-03-27 17:58 <DIR> d-------- c:\documents and settings\brustad\Application Data\Azureus 2009-03-04 20:51 . 2009-03-04 20:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus 2009-03-03 19:38 . 2009-03-27 19:01 <DIR> d-------- c:\program files\DNA 2009-03-03 19:38 . 2009-03-03 19:38 <DIR> d-------- c:\program files\BitTorrent 2009-03-03 19:38 . 2009-03-03 19:38 <DIR> d-------- c:\program files\AskBarDis 2009-03-03 19:38 . 2009-03-27 19:41 <DIR> d-------- c:\documents and settings\brustad\Application Data\DNA 2009-03-03 19:38 . 2009-03-04 21:16 <DIR> d-------- c:\documents and settings\brustad\Application Data\BitTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-27 19:01 --------- d-----w c:\program files\Steam 2009-03-27 19:01 --------- d-----w c:\program files\lx_cats 2009-03-27 18:57 61,440 --sha-w c:\windows\system32\lofiketo.exe 2009-03-27 18:35 61,440 --sha-w c:\windows\system32\lihiyufi.exe 2009-03-27 16:23 --------- d-----w c:\documents and settings\brustad\Application Data\Spotify 2009-03-27 06:16 61,440 --sha-w c:\windows\system32\retegefu.exe 2009-03-25 18:18 --------- d-----w c:\program files\P2P_Max 2009-03-24 22:55 --------- d-----w c:\program files\Windows Live 2009-03-11 21:20 --------- d-----w c:\program files\Common Files\Adobe 2009-03-10 18:11 --------- d-----w c:\program files\Lexmark 5400 Series 2009-03-06 19:36 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-06 18:29 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania 2009-03-04 10:56 --------- d-----w c:\documents and settings\brustad\Application Data\5400 Series 2009-02-24 20:27 --------- d-----w c:\program files\Stardock 2009-02-24 20:27 --------- d-----w c:\program files\Common Files\Stardock 2009-02-24 20:08 --------- d-----w c:\documents and settings\brustad\Application Data\LimeWire 2009-02-22 16:34 108,144 ----a-w c:\windows\system32\CmdLineExt.dll 2009-02-22 16:34 --------- d--h--r c:\documents and settings\brustad\Application Data\SecuROM 2009-02-22 16:07 --------- d-----w c:\program files\Atari 2009-02-22 16:04 --------- d-----w c:\documents and settings\brustad\Application Data\DAEMON Tools Lite 2009-02-22 16:02 --------- d-----w c:\documents and settings\brustad\Application Data\DAEMON Tools Pro 2009-02-22 16:02 --------- d-----w c:\documents and settings\brustad\Application Data\DAEMON Tools 2009-02-22 16:00 --------- d-----w c:\program files\DAEMON Tools Lite 2009-02-22 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-02-22 15:55 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-02-20 12:53 --------- d-----w c:\program files\Valve 2009-02-19 16:43 --------- d-----w c:\program files\Google 2009-02-19 15:58 --------- d-----w c:\program files\home plan software 2009-02-18 22:45 --------- d-----w c:\documents and settings\brustad\Application Data\ImgBurn 2009-02-18 22:29 --------- d-----w c:\documents and settings\brustad\Application Data\vlc 2009-02-18 20:15 --------- d-----w c:\program files\Common Files\Windows Live 2009-02-18 19:13 --------- d-----w c:\program files\Counter-Strike Source 2009-02-18 06:43 --------- d-----w c:\program files\Lexmark Toolbar 2009-02-18 06:39 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint 2009-02-18 06:39 --------- d-----w c:\documents and settings\All Users\Application Data\5400 Series 2009-02-18 06:36 --------- d-----w c:\program files\Common Files\ArcSoft 2009-02-18 06:36 --------- d-----w c:\program files\ArcSoft 2009-02-18 06:25 --------- d-----w c:\documents and settings\brustad\Application Data\AdobeUM 2009-02-18 06:24 --------- d-----w c:\program files\VID_0E8F&PID_0003 2009-02-18 06:22 --------- d-----w c:\program files\VGA USB Camera 2009-02-18 06:22 --------- d-----w c:\program files\directx 2009-02-18 06:17 --------- d-----w c:\program files\ASUS 2009-02-18 06:16 --------- d-----w c:\program files\ASUSTeK 2009-02-18 06:04 --------- d-----w c:\program files\MSI 2009-02-18 05:59 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-18 05:55 --------- d-----w c:\program files\VIA 2009-02-18 05:52 --------- d-----w c:\documents and settings\brustad\Application Data\Logitech 2009-02-18 05:51 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2009-02-18 05:51 --------- d-----w c:\program files\Logitech 2009-02-18 05:51 --------- d-----w c:\program files\Common Files\Logishrd 2009-02-18 05:50 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-02-18 05:50 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2009-02-18 05:50 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-02-18 05:49 --------- d-----w c:\documents and settings\brustad\Application Data\InstallShield 2009-02-18 05:49 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2009-02-18 05:49 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2009-02-18 03:31 --------- d-----w c:\documents and settings\brustad\Application Data\Windows Search 2009-02-18 00:29 --------- d-----w c:\program files\TmNationsForever 2009-02-18 00:20 --------- d-----w c:\documents and settings\brustad\Application Data\Windows Desktop Search 2009-02-18 00:11 --------- d-----w c:\program files\microsoft frontpage 2009-02-18 00:05 --------- d-----w c:\program files\MSBuild 2009-02-18 00:04 --------- d-----w c:\program files\Reference Assemblies 2009-02-18 00:00 --------- d-----w c:\program files\LClock 2009-02-18 00:00 --------- d-----w c:\program files\Alky for Applications 2009-02-17 23:57 --------- d-----w c:\program files\Windows Media Connect 2 2009-02-17 23:54 --------- d-----w c:\program files\Windows Desktop Search 2009-02-17 23:54 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-17 22:17 --------- d-----w c:\documents and settings\brustad\Application Data\Winamp 2009-02-17 21:51 --------- d-----w c:\program files\RocketDock 2009-02-17 20:27 --------- d-----w c:\program files\TGTSoft 2009-02-17 20:25 --------- d-----w c:\program files\nLite 2009-02-17 20:22 --------- d-----w c:\program files\Avira 2009-02-17 20:22 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-02-17 19:55 --------- d-----w c:\program files\Magic Video Converter 2009-02-17 19:49 --------- d-----w c:\program files\CCleaner 2009-02-17 19:47 --------- d-----w c:\program files\GIMP-2.0 2009-02-17 19:42 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-17 19:41 --------- d-----w c:\program files\Java 2009-02-17 19:38 --------- d-----w c:\program files\LimeWire 2009-02-17 19:38 --------- d-----w c:\program files\Conduit 2009-02-17 19:31 --------- d-----w c:\program files\Microsoft ActiveSync 2009-02-17 19:30 --------- d-----w c:\program files\Microsoft.NET 2009-02-17 19:28 --------- d-----w c:\program files\ImgBurn 2009-02-17 19:26 --------- d-----w c:\program files\Spotify 2009-02-17 19:25 --------- d-----w c:\program files\Winamp 2009-02-17 19:25 --------- d-----w c:\program files\VideoLAN 2009-02-17 13:03 1,614,848 ----a-w c:\windows\system32\sfcfiles.dll 2009-02-12 15:27 86,073 ----a-w c:\windows\system32\usrfaxa.dll 2009-02-12 14:58 990,208 ----a-w c:\windows\system32\syssetup.dll 2009-02-12 14:58 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys 2009-02-12 14:58 218,624 ----a-w c:\windows\system32\uxtheme.dll 2009-02-12 14:50 581,192 ----a-w c:\windows\system32\winusbcoinstaller.dll 2009-02-12 14:50 56,320 ----a-w c:\windows\system32\xmlfilter.dll 2009-02-12 14:50 43,544 ----a-w c:\windows\system32\wups2.dll 2009-02-12 14:50 1,302,600 ----a-w c:\windows\system32\wudfupdate_01007.dll 2009-02-12 14:50 1,112,288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll 2009-02-12 14:48 91,656 ----a-w c:\windows\system32\msxml4r.dll 2009-02-12 14:47 323,696 ----a-w c:\windows\system32\msdrm.dll 2009-02-12 14:43 75,264 ----a-w c:\windows\inf\ieResetIcons.tmp 2009-02-12 14:43 465,920 ----a-w c:\windows\system32\imapi2fs.dll . ------- Sigcheck ------- 2009-02-12 14:58 361600 25a740d70e8007814a48d3fa1b34fa34 c:\windows\system32\drivers\tcpip.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{72ae8426-3b8d-4ead-b191-8d0ad1c62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2008-09-15 1784856] [HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}] 2008-09-15 06:47 1784856 --a------ c:\program files\P2P_Max\tbP2P_.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{72ae8426-3b8d-4ead-b191-8d0ad1c62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2008-09-15 1784856] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{72AE8426-3B8D-4EAD-B191-8D0AD1C62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2008-09-15 1784856] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536] "STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Steam"="c:\program files\steam\steam.exe" [2009-02-17 1410296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-03 342848] "msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2005-03-07 482816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-12-15 86016] "lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760] "Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048] "EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-17 148888] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352] "LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2009-03-27 577540] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-12-15 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536] c:\documents and settings\brustad\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-02-24 3450608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-02-18 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-18 784912] STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2009-02-18 163840] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-12 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2007-11-15 10:10 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= rtubcx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor] --a------ 2004-12-16 14:55 987136 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] -ra------ 2004-10-11 06:54 589824 c:\program files\VIA\RAID\raid_tool.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\WINDOWS\\system32\\lxctcoms.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\monster trucks nitro demo\\MonsterTrucksNitro.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\scaneripx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\hwpcassistant.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30826e0e-fe9e-11dd-af9d-0013d33bb87b}] \Shell\AutoRun\command - G:\hwpcassistant.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30826e0f-fe9e-11dd-af9d-0013d33bb87b}] \Shell\AutoRun\command - G:\hwpcassistant.exe . - - - - TOMME PEKERE FJERNET - - - - MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe . ------- Tilleggsskanning ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\brustad\Application Data\Mozilla\Firefox\Profiles\663a5amb.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-27 19:45:08 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-796845957-152049171-1606980848-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:cd,32,74,9c,60,e8,5d,1f,40,ce,b9,7b,6d,4c,44,e3,a0,cd,29,a3,b7,db,e3, f9,cf,77,fa,94,07,09,8f,19,d9,f0,5a,ff,fd,bd,bf,63,c0,9b,a5,32,e4,27,fb,c9,\ "??"=hex:72,db,72,2f,a0,c1,b1,da,a0,f9,a0,89,64,7f,db,b3 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(760) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Tidspunkt ferdig: 2009-03-27 19:46:40 ComboFix-quarantined-files.txt 2009-03-27 19:46:37 Pre-Run: 6 234 505 216 bytes free Post-Run: 6,464,651,264 bytes free 335 Lenke til kommentar
norbat Skrevet 28. mars 2009 Del Skrevet 28. mars 2009 Gå til Virustotal og sjekk disse to filene (hvis du ikke selv vet hva de er): C:\bust.exe C:\scaneripx.exe Oppdater Malwarebytes og kjør en rask skann Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: c:\windows\system32\drivers\ovfsth.sys c:\windows\system32\ovfsthsbgdpcnkdgsqhvsvgartrdlieyjgfqat.dat c:\windows\system32\ovfsthqrnokyuaeqtuwylslkxonfhsdqefrtjk.dat c:\windows\system32\jogekini.dll c:\windows\system32\lofiketo.exe c:\windows\system32\lihiyufi.exe c:\windows\system32\retegefu.exe Post combofix-loggen samt loggen fra malwarebytes, hvis den finner noe. Lenke til kommentar
yamahaen Skrevet 29. mars 2009 Forfatter Del Skrevet 29. mars 2009 mbam Klikk for å se/fjerne spoilerteksten nedenfor Malwarebytes' Anti-Malware 1.35Databaseversjon: 1915 Windows 5.1.2600 Service Pack 3 29.03.2009 12:22:02 mbam-log-2009-03-29 (12-21-54).txt Skanntype: Rask Skann Objekter skannet: 64158 Tid tilbakelagt: 5 minute(s), 32 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 11 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\lihiyufi.exe (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\lofiketo.exe (Trojan.Vundo) -> No action taken. C:\RECYCLER\S-1-5-21-0982818026-0792038349-964117139-9221\service.exe (Trojan.Agent) -> No action taken. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\drivers\ovfsth.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\ovfsthqrnokyuaeqtuwylslkxonfhsdqefrtjk.dat (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\ovfsthsbgdpcnkdgsqhvsvgartrdlieyjgfqat.dat (Trojan.Agent) -> No action taken. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe (Trojan.Agent) -> No action taken. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (Backdoor.Bot) -> No action taken. C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe (Backdoor.Bot) -> No action taken. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise323.exe (Backdoor.Bot) -> No action taken. combofix Klikk for å se/fjerne spoilerteksten nedenfor ComboFix 09-03-28.06 - brustad 2009-03-29 12:34:09.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.467 [GMT 0:00] Kjører fra: c:\documents and settings\brustad\Desktop\ComboFix.exe Command switches brukt :: c:\documents and settings\brustad\Desktop\CFScript.txt..txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-28 til 2009-03-29 ))))))))))))))))))))))))))))))))) . 2009-03-28 16:02 . 2009-03-28 16:14 <DIR> d-------- c:\documents and settings\brustad\Application Data\gtk-2.0 2009-03-27 17:59 . 2009-03-27 17:59 <DIR> d-------- c:\program files\NCH Software 2009-03-27 17:59 . 2009-03-27 17:59 <DIR> d-------- c:\documents and settings\brustad\Application Data\Recordpad 2009-03-27 17:59 . 2009-03-27 18:00 <DIR> d-------- c:\documents and settings\brustad\Application Data\NCH Swift Sound 2009-03-27 17:59 . 2009-03-27 19:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2009-03-27 17:58 . 2009-03-27 18:00 <DIR> d-------- c:\program files\NCH Swift Sound 2009-03-27 16:42 . 2009-03-27 16:42 <DIR> d-------- c:\documents and settings\brustad\Application Data\Malwarebytes 2009-03-27 16:41 . 2009-03-27 16:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-27 16:41 . 2009-03-27 16:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-27 16:41 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-27 16:41 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-27 15:55 . 2009-03-27 15:55 5,505 --a------ C:\bust.exe 2009-03-26 02:28 . 2009-03-26 02:28 45,568 --a------ C:\scaneripx.exe 2009-03-25 18:26 . 2009-03-25 18:26 <DIR> d-------- c:\program files\MSN Messenger 2009-03-24 21:52 . 2009-03-24 21:52 2,713 ---hs---- c:\windows\system32\jogekini.dll 2009-03-24 17:57 . 2009-03-24 17:57 <DIR> d-------- C:\Videos 2009-03-24 17:55 . 2009-03-24 17:58 <DIR> d-------- c:\program files\Cool YouTube Downloader 2009-03-15 19:55 . 2009-03-15 19:57 <DIR> d-------- C:\DestinatorApps 2009-03-06 19:48 . 2009-03-06 19:51 43,520 --a------ c:\windows\system32\CmdLineExt03.dll 2009-03-06 19:29 . 2009-03-06 19:29 <DIR> d-------- c:\program files\Sierra 2009-03-04 22:25 . 2009-03-29 12:27 45 --a------ C:\TEST.XML 2009-03-04 21:23 . 2009-03-07 18:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Test Drive Unlimited 2009-03-04 20:51 . 2009-03-04 20:51 <DIR> d-------- c:\program files\Vuze 2009-03-04 20:51 . 2009-03-27 17:58 <DIR> d-------- c:\documents and settings\brustad\Application Data\Azureus 2009-03-04 20:51 . 2009-03-04 20:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus 2009-03-03 19:38 . 2009-03-29 12:27 <DIR> d-------- c:\program files\DNA 2009-03-03 19:38 . 2009-03-03 19:38 <DIR> d-------- c:\program files\BitTorrent 2009-03-03 19:38 . 2009-03-03 19:38 <DIR> d-------- c:\program files\AskBarDis 2009-03-03 19:38 . 2009-03-29 12:27 <DIR> d-------- c:\documents and settings\brustad\Application Data\DNA 2009-03-03 19:38 . 2009-03-04 21:16 <DIR> d-------- c:\documents and settings\brustad\Application Data\BitTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-29 12:27 --------- d-----w c:\program files\Steam 2009-03-29 12:27 --------- d-----w c:\program files\lx_cats 2009-03-28 17:08 --------- d-----w c:\documents and settings\brustad\Application Data\Spotify 2009-03-27 06:16 61,440 --sha-w c:\windows\system32\retegefu.exe 2009-03-25 18:18 --------- d-----w c:\program files\P2P_Max 2009-03-24 22:55 --------- d-----w c:\program files\Windows Live 2009-03-11 21:20 --------- d-----w c:\program files\Common Files\Adobe 2009-03-10 18:11 --------- d-----w c:\program files\Lexmark 5400 Series 2009-03-06 19:36 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-06 18:29 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania 2009-03-04 10:56 --------- d-----w c:\documents and settings\brustad\Application Data\5400 Series 2009-02-24 20:27 --------- d-----w c:\program files\Stardock 2009-02-24 20:27 --------- d-----w c:\program files\Common Files\Stardock 2009-02-24 20:08 --------- d-----w c:\documents and settings\brustad\Application Data\LimeWire 2009-02-22 16:34 108,144 ----a-w c:\windows\system32\CmdLineExt.dll 2009-02-22 16:34 --------- d--h--r c:\documents and settings\brustad\Application Data\SecuROM 2009-02-22 16:07 --------- d-----w c:\program files\Atari 2009-02-22 16:04 --------- d-----w c:\documents and settings\brustad\Application Data\DAEMON Tools Lite 2009-02-22 16:02 --------- d-----w c:\documents and settings\brustad\Application Data\DAEMON Tools Pro 2009-02-22 16:02 --------- d-----w c:\documents and settings\brustad\Application Data\DAEMON Tools 2009-02-22 16:00 --------- d-----w c:\program files\DAEMON Tools Lite 2009-02-22 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-02-22 15:55 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-02-20 12:53 --------- d-----w c:\program files\Valve 2009-02-19 16:43 --------- d-----w c:\program files\Google 2009-02-19 15:58 --------- d-----w c:\program files\home plan software 2009-02-18 22:45 --------- d-----w c:\documents and settings\brustad\Application Data\ImgBurn 2009-02-18 22:29 --------- d-----w c:\documents and settings\brustad\Application Data\vlc 2009-02-18 20:15 --------- d-----w c:\program files\Common Files\Windows Live 2009-02-18 19:13 --------- d-----w c:\program files\Counter-Strike Source 2009-02-18 06:43 --------- d-----w c:\program files\Lexmark Toolbar 2009-02-18 06:39 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint 2009-02-18 06:39 --------- d-----w c:\documents and settings\All Users\Application Data\5400 Series 2009-02-18 06:36 --------- d-----w c:\program files\Common Files\ArcSoft 2009-02-18 06:36 --------- d-----w c:\program files\ArcSoft 2009-02-18 06:25 --------- d-----w c:\documents and settings\brustad\Application Data\AdobeUM 2009-02-18 06:24 --------- d-----w c:\program files\VID_0E8F&PID_0003 2009-02-18 06:22 --------- d-----w c:\program files\VGA USB Camera 2009-02-18 06:22 --------- d-----w c:\program files\directx 2009-02-18 06:17 --------- d-----w c:\program files\ASUS 2009-02-18 06:16 --------- d-----w c:\program files\ASUSTeK 2009-02-18 06:04 --------- d-----w c:\program files\MSI 2009-02-18 05:59 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-18 05:55 --------- d-----w c:\program files\VIA 2009-02-18 05:52 --------- d-----w c:\documents and settings\brustad\Application Data\Logitech 2009-02-18 05:51 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2009-02-18 05:51 --------- d-----w c:\program files\Logitech 2009-02-18 05:51 --------- d-----w c:\program files\Common Files\Logishrd 2009-02-18 05:50 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-02-18 05:50 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2009-02-18 05:50 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-02-18 05:49 --------- d-----w c:\documents and settings\brustad\Application Data\InstallShield 2009-02-18 05:49 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2009-02-18 05:49 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2009-02-18 03:31 --------- d-----w c:\documents and settings\brustad\Application Data\Windows Search 2009-02-18 00:29 --------- d-----w c:\program files\TmNationsForever 2009-02-18 00:20 --------- d-----w c:\documents and settings\brustad\Application Data\Windows Desktop Search 2009-02-18 00:11 --------- d-----w c:\program files\microsoft frontpage 2009-02-18 00:05 --------- d-----w c:\program files\MSBuild 2009-02-18 00:04 --------- d-----w c:\program files\Reference Assemblies 2009-02-18 00:00 --------- d-----w c:\program files\LClock 2009-02-18 00:00 --------- d-----w c:\program files\Alky for Applications 2009-02-17 23:57 --------- d-----w c:\program files\Windows Media Connect 2 2009-02-17 23:54 --------- d-----w c:\program files\Windows Desktop Search 2009-02-17 23:54 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-17 22:17 --------- d-----w c:\documents and settings\brustad\Application Data\Winamp 2009-02-17 21:51 --------- d-----w c:\program files\RocketDock 2009-02-17 20:27 --------- d-----w c:\program files\TGTSoft 2009-02-17 20:25 --------- d-----w c:\program files\nLite 2009-02-17 20:22 --------- d-----w c:\program files\Avira 2009-02-17 20:22 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-02-17 19:55 --------- d-----w c:\program files\Magic Video Converter 2009-02-17 19:49 --------- d-----w c:\program files\CCleaner 2009-02-17 19:47 --------- d-----w c:\program files\GIMP-2.0 2009-02-17 19:42 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-17 19:41 --------- d-----w c:\program files\Java 2009-02-17 19:38 --------- d-----w c:\program files\LimeWire 2009-02-17 19:38 --------- d-----w c:\program files\Conduit 2009-02-17 19:31 --------- d-----w c:\program files\Microsoft ActiveSync 2009-02-17 19:30 --------- d-----w c:\program files\Microsoft.NET 2009-02-17 19:28 --------- d-----w c:\program files\ImgBurn 2009-02-17 19:26 --------- d-----w c:\program files\Spotify 2009-02-17 19:25 --------- d-----w c:\program files\Winamp 2009-02-17 19:25 --------- d-----w c:\program files\VideoLAN 2009-02-17 13:03 1,614,848 ----a-w c:\windows\system32\sfcfiles.dll 2009-02-12 15:27 86,073 ----a-w c:\windows\system32\usrfaxa.dll 2009-02-12 14:58 990,208 ----a-w c:\windows\system32\syssetup.dll 2009-02-12 14:58 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys 2009-02-12 14:58 218,624 ----a-w c:\windows\system32\uxtheme.dll 2009-02-12 14:50 581,192 ----a-w c:\windows\system32\winusbcoinstaller.dll 2009-02-12 14:50 56,320 ----a-w c:\windows\system32\xmlfilter.dll 2009-02-12 14:50 43,544 ----a-w c:\windows\system32\wups2.dll 2009-02-12 14:50 1,302,600 ----a-w c:\windows\system32\wudfupdate_01007.dll 2009-02-12 14:50 1,112,288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll 2009-02-12 14:48 91,656 ----a-w c:\windows\system32\msxml4r.dll 2009-02-12 14:47 323,696 ----a-w c:\windows\system32\msdrm.dll 2009-02-12 14:43 75,264 ----a-w c:\windows\inf\ieResetIcons.tmp 2009-02-12 14:43 465,920 ----a-w c:\windows\system32\imapi2fs.dll 2009-02-12 14:43 317,952 ----a-w c:\windows\system32\imapi2.dll 2009-02-12 14:43 151,552 ----a-w c:\windows\system32\ifxcardm.dll . ------- Sigcheck ------- 2009-02-12 14:58 361600 25a740d70e8007814a48d3fa1b34fa34 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-03-27_19.45.37,92 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-29 12:27:01 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_518.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{72ae8426-3b8d-4ead-b191-8d0ad1c62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2008-09-15 1784856] [HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}] 2008-09-15 06:47 1784856 --a------ c:\program files\P2P_Max\tbP2P_.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{72ae8426-3b8d-4ead-b191-8d0ad1c62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2008-09-15 1784856] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{72AE8426-3B8D-4EAD-B191-8D0AD1C62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2008-09-15 1784856] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000] [HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536] "STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Steam"="c:\program files\steam\steam.exe" [2009-02-17 1410296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-03 342848] "msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2005-03-07 482816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-12-15 86016] "lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760] "Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048] "EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-17 148888] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352] "LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2009-03-27 577540] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-12-15 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536] c:\documents and settings\brustad\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-02-24 3450608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-02-18 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-18 784912] STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2009-02-18 163840] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-12 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2007-11-15 10:10 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= rtubcx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor] --a------ 2004-12-16 14:55 987136 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] -ra------ 2004-10-11 06:54 589824 c:\program files\VIA\RAID\raid_tool.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\WINDOWS\\system32\\lxctcoms.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\monster trucks nitro demo\\MonsterTrucksNitro.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\scaneripx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\hwpcassistant.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30826e0e-fe9e-11dd-af9d-0013d33bb87b}] \Shell\AutoRun\command - G:\hwpcassistant.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30826e0f-fe9e-11dd-af9d-0013d33bb87b}] \Shell\AutoRun\command - G:\hwpcassistant.exe . . ------- Tilleggsskanning ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\brustad\Application Data\Mozilla\Firefox\Profiles\663a5amb.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-29 12:36:24 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-796845957-152049171-1606980848-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:cd,32,74,9c,60,e8,5d,1f,40,ce,b9,7b,6d,4c,44,e3,a0,cd,29,a3,b7,db,e3, f9,cf,77,fa,94,07,09,8f,19,d9,f0,5a,ff,fd,bd,bf,63,c0,9b,a5,32,e4,27,fb,c9,\ "??"=hex:72,db,72,2f,a0,c1,b1,da,a0,f9,a0,89,64,7f,db,b3 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(760) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Tidspunkt ferdig: 2009-03-29 12:37:48 ComboFix-quarantined-files.txt 2009-03-29 12:37:45 ComboFix2.txt 2009-03-27 19:46:41 Pre-Run: 6,334,898,176 bytes free Post-Run: 6,326,796,288 bytes free Lenke til kommentar
norbat Skrevet 29. mars 2009 Del Skrevet 29. mars 2009 Ble det funnet noe på de to filene du skull sjekke på virustotal? Lenke til kommentar
yamahaen Skrevet 29. mars 2009 Forfatter Del Skrevet 29. mars 2009 ja på den ene Klikk for å se/fjerne spoilerteksten nedenfor File scaneripx.exe received on 03.29.2009 14:11:09 (CET)Antivirus Version Last Update Result a-squared 4.0.0.101 2009.03.29 Downloader.Delphi!IK AhnLab-V3 5.0.0.2 2009.03.28 - AntiVir 7.9.0.129 2009.03.27 DR/Delphi.Gen Antiy-AVL 2.0.3.1 2009.03.29 - Authentium 5.1.2.4 2009.03.28 - Avast 4.8.1335.0 2009.03.28 Win32:Trojan-gen {Other} AVG 8.5.0.285 2009.03.28 SpamTool.CIB BitDefender 7.2 2009.03.29 - CAT-QuickHeal 10.00 2009.03.28 - ClamAV 0.94.1 2009.03.29 - Comodo 1089 2009.03.29 - DrWeb 4.44.0.09170 2009.03.29 - eSafe 7.0.17.0 2009.03.27 Win32.DRDelphi eTrust-Vet 31.6.6421 2009.03.27 - F-Prot 4.4.4.56 2009.03.28 - Fortinet 3.117.0.0 2009.03.29 - GData 19 2009.03.29 Win32:Trojan-gen {Other} Ikarus T3.1.1.48.0 2009.03.29 Downloader.Delphi K7AntiVirus 7.10.684 2009.03.28 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2009.03.29 Trojan.Win32.Agent2.gpc McAfee 5567 2009.03.28 Spam-Mailbot.l McAfee+Artemis 5567 2009.03.28 Spam-Mailbot.l McAfee-GW-Edition 6.7.6 2009.03.29 Trojan.Dropper.Delphi.Gen Microsoft 1.4502 2009.03.29 VirTool:Win32/DelfInject.gen!AF NOD32 3972 2009.03.28 - Norman 6.00.06 2009.03.27 - nProtect 2009.1.8.0 2009.03.29 - Panda 10.0.0.10 2009.03.29 Suspicious file PCTools 4.4.2.0 2009.03.29 - Prevx1 V2 2009.03.29 - Rising 21.22.62.00 2009.03.29 - Sophos 4.40.0 2009.03.29 - Sunbelt 3.2.1858.2 2009.03.28 - Symantec 1.4.4.12 2009.03.29 Suspicious.MH690.A TheHacker 6.3.3.9.295 2009.03.29 - TrendMicro 8.700.0.1004 2009.03.28 - VBA32 3.12.10.1 2009.03.27 - ViRobot 2009.3.27.1666 2009.03.27 - Additional information File size: 45568 bytes MD5...: 49d400794d313f705c08031affc903b9 SHA1..: c819431816e225e0b3ee44d7af7fee5287208f92 SHA256: 9d719cc281b2846d417b24143a6ff3924e36e6ca52b0a6cf4e829f5d798c056a SHA512: f12aa14f078971121df64d9b6d7549d746f29b75ecbac4bfd64512e5e7e98f7d<br>bbd63764014f53b6fad86a69879c818a095f10d85b1a54e4c8c2b15d5858c22b ssdeep: 768:hUfb14RzRR1alWgcu+XBkj+jucDJN/q3TkoWlgYqteIm+xcatL:hUz1gAWgN<br>x66ynUTggVt/Jxcg<br> PEiD..: BobSoft Mini Delphi -> BoB / BobSoft TrID..: File type identification<br>Win32 Executable Generic (38.4%)<br>Win32 Dynamic Link Library (generic) (34.1%)<br>Win16/32 Executable Delphi generic (9.3%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x323c<br>timedatestamp.....: 0x3c425e19 (Mon Jan 14 04:27:05 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x22d8 0x2400 6.25 29040bb86401e528fb58a72196952194<br>DATA 0x4000 0xe4 0x200 1.98 eac4d9af930bfa9cbb02be7a57106a1f<br>BSS 0x5000 0x741 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x6000 0x310 0x400 3.45 3b6421c859aa7df4520802993c6101ae<br>.tls 0x7000 0x4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0x8000 0x1d 0x200 0.28 23dcee1a9748c5ada2d2e81effba65f3<br>.reloc 0x9000 0x34c 0x400 5.81 36dd666372068cbed3e7c7cfd0484810<br>.rsrc 0xa000 0x7c60 0x7e00 7.98 f052d7aa10db6b338c670fd000b41513<br><br>( 5 imports ) <br>> kernel32.dll: GetCurrentThreadId, ExitProcess, RtlUnwind, RaiseException, TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, FreeLibrary, HeapFree, HeapReAlloc, HeapAlloc, GetProcessHeap<br>> kernel32.dll: lstrlenA, Sleep, LoadLibraryA, GetTickCount, GetProcAddress, GetModuleFileNameA, GetCommandLineA<br>> user32.dll: TranslateMessage, PostQuitMessage, PeekMessageA, MessageBoxA, DispatchMessageA<br>> shell32.dll: SHChangeNotify<br>> opengl32.dll: glGetClipPlane, glGenLists, glEvalCoord1f<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- Lenke til kommentar
norbat Skrevet 29. mars 2009 Del Skrevet 29. mars 2009 (endret) Opprett et nytt cfscript med følgende innholde: File:: C:\bust.exe C:\scaneripx.exe c:\windows\system32\jogekini.dll c:\windows\system32\retegefu.exe Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- Post ny logg. Vurder også om Ask Toolbar og P2P Max Toolbar er noe du må ha. Hvis ikke, avinstaller de. Endret 31. mars 2009 av norbat Lenke til kommentar
yamahaen Skrevet 31. mars 2009 Forfatter Del Skrevet 31. mars 2009 combofix Klikk for å se/fjerne spoilerteksten nedenfor ComboFix 09-03-28.06 - brustad 2009-03-31 9:50:25.4 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.47.1033.18.767.432 [GMT 0:00] Kjører fra: c:\documents and settings\brustad\Desktop\ComboFix.exe Command switches brukt :: c:\documents and settings\brustad\Desktop\cfscript.txt.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-28 til 2009-03-31 ))))))))))))))))))))))))))))))))) . 2009-03-28 16:02 . 2009-03-28 16:14 <DIR> d-------- c:\documents and settings\brustad\Application Data\gtk-2.0 2009-03-27 17:59 . 2009-03-27 17:59 <DIR> d-------- c:\program files\NCH Software 2009-03-27 17:59 . 2009-03-27 17:59 <DIR> d-------- c:\documents and settings\brustad\Application Data\Recordpad 2009-03-27 17:59 . 2009-03-27 18:00 <DIR> d-------- c:\documents and settings\brustad\Application Data\NCH Swift Sound 2009-03-27 17:59 . 2009-03-27 19:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2009-03-27 17:58 . 2009-03-27 18:00 <DIR> d-------- c:\program files\NCH Swift Sound 2009-03-27 16:42 . 2009-03-27 16:42 <DIR> d-------- c:\documents and settings\brustad\Application Data\Malwarebytes 2009-03-27 16:41 . 2009-03-27 16:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-27 16:41 . 2009-03-27 16:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-27 16:41 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-27 16:41 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-27 15:55 . 2009-03-27 15:55 5,505 --a------ C:\bust.exe 2009-03-26 02:28 . 2009-03-26 02:28 45,568 --a------ C:\scaneripx.exe 2009-03-25 18:26 . 2009-03-25 18:26 <DIR> d-------- c:\program files\MSN Messenger 2009-03-24 21:52 . 2009-03-24 21:52 2,713 ---hs---- c:\windows\system32\jogekini.dll 2009-03-24 17:57 . 2009-03-24 17:57 <DIR> d-------- C:\Videos 2009-03-24 17:55 . 2009-03-24 17:58 <DIR> d-------- c:\program files\Cool YouTube Downloader 2009-03-15 19:55 . 2009-03-15 19:57 <DIR> d-------- C:\DestinatorApps 2009-03-06 19:48 . 2009-03-06 19:51 43,520 --a------ c:\windows\system32\CmdLineExt03.dll 2009-03-06 19:29 . 2009-03-06 19:29 <DIR> d-------- c:\program files\Sierra 2009-03-04 22:25 . 2009-03-31 09:47 45 --a------ C:\TEST.XML 2009-03-04 21:23 . 2009-03-07 18:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Test Drive Unlimited 2009-03-04 20:51 . 2009-03-04 20:51 <DIR> d-------- c:\program files\Vuze 2009-03-04 20:51 . 2009-03-27 17:58 <DIR> d-------- c:\documents and settings\brustad\Application Data\Azureus 2009-03-04 20:51 . 2009-03-04 20:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus 2009-03-03 19:38 . 2009-03-31 09:48 <DIR> d-------- c:\program files\DNA 2009-03-03 19:38 . 2009-03-03 19:38 <DIR> d-------- c:\program files\BitTorrent 2009-03-03 19:38 . 2009-03-31 09:48 <DIR> d-------- c:\documents and settings\brustad\Application Data\DNA 2009-03-03 19:38 . 2009-03-04 21:16 <DIR> d-------- c:\documents and settings\brustad\Application Data\BitTorrent 2009-02-24 20:27 . 2009-02-24 20:27 <DIR> d-------- c:\program files\Stardock 2009-02-24 20:27 . 2009-02-24 20:27 <DIR> d-------- c:\program files\Common Files\Stardock 2009-02-24 19:29 . 2009-02-24 20:08 <DIR> d-------- c:\documents and settings\brustad\Application Data\LimeWire 2009-02-22 16:34 . 2009-02-22 16:34 <DIR> dr-h----- c:\documents and settings\brustad\Application Data\SecuROM 2009-02-22 16:34 . 2009-02-22 16:34 108,144 --a------ c:\windows\system32\CmdLineExt.dll 2009-02-22 16:07 . 2009-02-22 16:07 <DIR> d-------- c:\program files\Atari 2009-02-22 16:02 . 2009-02-22 16:02 <DIR> d-------- c:\documents and settings\brustad\Application Data\DAEMON Tools Pro 2009-02-22 16:02 . 2009-02-22 16:02 <DIR> d-------- c:\documents and settings\brustad\Application Data\DAEMON Tools 2009-02-22 16:00 . 2009-02-22 16:00 <DIR> d-------- c:\program files\DAEMON Tools Lite 2009-02-22 16:00 . 2009-02-22 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-02-22 15:55 . 2009-02-22 15:55 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-02-22 15:54 . 2009-02-22 16:04 <DIR> d-------- c:\documents and settings\brustad\Application Data\DAEMON Tools Lite 2009-02-22 13:54 . 2009-02-22 13:54 <DIR> d-------- c:\documents and settings\brustad\.thumbnails 2009-02-19 16:43 . 2009-02-19 16:43 <DIR> d-------- c:\program files\Google 2009-02-19 15:58 . 2009-02-19 15:58 <DIR> d-------- c:\program files\home plan software 2009-02-18 22:28 . 2009-02-18 22:29 <DIR> d-------- c:\documents and settings\brustad\Application Data\vlc 2009-02-18 20:25 . 2009-03-24 22:22 <DIR> d-------- c:\documents and settings\brustad\Tracing 2009-02-18 20:22 . 2009-03-24 22:55 <DIR> d-------- c:\program files\Windows Live 2009-02-18 20:15 . 2009-02-18 20:15 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-02-18 17:33 . 2009-02-18 20:12 <DIR> d-------- c:\documents and settings\brustad\Contacts 2009-02-18 06:42 . 2009-03-04 10:56 <DIR> d-------- c:\documents and settings\brustad\Application Data\5400 Series 2009-02-18 06:41 . 2009-03-31 09:48 <DIR> d-------- c:\program files\lx_cats 2009-02-18 06:41 . 2006-11-07 11:30 344,064 --a------ c:\windows\system32\lxctcoin.dll 2009-02-18 06:41 . 2006-04-25 03:11 40,960 --a------ c:\windows\system32\lxctvs.dll 2009-02-18 06:39 . 2009-02-18 06:43 <DIR> d-------- c:\program files\Lexmark Toolbar 2009-02-18 06:39 . 2009-02-18 06:39 <DIR> d-------- c:\program files\Abbyy FineReader 6.0 Sprint 2009-02-18 06:39 . 2009-02-18 06:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\5400 Series 2009-02-18 06:38 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Lexmark 5400 Series 2009-02-18 06:38 . 2006-11-06 16:35 1,224,704 --a------ c:\windows\system32\lxctserv.dll 2009-02-18 06:37 . 2009-02-18 06:37 <DIR> d-------- c:\windows\STK02N 2009-02-18 06:37 . 2007-03-12 14:25 101,520 --a------ c:\windows\system32\drivers\STK02NW2.sys 2009-02-18 06:37 . 2007-03-12 14:28 40,960 --a------ c:\windows\system32\STK02NP.ax 2009-02-18 06:37 . 2007-03-12 14:25 33,728 --a------ c:\windows\system32\drivers\STK02NW1.sys 2009-02-18 06:36 . 2009-02-18 06:36 <DIR> d-------- c:\program files\Common Files\ArcSoft 2009-02-18 06:36 . 2005-04-27 16:36 245,408 --a------ c:\windows\system32\unicows.dll 2009-02-18 06:35 . 2006-11-10 15:05 18,688 --a------ c:\windows\system32\drivers\afc.sys 2009-02-18 06:34 . 2009-02-18 06:36 <DIR> d-------- c:\program files\ArcSoft 2009-02-18 06:34 . 1995-08-01 04:44 212,480 --a------ c:\windows\PCDLIB32.DLL 2009-02-18 06:25 . 2009-03-11 21:20 <DIR> d-------- c:\program files\Common Files\Adobe 2009-02-18 06:25 . 2009-02-18 06:25 <DIR> d-------- c:\documents and settings\brustad\Application Data\AdobeUM 2009-02-18 06:24 . 2009-02-18 06:24 <DIR> d-------- c:\program files\VID_0E8F&PID_0003 2009-02-18 06:22 . 2009-02-18 06:22 <DIR> d-------- c:\windows\Options 2009-02-18 06:22 . 2009-02-18 06:22 <DIR> d-------- c:\program files\VGA USB Camera 2009-02-18 06:22 . 2009-02-18 06:22 <DIR> d-------- c:\program files\directx 2009-02-18 06:17 . 2009-02-18 06:17 <DIR> d-------- c:\program files\ASUS 2009-02-18 06:16 . 2009-02-18 06:16 <DIR> d-------- c:\program files\ASUSTeK 2009-02-18 06:12 . 2004-12-14 15:55 9,472 -ra------ c:\windows\system32\drivers\EIO.sys 2009-02-18 06:08 . 2009-02-18 06:08 <DIR> d-------- c:\windows\Cache 2009-02-18 06:04 . 2009-02-18 06:04 <DIR> d-------- c:\program files\MSI 2009-02-18 06:04 . 2004-10-05 16:54 306,688 --a------ c:\windows\IsUninst.exe 2009-02-18 06:04 . 2003-07-02 04:42 27,904 --a------ c:\windows\system32\drivers\VIAAGP1.SYS 2009-02-18 06:04 . 2003-12-29 19:04 18,257 --a------ c:\windows\system32\Ntaccess.sys 2009-02-18 06:04 . 2004-07-23 16:09 13,368 --a------ c:\windows\system32\FlashVxd.vxd 2009-02-18 06:04 . 2004-09-22 16:02 9,076 --a------ c:\windows\system32\drivers\FlashSys.sys 2009-02-18 06:03 . 2009-02-18 06:04 <DIR> d-------- c:\windows\_ISTMP2.DIR 2009-02-18 05:59 . 2005-04-18 11:57 18,706,432 --a------ c:\windows\system32\ALSNDMGR.CPL 2009-02-18 05:56 . 2004-04-15 02:57 42,496 -ra------ c:\windows\system32\drivers\fetnd5b.sys 2009-02-18 05:55 . 2009-02-18 05:55 <DIR> d-------- c:\program files\VIA 2009-02-18 05:55 . 2004-07-06 14:45 60,672 -ra------ c:\windows\system32\drivers\viamraid.sys 2009-02-18 05:52 . 2009-02-18 05:52 <DIR> d-------- c:\documents and settings\brustad\Application Data\Logitech 2009-02-18 05:51 . 2009-02-18 05:59 <DIR> d-------- c:\program files\Common Files\InstallShield 2009-02-18 05:51 . 2009-02-18 05:51 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2009-02-18 05:50 . 2009-02-18 05:50 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-02-18 05:50 . 2009-02-18 05:50 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2009-02-18 05:50 . 2009-02-18 05:50 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-02-18 05:49 . 2009-02-18 05:51 <DIR> d-------- c:\program files\Logitech 2009-02-18 05:49 . 2009-03-06 19:36 <DIR> d--h----- c:\program files\InstallShield Installation Information 2009-02-18 05:49 . 2009-02-18 05:51 <DIR> d-------- c:\program files\Common Files\Logishrd 2009-02-18 05:49 . 2009-02-18 05:49 <DIR> d-------- c:\documents and settings\brustad\Application Data\InstallShield 2009-02-18 05:49 . 2009-02-18 05:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech 2009-02-18 05:49 . 2009-02-18 05:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd 2009-02-18 05:49 . 2007-11-15 10:06 301,656 --a------ c:\windows\system32\BtCoreIf.dll 2009-02-18 05:49 . 2007-11-15 10:07 170,512 --a------ c:\windows\system32\kemutb.dll 2009-02-18 05:49 . 2007-11-15 10:07 141,840 --a------ c:\windows\system32\KemUtil.dll 2009-02-18 05:49 . 2007-11-15 10:07 117,264 --a------ c:\windows\system32\KemWnd.dll 2009-02-18 05:49 . 2007-11-15 10:07 76,304 --a------ c:\windows\system32\KemXML.dll 2009-02-18 05:49 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll 2009-02-18 05:49 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll 2009-02-18 05:49 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys 2009-02-18 05:49 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys 2009-02-18 03:31 . 2009-02-18 03:31 <DIR> d-------- c:\documents and settings\brustad\Application Data\Windows Search 2009-02-18 00:32 . 2009-03-06 18:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\TrackMania 2009-02-18 00:25 . 2009-02-18 00:29 <DIR> d-------- c:\program files\TmNationsForever 2009-02-18 00:20 . 2009-02-18 00:20 <DIR> d-------- c:\documents and settings\brustad\Application Data\Windows Desktop Search 2009-02-18 00:19 . 2009-03-29 20:46 <DIR> d-------- c:\documents and settings\brustad 2009-02-18 00:16 . 2009-02-18 00:16 <DIR> d---s---- c:\windows\system32\Microsoft 2009-02-18 00:15 . 2009-03-27 19:46 <DIR> d--hs---- c:\documents and settings\NetworkService 2009-02-18 00:15 . 2009-02-18 00:15 8,192 --a------ c:\windows\REGLOCS.OLD 2009-02-18 00:14 . 2008-04-14 01:41 156,672 --a--c--- c:\windows\system32\dllcache\winzm.ime 2009-02-18 00:14 . 2008-04-14 01:41 156,672 --a--c--- c:\windows\system32\dllcache\winsp.ime 2009-02-18 00:14 . 2008-04-14 01:41 156,672 --a--c--- c:\windows\system32\dllcache\winpy.ime 2009-02-18 00:14 . 2008-04-14 01:41 79,360 --a--c--- c:\windows\system32\dllcache\winar30.ime 2009-02-18 00:14 . 2008-04-14 01:41 72,704 --a--c--- c:\windows\system32\dllcache\wingb.ime 2009-02-18 00:14 . 2008-04-14 01:41 65,536 --a--c--- c:\windows\system32\dllcache\winime.ime 2009-02-18 00:14 . 2001-08-23 10:00 41,600 --a--c--- c:\windows\system32\dllcache\weitekp9.dll 2009-02-18 00:14 . 2001-08-23 10:00 31,232 --a--c--- c:\windows\system32\dllcache\weitekp9.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-31 09:48 --------- d-----w c:\program files\Steam 2009-03-27 06:16 61,440 --sha-w c:\windows\system32\retegefu.exe 2009-02-20 12:53 --------- d-----w c:\program files\Valve 2009-02-18 19:13 --------- d-----w c:\program files\Counter-Strike Source 2009-02-17 23:57 --------- d-----w c:\program files\Windows Media Connect 2 2009-02-17 23:54 --------- d-----w c:\program files\Windows Desktop Search 2009-02-17 23:54 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-17 21:51 --------- d-----w c:\program files\RocketDock 2009-02-17 20:27 --------- d-----w c:\program files\TGTSoft 2009-02-17 20:25 --------- d-----w c:\program files\nLite 2009-02-17 20:22 --------- d-----w c:\program files\Avira 2009-02-17 19:55 --------- d-----w c:\program files\Magic Video Converter 2009-02-17 19:49 --------- d-----w c:\program files\CCleaner 2009-02-17 19:47 --------- d-----w c:\program files\GIMP-2.0 2009-02-17 19:42 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-17 19:41 --------- d-----w c:\program files\Java 2009-02-17 19:38 --------- d-----w c:\program files\LimeWire 2009-02-17 19:31 --------- d-----w c:\program files\Microsoft ActiveSync 2009-02-17 19:30 --------- d-----w c:\program files\Microsoft.NET 2009-02-17 19:28 --------- d-----w c:\program files\ImgBurn 2009-02-17 19:26 --------- d-----w c:\program files\Spotify 2009-02-17 19:25 --------- d-----w c:\program files\Winamp 2009-02-17 19:25 --------- d-----w c:\program files\VideoLAN 2009-02-17 13:03 1,614,848 ----a-w c:\windows\system32\sfcfiles.dll 2009-02-12 15:27 86,073 ----a-w c:\windows\system32\usrfaxa.dll 2009-02-12 14:58 990,208 ----a-w c:\windows\system32\syssetup.dll 2009-02-12 14:58 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys 2009-02-12 14:58 218,624 ----a-w c:\windows\system32\uxtheme.dll 2009-02-12 14:50 581,192 ----a-w c:\windows\system32\winusbcoinstaller.dll 2009-02-12 14:50 56,320 ----a-w c:\windows\system32\xmlfilter.dll 2009-02-12 14:50 43,544 ----a-w c:\windows\system32\wups2.dll 2009-02-12 14:50 1,302,600 ----a-w c:\windows\system32\wudfupdate_01007.dll 2009-02-12 14:50 1,112,288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll 2009-02-12 14:48 91,656 ----a-w c:\windows\system32\msxml4r.dll 2009-02-12 14:47 323,696 ----a-w c:\windows\system32\msdrm.dll 2009-02-12 14:43 75,264 ----a-w c:\windows\inf\ieResetIcons.tmp 2009-02-12 14:43 465,920 ----a-w c:\windows\system32\imapi2fs.dll 2009-02-12 14:43 317,952 ----a-w c:\windows\system32\imapi2.dll 2009-02-12 14:43 151,552 ----a-w c:\windows\system32\ifxcardm.dll 2009-02-12 14:42 633,344 ----a-w c:\windows\system32\gpprefcl.dll 2009-02-12 14:42 133,632 ----a-w c:\windows\system32\drivers\exfat.sys 2009-02-12 14:37 96,792 ----a-w c:\windows\system32\basecsp.dll 2009-02-12 14:37 82,944 ----a-w c:\windows\system32\drivers\wudfrd.sys 2009-02-12 14:37 77,568 ----a-w c:\windows\system32\drivers\wudfpf.sys 2009-02-12 14:37 55,808 ----a-w c:\windows\system32\wudfsvc.dll 2009-02-12 14:37 383,488 ----a-w c:\windows\system32\wzcdlg.dll 2009-02-12 14:37 34,328 ----a-w c:\windows\system32\wups.dll 2009-02-12 14:37 316,416 ----a-w c:\windows\system32\wudfx.dll 2009-02-12 14:37 25,600 ----a-w c:\windows\system32\bcsprsrc.dll 2009-02-12 14:37 202,776 ----a-w c:\windows\system32\wuweb.dll 2009-02-12 14:37 146,432 ----a-w c:\windows\system32\wudfhost.exe 2009-02-12 14:37 133,120 ----a-w c:\windows\system32\axaltocm.dll 2009-02-12 14:35 99,840 ----a-w c:\windows\system32\wmpshell.dll 2009-02-12 14:35 8,231,936 ----a-w c:\windows\system32\wmploc.dll 2009-02-12 14:35 613,376 ----a-w c:\windows\system32\wmpmde.dll 2009-02-12 14:35 603,648 ----a-w c:\windows\system32\wmspdmod.dll 2009-02-12 14:35 4,096 ----a-w c:\windows\system32\wmvadve.dll 2009-02-12 14:35 4,096 ----a-w c:\windows\system32\wmvadvd.dll 2009-02-12 14:35 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll 2009-02-12 14:35 4,096 ----a-w c:\windows\system32\wmsdmod.dll 2009-02-12 14:35 314,880 ----a-w c:\windows\system32\wmpdxm.dll 2009-02-12 14:35 204,288 ----a-w c:\windows\system32\wmpsrcwp.dll 2009-02-12 14:35 130,048 ----a-w c:\windows\system32\wmpps.dll 2009-02-12 14:35 1,661,440 ----a-w c:\windows\system32\wmpencen.dll 2009-02-12 14:35 1,329,152 ----a-w c:\windows\system32\wmspdmoe.dll 2009-02-12 14:34 242,688 ----a-w c:\windows\system32\wmpasf.dll 2009-02-12 14:32 8,704 ----a-w c:\windows\system32\uwdf.exe 2009-02-12 14:31 985,088 ----a-w c:\windows\system32\setupapi.dll 2009-02-12 14:30 98,304 ----a-w c:\windows\system32\nlhtml.dll 2009-02-12 14:29 997,888 ----a-w c:\windows\system32\msgina.dll 2009-02-12 14:29 95,744 ----a-w c:\windows\system32\msiexec.exe 2009-02-12 14:29 48,128 ----a-w c:\windows\system32\mshtmler.dll 2009-02-12 14:29 45,568 ----a-w c:\windows\system32\mshta.exe 2009-02-12 14:29 4,445,184 ----a-w c:\windows\system32\msi.dll 2009-02-12 14:29 312,128 ----a-w c:\windows\system32\msdelta.dll 2009-02-12 14:29 304,152 ----a-w c:\windows\system32\msexcl40.dll 2009-02-12 14:29 299,520 ----a-w c:\windows\system32\MSCTF.dll 2009-02-12 14:27 77,824 ----a-w c:\windows\system32\ifsutil.dll 2009-02-12 14:27 76,800 ----a-w c:\windows\system32\inetpp.dll 2009-02-12 14:27 691,712 ----a-w c:\windows\system32\inetcomm.dll 2009-02-12 14:27 55,808 ----a-w c:\windows\system32\ipconfig.exe 2009-02-12 14:27 55,296 ----a-w c:\windows\system32\iesetup.dll 2009-02-12 14:27 449,024 ----a-w c:\windows\system32\infosoft.dll 2009-02-12 14:27 36,352 ----a-w c:\windows\system32\imgutil.dll 2009-02-12 14:27 330,752 ----a-w c:\windows\system32\ipnathlp.dll 2009-02-12 14:27 299,520 ----a-w c:\windows\system32\kerberos.dll 2009-02-12 14:26 78,336 ----a-w c:\windows\system32\ieencode.dll 2009-02-12 14:26 344,064 ----a-w c:\windows\system32\hnetcfg.dll 2009-02-12 14:26 286,720 ----a-w c:\windows\system32\gdi32.dll 2009-02-12 14:26 26,112 ----a-w c:\windows\system32\idndl.dll 2009-02-12 14:26 199,680 ----a-w c:\windows\system32\gptext.dll 2009-02-12 14:24 71,680 ----a-w c:\windows\system32\admparse.dll 2009-02-12 14:24 68,096 ----a-w c:\windows\system32\adsmsext.dll 2009-02-12 14:24 53,504 ----a-w c:\windows\system32\drivers\1394bus.sys 2009-02-12 14:24 176,128 ----a-w c:\windows\system32\adsldp.dll 2009-02-12 14:24 138,496 ----a-w c:\windows\system32\drivers\afd.sys 2009-02-12 14:17 691,560 ----a-w c:\windows\system32\OGACheckControl.DLL 2009-02-12 14:17 524,288 ----a-w c:\windows\opuc.dll 2009-02-12 14:08 95,344 ----a-w c:\windows\system32\wudfcoinstaller.dll 2009-02-12 14:08 38,400 ----a-w c:\windows\system32\wpdshextres.dll . ------- Sigcheck ------- 2009-02-12 14:58 361600 25a740d70e8007814a48d3fa1b34fa34 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-03-27_19.45.37,92 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-31 09:47:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5b0.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536] "STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Steam"="c:\program files\steam\steam.exe" [2009-02-17 1410296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-03 342848] "msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2005-03-07 482816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-12-15 86016] "lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760] "Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048] "EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-17 148888] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352] "LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2009-03-27 577540] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-12-15 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536] c:\documents and settings\brustad\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-02-24 3450608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-02-18 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-18 784912] STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2009-02-18 163840] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-12 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2007-11-15 10:10 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= rtubcx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor] --a------ 2004-12-16 14:55 987136 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] -ra------ 2004-10-11 06:54 589824 c:\program files\VIA\RAID\raid_tool.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\WINDOWS\\system32\\lxctcoms.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\monster trucks nitro demo\\MonsterTrucksNitro.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\scaneripx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\hwpcassistant.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30826e0e-fe9e-11dd-af9d-0013d33bb87b}] \Shell\AutoRun\command - G:\hwpcassistant.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30826e0f-fe9e-11dd-af9d-0013d33bb87b}] \Shell\AutoRun\command - G:\hwpcassistant.exe . . ------- Tilleggsskanning ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\brustad\Application Data\Mozilla\Firefox\Profiles\663a5amb.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-31 09:53:24 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-796845957-152049171-1606980848-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:cd,32,74,9c,60,e8,5d,1f,40,ce,b9,7b,6d,4c,44,e3,a0,cd,29,a3,b7,db,e3, f9,cf,77,fa,94,07,09,8f,19,d9,f0,5a,ff,fd,bd,bf,63,c0,9b,a5,32,e4,27,fb,c9,\ "??"=hex:72,db,72,2f,a0,c1,b1,da,a0,f9,a0,89,64,7f,db,b3 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(756) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Tidspunkt ferdig: 2009-03-31 9:55:09 ComboFix-quarantined-files.txt 2009-03-31 09:55:04 ComboFix2.txt 2009-03-29 20:39:08 ComboFix3.txt 2009-03-29 12:37:50 ComboFix4.txt 2009-03-27 19:46:41 Pre-Run: 6 298 869 760 bytes free Post-Run: 6,287,048,704 bytes free 399 mbam Klikk for å se/fjerne spoilerteksten nedenfor Malwarebytes' Anti-Malware 1.35Databaseversjon: 1915 Windows 5.1.2600 Service Pack 3 29.03.2009 20:53:18 mbam-log-2009-03-29 (20-53-18).txt Skanntype: Rask Skann Objekter skannet: 63882 Tid tilbakelagt: 3 minute(s), 34 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 6 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\RECYCLER\S-1-5-21-0982818026-0792038349-964117139-9221\service.exe (Trojan.Agent) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe (Trojan.Agent) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe (Trojan.Agent) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (Backdoor.Bot) -> Delete on reboot. C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe (Backdoor.Bot) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise323.exe (Backdoor.Bot) -> Delete on reboot. Lenke til kommentar
norbat Skrevet 31. mars 2009 Del Skrevet 31. mars 2009 Opprett et nytt CFScript med samme innhold som over og sørg for at du lagrer fila slik at den heter CFScript.txt (vanligvis så skriver du bare CFScript som filnavn da den legger til .txt-endelsen selv. I ditt tilfelle over ble navnet CFScript.txt.txt) Post ny logg etter at du har dratt og sluppet fila over Combofix-iconet slik at det får kjørt på nytt. Lenke til kommentar
yamahaen Skrevet 31. mars 2009 Forfatter Del Skrevet 31. mars 2009 no har eg lagra den i cfscript Klikk for å se/fjerne spoilerteksten nedenfor ComboFix 09-03-28.06 - brustad 2009-03-31 14:43:05.6 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.406 [GMT 0:00] Kjører fra: c:\documents and settings\brustad\Desktop\ComboFix.exe Command switches brukt :: c:\documents and settings\brustad\Desktop\cfscript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-28 til 2009-03-31 ))))))))))))))))))))))))))))))))) . 2009-03-28 16:02 . 2009-03-28 16:14 <DIR> d-------- c:\documents and settings\brustad\Application Data\gtk-2.0 2009-03-27 17:59 . 2009-03-27 17:59 <DIR> d-------- c:\program files\NCH Software 2009-03-27 17:59 . 2009-03-27 17:59 <DIR> d-------- c:\documents and settings\brustad\Application Data\Recordpad 2009-03-27 17:59 . 2009-03-27 18:00 <DIR> d-------- c:\documents and settings\brustad\Application Data\NCH Swift Sound 2009-03-27 17:59 . 2009-03-27 19:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2009-03-27 17:58 . 2009-03-27 18:00 <DIR> d-------- c:\program files\NCH Swift Sound 2009-03-27 16:42 . 2009-03-27 16:42 <DIR> d-------- c:\documents and settings\brustad\Application Data\Malwarebytes 2009-03-27 16:41 . 2009-03-27 16:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-27 16:41 . 2009-03-27 16:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-27 16:41 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-27 16:41 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-27 15:55 . 2009-03-27 15:55 5,505 --a------ C:\bust.exe 2009-03-26 02:28 . 2009-03-26 02:28 45,568 --a------ C:\scaneripx.exe 2009-03-25 18:26 . 2009-03-25 18:26 <DIR> d-------- c:\program files\MSN Messenger 2009-03-24 21:52 . 2009-03-24 21:52 2,713 ---hs---- c:\windows\system32\jogekini.dll 2009-03-24 17:57 . 2009-03-24 17:57 <DIR> d-------- C:\Videos 2009-03-24 17:55 . 2009-03-24 17:58 <DIR> d-------- c:\program files\Cool YouTube Downloader 2009-03-15 19:55 . 2009-03-15 19:57 <DIR> d-------- C:\DestinatorApps 2009-03-06 19:48 . 2009-03-06 19:51 43,520 --a------ c:\windows\system32\CmdLineExt03.dll 2009-03-06 19:29 . 2009-03-06 19:29 <DIR> d-------- c:\program files\Sierra 2009-03-04 22:25 . 2009-03-31 09:47 45 --a------ C:\TEST.XML 2009-03-04 21:23 . 2009-03-07 18:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Test Drive Unlimited 2009-03-04 20:51 . 2009-03-04 20:51 <DIR> d-------- c:\program files\Vuze 2009-03-04 20:51 . 2009-03-27 17:58 <DIR> d-------- c:\documents and settings\brustad\Application Data\Azureus 2009-03-04 20:51 . 2009-03-04 20:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus 2009-03-03 19:38 . 2009-03-31 09:48 <DIR> d-------- c:\program files\DNA 2009-03-03 19:38 . 2009-03-03 19:38 <DIR> d-------- c:\program files\BitTorrent 2009-03-03 19:38 . 2009-03-31 14:38 <DIR> d-------- c:\documents and settings\brustad\Application Data\DNA 2009-03-03 19:38 . 2009-03-04 21:16 <DIR> d-------- c:\documents and settings\brustad\Application Data\BitTorrent 2009-02-24 20:27 . 2009-02-24 20:27 <DIR> d-------- c:\program files\Stardock 2009-02-24 20:27 . 2009-02-24 20:27 <DIR> d-------- c:\program files\Common Files\Stardock 2009-02-24 19:29 . 2009-02-24 20:08 <DIR> d-------- c:\documents and settings\brustad\Application Data\LimeWire 2009-02-22 16:34 . 2009-02-22 16:34 <DIR> dr-h----- c:\documents and settings\brustad\Application Data\SecuROM 2009-02-22 16:34 . 2009-02-22 16:34 108,144 --a------ c:\windows\system32\CmdLineExt.dll 2009-02-22 16:07 . 2009-02-22 16:07 <DIR> d-------- c:\program files\Atari 2009-02-22 16:02 . 2009-02-22 16:02 <DIR> d-------- c:\documents and settings\brustad\Application Data\DAEMON Tools Pro 2009-02-22 16:02 . 2009-02-22 16:02 <DIR> d-------- c:\documents and settings\brustad\Application Data\DAEMON Tools 2009-02-22 16:00 . 2009-02-22 16:00 <DIR> d-------- c:\program files\DAEMON Tools Lite 2009-02-22 16:00 . 2009-02-22 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-02-22 15:55 . 2009-02-22 15:55 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-02-22 15:54 . 2009-02-22 16:04 <DIR> d-------- c:\documents and settings\brustad\Application Data\DAEMON Tools Lite 2009-02-22 13:54 . 2009-02-22 13:54 <DIR> d-------- c:\documents and settings\brustad\.thumbnails 2009-02-19 16:43 . 2009-02-19 16:43 <DIR> d-------- c:\program files\Google 2009-02-19 15:58 . 2009-02-19 15:58 <DIR> d-------- c:\program files\home plan software 2009-02-18 22:28 . 2009-02-18 22:29 <DIR> d-------- c:\documents and settings\brustad\Application Data\vlc 2009-02-18 20:25 . 2009-03-24 22:22 <DIR> d-------- c:\documents and settings\brustad\Tracing 2009-02-18 20:22 . 2009-03-24 22:55 <DIR> d-------- c:\program files\Windows Live 2009-02-18 20:15 . 2009-02-18 20:15 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-02-18 17:33 . 2009-02-18 20:12 <DIR> d-------- c:\documents and settings\brustad\Contacts 2009-02-18 06:42 . 2009-03-04 10:56 <DIR> d-------- c:\documents and settings\brustad\Application Data\5400 Series 2009-02-18 06:41 . 2009-03-31 09:48 <DIR> d-------- c:\program files\lx_cats 2009-02-18 06:41 . 2006-11-07 11:30 344,064 --a------ c:\windows\system32\lxctcoin.dll 2009-02-18 06:41 . 2006-04-25 03:11 40,960 --a------ c:\windows\system32\lxctvs.dll 2009-02-18 06:39 . 2009-02-18 06:43 <DIR> d-------- c:\program files\Lexmark Toolbar 2009-02-18 06:39 . 2009-02-18 06:39 <DIR> d-------- c:\program files\Abbyy FineReader 6.0 Sprint 2009-02-18 06:39 . 2009-02-18 06:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\5400 Series 2009-02-18 06:38 . 2009-03-10 18:11 <DIR> d-------- c:\program files\Lexmark 5400 Series 2009-02-18 06:38 . 2006-11-06 16:35 1,224,704 --a------ c:\windows\system32\lxctserv.dll 2009-02-18 06:37 . 2009-02-18 06:37 <DIR> d-------- c:\windows\STK02N 2009-02-18 06:37 . 2007-03-12 14:25 101,520 --a------ c:\windows\system32\drivers\STK02NW2.sys 2009-02-18 06:37 . 2007-03-12 14:28 40,960 --a------ c:\windows\system32\STK02NP.ax 2009-02-18 06:37 . 2007-03-12 14:25 33,728 --a------ c:\windows\system32\drivers\STK02NW1.sys 2009-02-18 06:36 . 2009-02-18 06:36 <DIR> d-------- c:\program files\Common Files\ArcSoft 2009-02-18 06:36 . 2005-04-27 16:36 245,408 --a------ c:\windows\system32\unicows.dll 2009-02-18 06:35 . 2006-11-10 15:05 18,688 --a------ c:\windows\system32\drivers\afc.sys 2009-02-18 06:34 . 2009-02-18 06:36 <DIR> d-------- c:\program files\ArcSoft 2009-02-18 06:34 . 1995-08-01 04:44 212,480 --a------ c:\windows\PCDLIB32.DLL 2009-02-18 06:25 . 2009-03-11 21:20 <DIR> d-------- c:\program files\Common Files\Adobe 2009-02-18 06:25 . 2009-02-18 06:25 <DIR> d-------- c:\documents and settings\brustad\Application Data\AdobeUM 2009-02-18 06:24 . 2009-02-18 06:24 <DIR> d-------- c:\program files\VID_0E8F&PID_0003 2009-02-18 06:22 . 2009-02-18 06:22 <DIR> d-------- c:\windows\Options 2009-02-18 06:22 . 2009-02-18 06:22 <DIR> d-------- c:\program files\VGA USB Camera 2009-02-18 06:22 . 2009-02-18 06:22 <DIR> d-------- c:\program files\directx 2009-02-18 06:17 . 2009-02-18 06:17 <DIR> d-------- c:\program files\ASUS 2009-02-18 06:16 . 2009-02-18 06:16 <DIR> d-------- c:\program files\ASUSTeK 2009-02-18 06:12 . 2004-12-14 15:55 9,472 -ra------ c:\windows\system32\drivers\EIO.sys 2009-02-18 06:08 . 2009-02-18 06:08 <DIR> d-------- c:\windows\Cache 2009-02-18 06:04 . 2009-02-18 06:04 <DIR> d-------- c:\program files\MSI 2009-02-18 06:04 . 2004-10-05 16:54 306,688 --a------ c:\windows\IsUninst.exe 2009-02-18 06:04 . 2003-07-02 04:42 27,904 --a------ c:\windows\system32\drivers\VIAAGP1.SYS 2009-02-18 06:04 . 2003-12-29 19:04 18,257 --a------ c:\windows\system32\Ntaccess.sys 2009-02-18 06:04 . 2004-07-23 16:09 13,368 --a------ c:\windows\system32\FlashVxd.vxd 2009-02-18 06:04 . 2004-09-22 16:02 9,076 --a------ c:\windows\system32\drivers\FlashSys.sys 2009-02-18 06:03 . 2009-02-18 06:04 <DIR> d-------- c:\windows\_ISTMP2.DIR 2009-02-18 05:59 . 2005-04-18 11:57 18,706,432 --a------ c:\windows\system32\ALSNDMGR.CPL 2009-02-18 05:56 . 2004-04-15 02:57 42,496 -ra------ c:\windows\system32\drivers\fetnd5b.sys 2009-02-18 05:55 . 2009-02-18 05:55 <DIR> d-------- c:\program files\VIA 2009-02-18 05:55 . 2004-07-06 14:45 60,672 -ra------ c:\windows\system32\drivers\viamraid.sys 2009-02-18 05:52 . 2009-02-18 05:52 <DIR> d-------- c:\documents and settings\brustad\Application Data\Logitech 2009-02-18 05:51 . 2009-02-18 05:59 <DIR> d-------- c:\program files\Common Files\InstallShield 2009-02-18 05:51 . 2009-02-18 05:51 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2009-02-18 05:50 . 2009-02-18 05:50 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-02-18 05:50 . 2009-02-18 05:50 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2009-02-18 05:50 . 2009-02-18 05:50 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-02-18 05:49 . 2009-02-18 05:51 <DIR> d-------- c:\program files\Logitech 2009-02-18 05:49 . 2009-03-06 19:36 <DIR> d--h----- c:\program files\InstallShield Installation Information 2009-02-18 05:49 . 2009-02-18 05:51 <DIR> d-------- c:\program files\Common Files\Logishrd 2009-02-18 05:49 . 2009-02-18 05:49 <DIR> d-------- c:\documents and settings\brustad\Application Data\InstallShield 2009-02-18 05:49 . 2009-02-18 05:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech 2009-02-18 05:49 . 2009-02-18 05:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd 2009-02-18 05:49 . 2007-11-15 10:06 301,656 --a------ c:\windows\system32\BtCoreIf.dll 2009-02-18 05:49 . 2007-11-15 10:07 170,512 --a------ c:\windows\system32\kemutb.dll 2009-02-18 05:49 . 2007-11-15 10:07 141,840 --a------ c:\windows\system32\KemUtil.dll 2009-02-18 05:49 . 2007-11-15 10:07 117,264 --a------ c:\windows\system32\KemWnd.dll 2009-02-18 05:49 . 2007-11-15 10:07 76,304 --a------ c:\windows\system32\KemXML.dll 2009-02-18 05:49 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll 2009-02-18 05:49 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll 2009-02-18 05:49 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys 2009-02-18 05:49 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys 2009-02-18 03:31 . 2009-02-18 03:31 <DIR> d-------- c:\documents and settings\brustad\Application Data\Windows Search 2009-02-18 00:32 . 2009-03-06 18:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\TrackMania 2009-02-18 00:25 . 2009-02-18 00:29 <DIR> d-------- c:\program files\TmNationsForever 2009-02-18 00:20 . 2009-02-18 00:20 <DIR> d-------- c:\documents and settings\brustad\Application Data\Windows Desktop Search 2009-02-18 00:19 . 2009-03-29 20:46 <DIR> d-------- c:\documents and settings\brustad 2009-02-18 00:16 . 2009-02-18 00:16 <DIR> d---s---- c:\windows\system32\Microsoft 2009-02-18 00:15 . 2009-03-27 19:46 <DIR> d--hs---- c:\documents and settings\NetworkService 2009-02-18 00:15 . 2009-02-18 00:15 8,192 --a------ c:\windows\REGLOCS.OLD 2009-02-18 00:14 . 2008-04-14 01:41 156,672 --a--c--- c:\windows\system32\dllcache\winzm.ime 2009-02-18 00:14 . 2008-04-14 01:41 156,672 --a--c--- c:\windows\system32\dllcache\winsp.ime 2009-02-18 00:14 . 2008-04-14 01:41 156,672 --a--c--- c:\windows\system32\dllcache\winpy.ime 2009-02-18 00:14 . 2008-04-14 01:41 79,360 --a--c--- c:\windows\system32\dllcache\winar30.ime 2009-02-18 00:14 . 2008-04-14 01:41 72,704 --a--c--- c:\windows\system32\dllcache\wingb.ime 2009-02-18 00:14 . 2008-04-14 01:41 65,536 --a--c--- c:\windows\system32\dllcache\winime.ime 2009-02-18 00:14 . 2001-08-23 10:00 41,600 --a--c--- c:\windows\system32\dllcache\weitekp9.dll 2009-02-18 00:14 . 2001-08-23 10:00 31,232 --a--c--- c:\windows\system32\dllcache\weitekp9.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-31 09:48 --------- d-----w c:\program files\Steam 2009-03-27 06:16 61,440 --sha-w c:\windows\system32\retegefu.exe 2009-02-20 12:53 --------- d-----w c:\program files\Valve 2009-02-18 19:13 --------- d-----w c:\program files\Counter-Strike Source 2009-02-17 23:57 --------- d-----w c:\program files\Windows Media Connect 2 2009-02-17 23:54 --------- d-----w c:\program files\Windows Desktop Search 2009-02-17 23:54 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-17 21:51 --------- d-----w c:\program files\RocketDock 2009-02-17 20:27 --------- d-----w c:\program files\TGTSoft 2009-02-17 20:25 --------- d-----w c:\program files\nLite 2009-02-17 20:22 --------- d-----w c:\program files\Avira 2009-02-17 19:55 --------- d-----w c:\program files\Magic Video Converter 2009-02-17 19:49 --------- d-----w c:\program files\CCleaner 2009-02-17 19:47 --------- d-----w c:\program files\GIMP-2.0 2009-02-17 19:42 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-17 19:41 --------- d-----w c:\program files\Java 2009-02-17 19:38 --------- d-----w c:\program files\LimeWire 2009-02-17 19:31 --------- d-----w c:\program files\Microsoft ActiveSync 2009-02-17 19:30 --------- d-----w c:\program files\Microsoft.NET 2009-02-17 19:28 --------- d-----w c:\program files\ImgBurn 2009-02-17 19:26 --------- d-----w c:\program files\Spotify 2009-02-17 19:25 --------- d-----w c:\program files\Winamp 2009-02-17 19:25 --------- d-----w c:\program files\VideoLAN 2009-02-17 13:03 1,614,848 ----a-w c:\windows\system32\sfcfiles.dll 2009-02-12 15:27 86,073 ----a-w c:\windows\system32\usrfaxa.dll 2009-02-12 14:58 990,208 ----a-w c:\windows\system32\syssetup.dll 2009-02-12 14:58 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys 2009-02-12 14:58 218,624 ----a-w c:\windows\system32\uxtheme.dll 2009-02-12 14:50 581,192 ----a-w c:\windows\system32\winusbcoinstaller.dll 2009-02-12 14:50 56,320 ----a-w c:\windows\system32\xmlfilter.dll 2009-02-12 14:50 43,544 ----a-w c:\windows\system32\wups2.dll 2009-02-12 14:50 1,302,600 ----a-w c:\windows\system32\wudfupdate_01007.dll 2009-02-12 14:50 1,112,288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll 2009-02-12 14:48 91,656 ----a-w c:\windows\system32\msxml4r.dll 2009-02-12 14:47 323,696 ----a-w c:\windows\system32\msdrm.dll 2009-02-12 14:43 75,264 ----a-w c:\windows\inf\ieResetIcons.tmp 2009-02-12 14:43 465,920 ----a-w c:\windows\system32\imapi2fs.dll 2009-02-12 14:43 317,952 ----a-w c:\windows\system32\imapi2.dll 2009-02-12 14:43 151,552 ----a-w c:\windows\system32\ifxcardm.dll 2009-02-12 14:42 633,344 ----a-w c:\windows\system32\gpprefcl.dll 2009-02-12 14:42 133,632 ----a-w c:\windows\system32\drivers\exfat.sys 2009-02-12 14:37 96,792 ----a-w c:\windows\system32\basecsp.dll 2009-02-12 14:37 82,944 ----a-w c:\windows\system32\drivers\wudfrd.sys 2009-02-12 14:37 77,568 ----a-w c:\windows\system32\drivers\wudfpf.sys 2009-02-12 14:37 55,808 ----a-w c:\windows\system32\wudfsvc.dll 2009-02-12 14:37 383,488 ----a-w c:\windows\system32\wzcdlg.dll 2009-02-12 14:37 34,328 ----a-w c:\windows\system32\wups.dll 2009-02-12 14:37 316,416 ----a-w c:\windows\system32\wudfx.dll 2009-02-12 14:37 25,600 ----a-w c:\windows\system32\bcsprsrc.dll 2009-02-12 14:37 202,776 ----a-w c:\windows\system32\wuweb.dll 2009-02-12 14:37 146,432 ----a-w c:\windows\system32\wudfhost.exe 2009-02-12 14:37 133,120 ----a-w c:\windows\system32\axaltocm.dll 2009-02-12 14:35 99,840 ----a-w c:\windows\system32\wmpshell.dll 2009-02-12 14:35 8,231,936 ----a-w c:\windows\system32\wmploc.dll 2009-02-12 14:35 613,376 ----a-w c:\windows\system32\wmpmde.dll 2009-02-12 14:35 603,648 ----a-w c:\windows\system32\wmspdmod.dll 2009-02-12 14:35 4,096 ----a-w c:\windows\system32\wmvadve.dll 2009-02-12 14:35 4,096 ----a-w c:\windows\system32\wmvadvd.dll 2009-02-12 14:35 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll 2009-02-12 14:35 4,096 ----a-w c:\windows\system32\wmsdmod.dll 2009-02-12 14:35 314,880 ----a-w c:\windows\system32\wmpdxm.dll 2009-02-12 14:35 204,288 ----a-w c:\windows\system32\wmpsrcwp.dll 2009-02-12 14:35 130,048 ----a-w c:\windows\system32\wmpps.dll 2009-02-12 14:35 1,661,440 ----a-w c:\windows\system32\wmpencen.dll 2009-02-12 14:35 1,329,152 ----a-w c:\windows\system32\wmspdmoe.dll 2009-02-12 14:34 242,688 ----a-w c:\windows\system32\wmpasf.dll 2009-02-12 14:32 8,704 ----a-w c:\windows\system32\uwdf.exe 2009-02-12 14:31 985,088 ----a-w c:\windows\system32\setupapi.dll 2009-02-12 14:30 98,304 ----a-w c:\windows\system32\nlhtml.dll 2009-02-12 14:29 997,888 ----a-w c:\windows\system32\msgina.dll 2009-02-12 14:29 95,744 ----a-w c:\windows\system32\msiexec.exe 2009-02-12 14:29 48,128 ----a-w c:\windows\system32\mshtmler.dll 2009-02-12 14:29 45,568 ----a-w c:\windows\system32\mshta.exe 2009-02-12 14:29 4,445,184 ----a-w c:\windows\system32\msi.dll 2009-02-12 14:29 312,128 ----a-w c:\windows\system32\msdelta.dll 2009-02-12 14:29 304,152 ----a-w c:\windows\system32\msexcl40.dll 2009-02-12 14:29 299,520 ----a-w c:\windows\system32\MSCTF.dll 2009-02-12 14:27 77,824 ----a-w c:\windows\system32\ifsutil.dll 2009-02-12 14:27 76,800 ----a-w c:\windows\system32\inetpp.dll 2009-02-12 14:27 691,712 ----a-w c:\windows\system32\inetcomm.dll 2009-02-12 14:27 55,808 ----a-w c:\windows\system32\ipconfig.exe 2009-02-12 14:27 55,296 ----a-w c:\windows\system32\iesetup.dll 2009-02-12 14:27 449,024 ----a-w c:\windows\system32\infosoft.dll 2009-02-12 14:27 36,352 ----a-w c:\windows\system32\imgutil.dll 2009-02-12 14:27 330,752 ----a-w c:\windows\system32\ipnathlp.dll 2009-02-12 14:27 299,520 ----a-w c:\windows\system32\kerberos.dll 2009-02-12 14:26 78,336 ----a-w c:\windows\system32\ieencode.dll 2009-02-12 14:26 344,064 ----a-w c:\windows\system32\hnetcfg.dll 2009-02-12 14:26 286,720 ----a-w c:\windows\system32\gdi32.dll 2009-02-12 14:26 26,112 ----a-w c:\windows\system32\idndl.dll 2009-02-12 14:26 199,680 ----a-w c:\windows\system32\gptext.dll 2009-02-12 14:24 71,680 ----a-w c:\windows\system32\admparse.dll 2009-02-12 14:24 68,096 ----a-w c:\windows\system32\adsmsext.dll 2009-02-12 14:24 53,504 ----a-w c:\windows\system32\drivers\1394bus.sys 2009-02-12 14:24 176,128 ----a-w c:\windows\system32\adsldp.dll 2009-02-12 14:24 138,496 ----a-w c:\windows\system32\drivers\afd.sys 2009-02-12 14:17 691,560 ----a-w c:\windows\system32\OGACheckControl.DLL 2009-02-12 14:17 524,288 ----a-w c:\windows\opuc.dll 2009-02-12 14:08 95,344 ----a-w c:\windows\system32\wudfcoinstaller.dll 2009-02-12 14:08 38,400 ----a-w c:\windows\system32\wpdshextres.dll . ------- Sigcheck ------- 2009-02-12 14:58 361600 25a740d70e8007814a48d3fa1b34fa34 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-03-27_19.45.37,92 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-31 09:47:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5b0.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536] "STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Steam"="c:\program files\steam\steam.exe" [2009-02-17 1410296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-03 342848] "msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2005-03-07 482816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-12-15 5513216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-12-15 86016] "lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760] "Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048] "EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-17 148888] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352] "LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2009-03-27 577540] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-12-15 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536] c:\documents and settings\brustad\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-02-24 3450608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-02-18 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-18 784912] STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2009-02-18 163840] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-02-12 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2007-11-15 10:10 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= rtubcx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor] --a------ 2004-12-16 14:55 987136 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] -ra------ 2004-10-11 06:54 589824 c:\program files\VIA\RAID\raid_tool.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\WINDOWS\\system32\\lxctcoms.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\monster trucks nitro demo\\MonsterTrucksNitro.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\scaneripx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\hwpcassistant.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30826e0e-fe9e-11dd-af9d-0013d33bb87b}] \Shell\AutoRun\command - G:\hwpcassistant.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30826e0f-fe9e-11dd-af9d-0013d33bb87b}] \Shell\AutoRun\command - G:\hwpcassistant.exe . . ------- Tilleggsskanning ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\brustad\Application Data\Mozilla\Firefox\Profiles\663a5amb.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q= FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-31 14:44:10 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-796845957-152049171-1606980848-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:cd,32,74,9c,60,e8,5d,1f,40,ce,b9,7b,6d,4c,44,e3,a0,cd,29,a3,b7,db,e3, f9,cf,77,fa,94,07,09,8f,19,d9,f0,5a,ff,fd,bd,bf,63,c0,9b,a5,32,e4,27,fb,c9,\ "??"=hex:72,db,72,2f,a0,c1,b1,da,a0,f9,a0,89,64,7f,db,b3 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(756) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Tidspunkt ferdig: 2009-03-31 14:45:25 ComboFix-quarantined-files.txt 2009-03-31 14:45:22 ComboFix2.txt 2009-03-31 14:40:37 ComboFix3.txt 2009-03-31 09:55:11 ComboFix4.txt 2009-03-29 20:39:08 ComboFix5.txt 2009-03-31 14:42:34 Pre-Run: 6 243 782 656 bytes free Post-Run: 6,232,264,704 bytes free 400 Lenke til kommentar
norbat Skrevet 31. mars 2009 Del Skrevet 31. mars 2009 Hmm. Prøv følgende: Oppdater Malwarebytes og se om ikke den tar filene. Hvis ikke, se om du ikke får slettet filene manuelt (bruk utforsker). Noen av filene er skjult, så du må vise skjulte filer og mapper samt beskyttede operativsystemfiler (kontrollpanel->mappealternativer->vis) C:\bust.exe C:\scaneripx.exe c:\windows\system32\jogekini.dll c:\windows\system32\retegefu.exe Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå