Mr.Anki Skrevet 29. mai 2009 Del Skrevet 29. mai 2009 (endret) Hei, Kan noen skjekkde denne loggen? ComboFix 09-05-28.07 - Andreas 29.05.2009 13:28.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.47.1044.18.3070.1823 [GMT 2:00] Kjører fra: c:\users\Andreas\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\resycled e:\resycled\boot.com . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-28 til 2009-05-29 ))))))))))))))))))))))))))))))))) . 2009-05-29 11:31 . 2009-05-29 11:31 -------- d-----w c:\users\Andreas\AppData\Local\temp 2009-05-29 11:10 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{59B89EBE-E7B6-400E-B093-8A0ED5DB25B1}\mpengine.dll 2009-05-27 15:29 . 2009-05-29 11:06 117760 ----a-w c:\users\Andreas\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-05-26 16:05 . 2009-05-26 16:05 0 ----a-w c:\windows\nsreg.dat 2009-05-26 16:05 . 2009-05-26 16:05 -------- d-----w c:\users\Andreas\AppData\Local\Mozilla 2009-05-26 16:03 . 2009-05-29 11:22 -------- d-----w c:\program files\Mozilla Firefox 3.5 Beta 4 2009-05-21 20:07 . 2009-05-21 20:07 -------- d-----w c:\programdata\FLEXnet 2009-05-21 17:26 . 2009-05-21 17:26 -------- d-----w c:\program files\QuickTime 2009-05-21 16:57 . 2009-05-21 16:57 -------- d-----w c:\program files\Bonjour 2009-05-21 16:54 . 2009-05-21 16:54 -------- d-----w c:\program files\Common Files\Macrovision Shared 2009-05-21 11:42 . 2009-05-21 11:42 -------- d-----w c:\windows\Sun 2009-05-19 11:14 . 2009-05-02 08:43 3288344 ----a-w c:\programdata\avg8\update\backup\setup.exe 2009-05-19 11:14 . 2009-05-02 08:43 424472 ----a-w c:\programdata\avg8\update\backup\avgwdwsc.dll 2009-05-19 11:14 . 2009-05-02 08:43 312088 ----a-w c:\programdata\avg8\update\backup\avglngx.dll 2009-05-19 11:14 . 2009-05-02 08:43 177432 ----a-w c:\programdata\avg8\update\backup\avgmail.dll 2009-05-17 18:03 . 2009-05-17 18:03 -------- d-----w c:\users\Andreas\AppData\Roaming\ICAClient 2009-05-17 18:02 . 2009-05-17 18:02 -------- d-----w c:\windows\system32\Resource 2009-05-17 18:02 . 2009-05-17 18:02 -------- d-----w c:\program files\Citrix 2009-05-14 13:59 . 2009-05-14 14:00 -------- d-----w c:\program files\CLUE 2009-05-13 07:23 . 2009-05-02 08:43 2302232 ----a-w c:\programdata\avg8\update\backup\avguiadv.dll 2009-05-13 07:23 . 2009-05-02 08:43 3399960 ----a-w c:\programdata\avg8\update\backup\avgui.exe 2009-05-09 21:18 . 2009-05-09 21:18 -------- d-----w c:\program files\Alcohol Soft 2009-05-09 21:15 . 2009-05-09 21:15 685816 ----a-w c:\windows\system32\drivers\sptd.sys 2009-05-09 14:25 . 2009-05-09 14:25 -------- d-----w c:\programdata\SUPERAntiSpyware.com 2009-05-09 13:50 . 2009-05-27 15:27 -------- d-----w c:\users\Andreas\AppData\Roaming\SUPERAntiSpyware.com 2009-05-09 13:50 . 2009-05-27 15:27 -------- d-----w c:\program files\SUPERAntiSpyware 2009-05-09 13:49 . 2009-05-09 13:49 -------- d-----w c:\users\Andreas\AppData\Roaming\Malwarebytes 2009-05-09 13:48 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-09 13:48 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-09 13:48 . 2009-05-09 13:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-09 13:48 . 2009-05-09 13:48 -------- d-----w c:\programdata\Malwarebytes 2009-05-09 13:39 . 2009-05-09 13:39 -------- d-----w c:\users\Andreas\AppData\Roaming\Babylon 2009-05-09 13:39 . 2009-05-09 13:39 -------- d-----w c:\programdata\Babylon 2009-05-09 13:25 . 2009-05-09 13:25 -------- d-----w c:\users\Andreas\AppData\Roaming\Project MT 2009-05-09 13:19 . 2009-05-27 14:41 -------- d-----w c:\windows\Lhsp 2009-05-09 13:19 . 2009-05-09 13:19 -------- d-----w c:\program files\PRMT7 2009-05-09 13:19 . 2009-05-09 13:19 -------- d-----w c:\programdata\PROject MT 2009-05-09 13:19 . 2009-05-09 13:19 -------- d-----w c:\program files\Common Files\PROject MT 2009-05-05 14:25 . 2009-05-05 14:25 -------- d-----w c:\users\Andreas\AppData\Local\ApplicationHistory 2009-05-05 14:25 . 2009-05-05 14:25 95 ----a-w c:\users\Andreas\AppData\Local\fusioncache.dat 2009-05-05 12:07 . 2009-05-05 12:07 -------- d-----w c:\users\Andreas\AppData\Roaming\no.nrk.p3nettradio.95D8431DEB77DCAE37AA727BFE972AF895AD1E34.1 2009-05-05 12:06 . 2009-05-05 12:06 38208 ----a-w c:\users\Andreas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-05-05 12:06 . 2009-05-05 12:06 -------- d-----w c:\program files\P3nettradio 2009-05-05 12:06 . 2009-05-05 12:06 -------- d-----w c:\program files\Common Files\Adobe AIR 2009-05-04 16:10 . 2009-05-04 16:29 -------- d-----w c:\program files\Google 2009-05-04 15:55 . 2009-05-04 15:55 -------- d-----w c:\windows\system32\URTTEMP 2009-05-03 15:21 . 2009-05-03 15:21 -------- d-----w c:\program files\CPUID 2009-05-03 15:21 . 2009-03-26 23:16 12672 ----a-w c:\windows\system32\drivers\cpuz132_x32.sys 2009-05-03 12:55 . 2001-08-14 08:12 151552 ----a-w c:\windows\system32\ltvid12n.dll 2009-05-03 12:55 . 2001-08-09 10:54 35328 ----a-w c:\windows\system32\lttwn12n.dll 2009-05-03 12:55 . 2001-08-07 13:35 165888 ----a-w c:\windows\system32\ltimg12n.dll 2009-05-03 12:55 . 2001-08-07 12:21 388608 ----a-w c:\windows\system32\ltkrn12n.dll 2009-05-03 12:55 . 2001-08-14 08:11 258560 ----a-w c:\windows\system32\ltdis12n.dll 2009-05-03 12:55 . 2001-08-07 13:51 102400 ----a-w c:\windows\system32\lfmpg12n.dll 2009-05-03 12:55 . 2001-08-07 13:35 207872 ----a-w c:\windows\system32\ltefx12n.dll 2009-05-03 12:55 . 2001-08-07 13:34 130048 ----a-w c:\windows\system32\ltfil12n.DLL 2009-05-03 12:55 . 2002-05-08 12:33 125440 ----a-w c:\windows\system32\i2quiz2.dll 2009-05-03 12:55 . 2002-02-18 10:41 58372 ----a-w c:\windows\system32\Cheetah2.dll 2009-05-03 12:55 . 2009-05-03 12:55 -------- d-----w c:\program files\Intutor 2009-05-03 12:55 . 2002-04-09 16:07 534528 ----a-w c:\windows\system32\divx.dll 2009-05-03 12:47 . 2009-05-03 12:47 -------- d-----w c:\program files\PowerISO 2009-05-02 22:53 . 2009-05-02 22:53 86016 ----a-w c:\windows\system32\OpenAL32.dll 2009-05-02 22:53 . 2009-05-02 22:53 262144 ----a-w c:\windows\system32\wrap_oal.dll 2009-05-02 22:53 . 2004-06-22 13:44 5632 ----a-w c:\windows\system32\drivers\Entech64.sys 2009-05-02 22:53 . 2001-11-19 17:05 3972 ----a-w c:\windows\system32\drivers\PciBus.sys 2009-05-02 22:38 . 2009-05-02 22:38 -------- d-----w c:\programdata\Futuremark 2009-05-02 22:34 . 2009-05-02 22:34 -------- d-----w c:\windows\system32\Futuremark 2009-05-02 22:34 . 2009-05-02 22:34 -------- d-----w c:\program files\Common Files\Futuremark Shared 2009-05-02 22:34 . 2008-04-22 06:53 27672 ----a-r c:\windows\system32\drivers\Entech.sys 2009-05-02 22:33 . 2009-05-02 22:53 -------- d-----w c:\program files\Futuremark 2009-05-02 22:33 . 2009-05-02 22:33 -------- d-----w c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP 2009-05-02 22:33 . 2008-03-05 14:03 479752 ----a-w c:\windows\system32\XAudio2_0.dll 2009-05-02 22:33 . 2008-03-05 14:03 238088 ----a-w c:\windows\system32\xactengine3_0.dll 2009-05-02 22:30 . 2009-05-02 22:30 -------- d-----w c:\users\Andreas\AppData\Roaming\InstallShield 2009-05-02 21:01 . 2009-05-02 21:01 -------- d-----w c:\users\Andreas\AppData\Local\Realtime Soft 2009-05-02 20:46 . 2009-05-02 20:46 -------- d-----w c:\program files\Lavalys 2009-05-02 15:23 . 2008-01-21 15:43 4244744 ----a-w c:\windows\system32\qtp-mt334.dll 2009-05-02 15:23 . 2008-01-21 15:43 39472 ----a-w c:\windows\system32\drivers\hotcore3.sys 2009-05-02 15:23 . 2008-01-21 15:43 13576 ----a-w c:\windows\system32\wnaspi32.dll 2009-05-02 15:23 . 2008-01-21 15:43 247560 ----a-w c:\windows\system32\prgiso.dll 2009-05-02 15:23 . 2009-05-02 15:23 -------- d-----w c:\program files\Paragon Software 2009-05-02 08:56 . 2009-05-02 08:56 -------- d-----w c:\program files\Common Files\PX Storage Engine 2009-05-02 08:56 . 2009-05-02 11:36 -------- d-----w c:\users\Andreas\AppData\Roaming\Winamp 2009-05-02 08:56 . 2009-05-02 08:57 -------- d-----w c:\program files\Winamp 2009-05-02 08:44 . 2009-05-02 08:43 486168 ----a-w c:\programdata\avg8\update\backup\avgrsx.exe 2009-05-02 08:42 . 2009-05-02 08:42 1437464 ----a-w c:\programdata\avg8\update\backup\avgupd.dll 2009-05-02 08:42 . 2009-05-02 08:42 755992 ----a-w c:\programdata\avg8\update\backup\avginet.dll 2009-05-01 22:25 . 2009-05-03 12:46 -------- d-----w c:\users\Andreas\AppData\Roaming\dvdcss 2009-05-01 11:53 . 2009-05-02 08:43 2051864 ----a-w c:\programdata\avg8\update\backup\avgcorex.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-29 11:13 . 2006-11-21 05:21 80592 ----a-w c:\windows\system32\perfc014.dat 2009-05-29 11:13 . 2006-11-21 05:21 460388 ----a-w c:\windows\system32\perfh014.dat 2009-05-27 15:27 . 2009-04-25 19:36 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-05-27 14:02 . 2009-04-25 18:12 54680 ----a-w c:\users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-25 19:45 . 2009-04-25 22:23 -------- d-----w c:\program files\Common Files\Adobe 2009-05-25 19:43 . 2009-04-25 19:14 -------- d-----w c:\program files\Opera 2009-05-21 22:32 . 2009-04-25 20:04 -------- d-----w c:\users\Andreas\AppData\Roaming\uTorrent 2009-05-19 16:50 . 2009-04-25 20:08 -------- d-----w c:\users\Andreas\AppData\Roaming\Spotify 2009-05-13 14:49 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-05-09 13:50 . 2009-05-09 13:50 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-05-04 16:12 . 2009-04-25 18:54 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-03 15:26 . 2009-04-25 18:12 680 ----a-w c:\users\Andreas\AppData\Local\d3d9caps.dat 2009-05-02 15:23 . 2009-04-25 18:53 -------- d-----w c:\program files\Common Files\InstallShield 2009-05-02 08:43 . 2009-04-25 21:53 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-02 08:43 . 2009-04-25 21:53 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-02 08:43 . 2009-04-25 21:53 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-02 08:43 . 2009-04-25 21:53 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-04-27 20:52 . 2009-04-27 20:52 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-27 20:52 . 2009-04-27 20:52 -------- d-----w c:\program files\Java 2009-04-27 16:55 . 2009-04-27 16:55 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-04-27 15:07 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Calendar 2009-04-27 15:07 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Sidebar 2009-04-27 15:07 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Collaboration 2009-04-27 15:07 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Photo Gallery 2009-04-27 15:07 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Journal 2009-04-27 15:07 . 2006-11-02 12:35 -------- d-----w c:\program files\Windows Defender 2009-04-27 15:02 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat 2009-04-27 14:53 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll 2009-04-27 14:53 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll 2009-04-26 20:54 . 2006-11-02 12:35 -------- d-----w c:\program files\Microsoft Games 2009-04-26 14:19 . 2009-04-26 14:19 269312 ----a-w c:\windows\system32\es.dll 2009-04-26 14:18 . 2009-04-26 14:18 6656 ----a-w c:\windows\system32\kbd106n.dll 2009-04-26 14:17 . 2009-04-26 14:17 988216 ----a-w c:\windows\system32\winload.exe 2009-04-26 14:17 . 2009-04-26 14:17 927288 ----a-w c:\windows\system32\winresume.exe 2009-04-26 14:17 . 2009-04-26 14:17 40960 ----a-w c:\windows\system32\srclient.dll 2009-04-26 14:17 . 2009-04-26 14:17 378368 ----a-w c:\windows\system32\srcore.dll 2009-04-26 14:17 . 2009-04-26 14:17 318464 ----a-w c:\windows\system32\rstrui.exe 2009-04-26 14:17 . 2009-04-26 14:17 14848 ----a-w c:\windows\system32\srdelayed.exe 2009-04-26 14:17 . 2009-04-26 14:17 46592 ----a-w c:\windows\system32\setbcdlocale.dll 2009-04-26 14:17 . 2009-04-26 14:17 19000 ----a-w c:\windows\system32\kd1394.dll 2009-04-26 14:17 . 2009-04-26 14:17 615992 ----a-w c:\windows\system32\ci.dll 2009-04-26 09:31 . 2009-04-26 09:31 -------- d-----w c:\program files\Microsoft.NET 2009-04-25 23:02 . 2009-04-25 20:05 -------- d-----w c:\program files\uTorrent 2009-04-25 22:58 . 2009-04-25 22:58 -------- d-----w c:\users\Andreas\AppData\Roaming\vlc 2009-04-25 22:52 . 2009-04-25 22:52 -------- d-----w c:\program files\VideoLAN 2009-04-25 22:22 . 2009-04-25 22:22 -------- d-----w c:\program files\CCleaner 2009-04-25 22:15 . 2009-04-25 22:15 -------- d-----w c:\program files\SpeedFan 2009-04-25 21:53 . 2009-04-25 21:53 -------- d-----w c:\programdata\avg8 2009-04-25 21:53 . 2009-04-25 21:53 -------- d-----w c:\program files\AVG 2009-04-25 20:56 . 2009-04-25 20:56 61440 ----a-w c:\windows\system32\winipsec.dll 2009-04-25 20:56 . 2009-04-25 20:56 361984 ----a-w c:\windows\system32\IPSECSVC.DLL 2009-04-25 20:56 . 2009-04-25 20:56 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll 2009-04-25 20:56 . 2009-04-25 20:56 272896 ----a-w c:\windows\system32\polstore.dll 2009-04-25 20:55 . 2009-04-25 20:55 94720 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll 2009-04-25 20:55 . 2009-04-25 20:55 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll 2009-04-25 20:55 . 2009-04-25 20:55 160768 ----a-w c:\windows\system32\PortableDeviceTypes.dll 2009-04-25 20:51 . 2009-04-25 20:51 376832 ----a-w c:\windows\system32\winhttp.dll 2009-04-25 20:50 . 2009-04-25 20:50 296960 ----a-w c:\windows\system32\gdi32.dll 2009-04-25 20:49 . 2009-04-25 20:49 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys 2009-04-25 20:48 . 2009-04-25 20:48 562176 ----a-w c:\windows\system32\msdtcprx.dll 2009-04-25 20:48 . 2009-04-25 20:48 38912 ----a-w c:\windows\system32\xolehlp.dll 2009-04-25 20:47 . 2009-04-25 20:47 28672 ----a-w c:\windows\system32\Apphlpdm.dll 2009-04-25 20:47 . 2009-04-25 20:47 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll 2009-04-25 20:47 . 2009-04-25 20:47 1695744 ----a-w c:\windows\system32\gameux.dll 2009-04-25 20:46 . 2009-04-25 20:46 303616 ----a-w c:\windows\system32\wmpeffects.dll 2009-04-25 20:46 . 2009-04-25 20:46 2048 ----a-w c:\windows\system32\msxml3r.dll 2009-04-25 20:46 . 2009-04-25 20:46 1191936 ----a-w c:\windows\system32\msxml3.dll 2009-04-25 20:43 . 2009-04-25 20:43 2048 ----a-w c:\windows\system32\tzres.dll 2009-04-25 20:42 . 2009-04-25 20:42 428544 ----a-w c:\windows\system32\EncDec.dll 2009-04-25 20:42 . 2009-04-25 20:42 293376 ----a-w c:\windows\system32\psisdecd.dll 2009-04-25 20:42 . 2009-04-25 20:42 8147456 ----a-w c:\windows\system32\wmploc.DLL 2009-04-25 20:42 . 2009-04-25 20:42 7680 ----a-w c:\windows\system32\spwmp.dll 2009-04-25 20:42 . 2009-04-25 20:42 4096 ----a-w c:\windows\system32\dxmasf.dll 2009-04-25 20:39 . 2009-04-25 20:39 2927104 ----a-w c:\windows\explorer.exe 2009-04-25 20:35 . 2009-04-25 20:35 551424 ----a-w c:\windows\system32\rpcss.dll 2009-04-25 20:35 . 2009-04-25 20:35 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-04-25 20:35 . 2009-04-25 20:35 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-04-25 20:35 . 2009-04-25 20:35 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-04-25 20:35 . 2009-04-25 20:35 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-04-25 20:35 . 2009-04-25 20:35 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-04-25 20:35 . 2009-04-25 20:35 54784 ----a-w c:\windows\system32\iasads.dll 2009-04-25 20:35 . 2009-04-25 20:35 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-04-25 20:35 . 2009-04-25 20:35 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-04-25 20:35 . 2009-04-25 20:35 17408 ----a-w c:\windows\system32\iashost.exe 2009-04-25 20:33 . 2009-04-25 20:33 9728 ----a-w c:\windows\system32\lsass.exe 2009-04-25 20:33 . 2009-04-25 20:33 72704 ----a-w c:\windows\system32\secur32.dll 2009-04-25 20:33 . 2009-04-25 20:33 441400 ----a-w c:\windows\system32\drivers\ksecdd.sys 2009-04-25 20:33 . 2009-04-25 20:33 24064 ----a-w c:\windows\system32\amxread.dll 2009-04-25 20:33 . 2009-04-25 20:33 13824 ----a-w c:\windows\system32\apilogen.dll 2009-04-25 20:33 . 2009-04-25 20:33 1255936 ----a-w c:\windows\system32\lsasrv.dll 2009-04-25 20:32 . 2009-04-25 20:32 712704 ----a-w c:\windows\system32\WindowsCodecs.dll 2009-04-25 20:32 . 2009-04-25 20:32 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll 2009-04-25 20:32 . 2009-04-25 20:32 347136 ----a-w c:\windows\system32\WindowsCodecsExt.dll 2009-04-25 20:31 . 2009-04-25 20:31 443392 ----a-w c:\windows\system32\win32spl.dll 2009-04-25 20:31 . 2009-04-25 20:31 37888 ----a-w c:\windows\system32\printcom.dll 2009-04-25 20:31 . 2009-04-25 20:31 14848 ----a-w c:\windows\system32\wshrm.dll 2009-04-25 20:31 . 2009-04-25 20:31 113664 ----a-w c:\windows\system32\drivers\rmcast.sys 2009-04-25 20:30 . 2009-04-25 20:30 288768 ----a-w c:\windows\system32\drivers\srv.sys 2009-04-25 20:29 . 2009-04-25 20:29 268288 ----a-w c:\windows\system32\schannel.dll 2009-04-25 20:26 . 2009-04-25 20:26 97800 ----a-w c:\windows\system32\infocardapi.dll 2006-05-02 16:23 . 2006-05-02 16:23 24848 ----a-w c:\program files\opera\program\plugins\cgpcfg.dll 2006-05-02 16:23 . 2006-05-02 16:23 74000 ----a-w c:\program files\opera\program\plugins\cgpcore.dll 2006-05-02 16:23 . 2006-05-02 16:23 45328 ----a-w c:\program files\opera\program\plugins\icalogon.dll 2006-05-02 16:23 . 2006-05-02 16:23 28944 ----a-w c:\program files\opera\program\plugins\pscript.dll 2006-05-02 16:23 . 2006-05-02 16:23 69904 ----a-w c:\program files\opera\program\plugins\sslsdk_b.dll 2006-05-02 16:23 . 2006-05-02 16:23 24848 ----a-w c:\program files\opera\program\plugins\tcppserv.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-27 148888] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ UltraMon.lnk - c:\windows\Installer\{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}\IcoUltraMon.ico [2009-4-25 29310] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{91E87B6A-D6F1-49B1-AE1F-CDC7CB649872}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{0A12224D-7620-4B47-AE40-4936FC6B1960}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "{B7A86F3B-099B-4215-B9DD-C75322DBF4D2}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{1157436D-8A92-4255-A38C-3092179C758F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{603081CC-6423-4369-813F-ACE975B063DD}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify "UDP Query User{01882BE6-BD44-47D4-892A-DC8B2D3C0D1D}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify "{7FAA06B1-1A93-4BA4-8EE8-0887A72273CB}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{56C2B5C4-C9FE-4563-925A-301AA9F19996}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{0D8BBE21-7597-4A81-A4BF-D675D8756D85}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{494B65A0-2010-40B5-AEFE-C0BD81F6EA33}"= UDP:3703:Adobe Version Cue CS3 Server "{8FBA634A-D61A-4624-A03D-409309CAB948}"= UDP:3704:Adobe Version Cue CS3 Server "{1BB16810-C3C6-478C-B7D1-AB33263F6F55}"= UDP:50900:Adobe Version Cue CS3 Server "{67E65E38-0978-410F-84FA-FAE06C07B035}"= UDP:50901:Adobe Version Cue CS3 Server "{6DEA36DE-2F83-413A-9BA4-713BF013D7C2}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{F304CCBD-040C-4CC2-B7F5-2A2BB9B27266}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{EAD57E25-7724-4A0D-B0F0-BBA0707B0E2B}"= UDP:c:\program files\Spotify\spotify.exe:Spotify "{B6D4DA94-9A74-4E79-BDDC-156E73EDA729}"= TCP:c:\program files\Spotify\spotify.exe:Spotify R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [02.05.2009 17:23 39472] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [25.04.2009 23:53 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [25.04.2009 23:53 108552] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.05.2009 10:05 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.05.2009 10:05 72944] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [25.04.2009 23:53 908568] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25.04.2009 23:53 298776] R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [14.09.2008 17:32 10496] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [25.04.2009 20:57 46592] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [25.04.2009 20:57 111616] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.05.2009 10:05 7408] S3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [03.05.2009 17:21 12672] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . - - - - TOMME PEKERE FJERNET - - - - SafeBoot-procexp90.Sys . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\program files\PRMT7\PRMTIE\prmtie5.htm IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\program files\PRMT7\PRMTIE\options.htm FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8tb9hvfe.default\ FF - plugin: c:\program files\Opera\program\plugins\npican.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-29 13:31 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\users\Andreas\AppData\Local\Temp\catchme.dll 53248 bytes executable skanning vellykket skjulte filer: 1 ************************************************************************** . Tidspunkt ferdig: 2009-05-29 13:32 ComboFix-quarantined-files.txt 2009-05-29 11:32 Pre-Run: 64 257 171 456 byte ledig Post-Run: 65 129 791 488 byte ledig 327 --- E O F --- 2009-05-29 11:10 HiJackThis logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:38:45, on 29.05.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe C:\Windows\system32\conime.exe C:\Windows\system32\notepad.exe C:\Windows\Explorer.exe C:\Program Files\Opera\opera.exe C:\Users\Andreas\AppData\Local\Opera\Opera\profile\cache4\temporary_download\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT7\PRMTIE\prmtie.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT7\PRMTIE\prmtie5.htm O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT7\PRMTIE\prmtie5.htm O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT7\PRMTIE\options.htm O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT7\PRMTIE\options.htm O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5690 bytes Har problemer med å logge på facebook på denne maskinen, må opprette ett nytt passord hver gang. Kan det være at maskinen er infisert? Passordet er riktig skrevet og det fungerer på andre maskiner. Endret 29. mai 2009 av Mr.Anki Lenke til kommentar
snippsat Skrevet 29. mai 2009 Del Skrevet 29. mai 2009 Loggene ser bra ut. Rydde litt. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Restart prøv igjen. Virker det ikke, kan huske dato dette startet eller om du fikk problemet etter og ha installert noe? Det samme skjer i forskjellige nettleser? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå