gunnhildh Skrevet 28. mars 2008 Del Skrevet 28. mars 2008 (endret) Har problemer med pop-ups, av typen CiD Kjørt langversjonen nå. Kan noen være så snille, og se over loggene mine ? :-) HijackThis-logg : O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Ad-Watch] C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe" O4 - HKCU\..\Run: [way find] C:\DOCUME~1\elev\PROGRA~1\FORKEN~1\Peak Free.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_15\bin\npjpi142_15.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_15\bin\npjpi142_15.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1185883746593 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/jin...indows-i586.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Unknown owner - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe (file missing) O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 8682 bytes Combofix-logg : ComboFix 08-03-26.3 - elev 2008-03-28 14:37:23.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1202 [GMT 1:00] Running from: C:\Documents and Settings\elev\Mine dokumenter\Antivirusprog\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))) . 2008-03-28 14:03 . 2008-03-28 14:03 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-28 13:59 . 2008-03-28 14:36 <DIR> dr-h----- C:\Documents and Settings\elev\Siste 2008-03-27 23:10 . 2008-03-27 17:49 58,952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll 2008-03-27 16:55 . 2008-03-28 13:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-27 16:55 . 2008-03-27 16:55 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-26 20:17 . 2008-03-26 20:17 268 --ah----- C:\sqmdata08.sqm 2008-03-26 20:17 . 2008-03-26 20:17 244 --ah----- C:\sqmnoopt08.sqm 2008-03-20 13:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-20 13:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-20 13:04 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-19 17:22 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-19 17:21 . 2008-03-19 17:21 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition 2008-03-19 17:11 . 2008-03-19 17:15 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-03-19 17:10 . 2008-03-28 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-03-17 14:41 . 2008-03-17 14:41 <DIR> d-------- C:\Programfiler\Lavasoft 2008-03-17 14:41 . 2008-03-17 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-03-16 20:24 . 2008-03-16 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\nView_Profiles 2008-03-16 18:56 . 2008-03-16 18:56 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7 2008-03-16 18:56 . 2008-03-27 17:57 <DIR> d-------- C:\Documents and Settings\elev\Programdata\AVG7 2008-03-16 18:56 . 2008-03-16 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-03-16 18:56 . 2008-03-16 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7 2008-03-16 15:37 . 2008-03-16 15:37 <DIR> d-------- C:\Documents and Settings\elev\Programdata\VSRevoGroup 2008-03-16 14:51 . 2008-03-16 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-16 14:50 . 2008-03-28 14:03 <DIR> d-------- C:\Documents and Settings\elev\Programdata\SUPERAntiSpyware.com 2008-03-16 14:49 . 2008-03-16 14:49 <DIR> d-------- C:\Programfiler\VS Revo Group 2008-03-16 14:44 . 2008-03-16 14:44 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-28 00:55 . 2008-03-28 14:02 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 13:38 --------- d-----w C:\Documents and Settings\elev\Programdata\DNA 2008-03-28 12:47 --------- d-----w C:\Programfiler\Trend Micro 2008-03-28 12:41 --------- d-----w C:\Programfiler\Windows Live 2008-03-27 17:23 --------- d-----w C:\Documents and Settings\elev\Programdata\OpenOffice.org2 2008-03-27 16:59 --------- d-----w C:\Documents and Settings\All Users\Programdata\Messenger Plus! 2008-03-22 22:12 --------- d-----w C:\Documents and Settings\elev\Programdata\uTorrent 2008-03-16 16:06 --------- d-----w C:\Programfiler\Google 2008-03-16 15:02 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-03-13 22:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\OrdnettPluss 2008-03-03 15:51 --------- d-----w C:\Programfiler\uTorrent 2008-02-24 15:00 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-02-18 21:42 --------- d-----w C:\Documents and Settings\elev\Programdata\BitTorrent 2008-02-18 18:46 --------- d-----w C:\Documents and Settings\elev\Programdata\fork enc amen 2008-02-18 18:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\Trans Once Mess Frag 2008-02-18 18:45 --------- d-----w C:\Programfiler\fork enc amen 2008-02-18 18:28 --------- d-----w C:\Programfiler\DNA 2008-02-08 19:07 --------- d-----w C:\Programfiler\DivX 2008-01-29 15:32 --------- d-----w C:\Programfiler\BearShare 2007-07-31 09:55 76 --sh--r C:\WINDOWS\CT4CET.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [ ] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-03-27 17:12 288576] "way find"="C:\DOCUME~1\elev\PROGRA~1\FORKEN~1\Peak Free.exe" [2008-02-18 19:45 458240] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-02-02 00:00 36864] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35 221184] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 11:48 1392640] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-06 15:07 8433664] "nwiz"="nwiz.exe" [2007-06-06 15:07 1626112 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2007-06-06 15:07 67584 C:\WINDOWS\system32\nvhotkey.dll] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-06 15:07 81920] "SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 16:10 405504 C:\WINDOWS\stsystra.exe] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2007-07-03 12:57 1228800] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 15:10 851968] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-16 18:58 579072] "Ad-Watch"="C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-11 10:57 2684280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-16 18:56 219136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=MsgPlusLoader.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Kunnskapsforlaget\\Ordnett Pluss\\lib\\IeEmbed.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\BearShare\\BearShare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 09:35] R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 11:31] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-03-20 00:00] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 17:45] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM . Contents of the 'Scheduled Tasks' folder "2008-03-28 13:00:00 C:\WINDOWS\Tasks\AE1A1084914D8524.job" - c:\docume~1\elev\progra~1\forken~1\pile 2 settings.exe "2008-03-12 09:10:00 C:\WINDOWS\Tasks\Oppdater Ordnett Pluss.job" - C:\Programfiler\Kunnskapsforlaget\Ordnett Pluss\updater.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 14:39:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\DLAAPI_W.DLL . Completion time: 2008-03-28 14:39:39 ComboFix-quarantined-files.txt 2008-03-28 13:39:31 Pre-Run: 12,155,392,000 byte ledig Post-Run: 12,145,614,848 byte ledig . 2008-03-20 16:01:28 --- E O F --- SAS-logg : PERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/28/2008 at 02:31 PM Application Version : 4.0.1154 Core Rules Database Version : 3426 Trace Rules Database Version: 1418 Scan type : Complete Scan Total Scan Time : 00:25:33 Memory items scanned : 503 Memory threats detected : 0 Registry items scanned : 5131 Registry threats detected : 0 File items scanned : 18321 File threats detected : 6 BearShare File Sharing Client C:\PROGRAMFILER\BEARSHARE\BEARSHARE.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\START-MENY\PROGRAMMER\BEARSHARE.LNK C:\DOCUMENTS AND SETTINGS\ELEV\SKRIVEBORD\BEARSHARE.LNK C:\SYSTEM VOLUME INFORMATION\_RESTORE{87FBFC30-6E4C-48C7-B350-21F7E97167DF}\RP127\A0039037.LNK C:\SYSTEM VOLUME INFORMATION\_RESTORE{87FBFC30-6E4C-48C7-B350-21F7E97167DF}\RP127\A0039038.LNK C:\WINDOWS\Prefetch\BEARSHARE.EXE-04B4A245.pf superantispywareLOGG.txt combofix.txt logg.txt Endret 28. mars 2008 av gunnhildh Lenke til kommentar
norbat Skrevet 28. mars 2008 Forfatter Del Skrevet 28. mars 2008 (endret) gunnhildh: Start med å avinstallere fra legg til / fjern programmer: Messenger Plus! Post deretter en ny hjt-logg. Endret 28. mars 2008 av norbat Lenke til kommentar
gunnhildh Skrevet 28. mars 2008 Del Skrevet 28. mars 2008 (endret) Okei. Her er den nye loggen : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:14:57, on 28.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\WINDOWS\OEM02Mon.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\stsystra.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\DNA\btdna.exe C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\explorer.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\Programfiler\Opera\Opera.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Ad-Watch] C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe" O4 - HKCU\..\Run: [way find] C:\DOCUME~1\elev\PROGRA~1\FORKEN~1\Peak Free.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_15\bin\npjpi142_15.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_15\bin\npjpi142_15.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1185883746593 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/jin...indows-i586.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Unknown owner - C:\Programfiler\Trend Micro\OfficeScan Client\OfcPfwSvc.exe (file missing) O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 8744 bytes hjtlogg.txt Endret 28. mars 2008 av gunnhildh Lenke til kommentar
norbat Skrevet 28. mars 2008 Forfatter Del Skrevet 28. mars 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\MsgPlusLoader.dll C:\WINDOWS\Tasks\AE1A1084914D8524.job Folder:: C:\Documents and Settings\All Users\Programdata\Messenger Plus! C:\Documents and Settings\elev\Programdata\fork enc amen C:\Documents and Settings\All Users\Programdata\Trans Once Mess Frag C:\Programfiler\fork enc amen C:\Programfiler\BearShare Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "way find"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- Post combofix-loggen for en siste sjekk og fortell hvordan det går med popups Lenke til kommentar
gunnhildh Skrevet 28. mars 2008 Del Skrevet 28. mars 2008 Ok;-) her er combofix-loggen : hvordan er det forresten med vanlig msn ? er det trygt å ha ? og anbefaler du bearshare, limewire eller ett annet nedlastningsprog. ? ComboFix 08-03-26.3 - elev 2008-03-28 15:40:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1264 [GMT 1:00] Running from: C:\Documents and Settings\elev\Mine dokumenter\Antivirusprog\ComboFix.exe Command switches used :: C:\Documents and Settings\elev\Skrivebord\CFScript.txt..txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\MsgPlusLoader.dll C:\WINDOWS\Tasks\AE1A1084914D8524.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Programdata\Messenger Plus! C:\Documents and Settings\All Users\Programdata\Messenger Plus!\Custom Sounds\#4A6C7159A180.dat C:\Documents and Settings\All Users\Programdata\Messenger Plus!\Custom Sounds\#CF20653D3BA9.dat C:\Documents and Settings\All Users\Programdata\Messenger Plus!\Custom Sounds\BuiltIn34.dat C:\Documents and Settings\All Users\Programdata\Messenger Plus!\Custom Sounds\BuiltIn35.dat C:\Documents and Settings\All Users\Programdata\Messenger Plus!\Custom Sounds\BuiltIn36.dat C:\Documents and Settings\All Users\Programdata\Messenger Plus!\Custom Sounds\BuiltIn37.dat C:\Documents and Settings\All Users\Programdata\Messenger Plus!\Custom Sounds\BuiltIn39.dat C:\Documents and Settings\All Users\Programdata\Messenger Plus!\Custom Sounds\BuiltIn42.dat C:\Documents and Settings\All Users\Programdata\Messenger Plus!\Custom Sounds\BuiltIn43.dat C:\Documents and Settings\All Users\Programdata\Messenger Plus!\Custom Sounds\BuiltIn50.dat C:\Documents and Settings\All Users\Programdata\Messenger Plus!\Custom Sounds\BuiltIn64.dat C:\Documents and Settings\All Users\Programdata\Messenger Plus!\Custom Sounds\BuiltIn69.dat C:\Documents and Settings\All Users\Programdata\Messenger Plus!\global.dat C:\Documents and Settings\All Users\Programdata\Trans Once Mess Frag C:\Documents and Settings\All Users\Programdata\Trans Once Mess Frag\License Type.exe C:\Documents and Settings\elev\Programdata\fork enc amen C:\Documents and Settings\elev\Programdata\fork enc amen\0 C:\Documents and Settings\elev\Programdata\fork enc amen\ntkwqkaq.exe C:\Documents and Settings\elev\Programdata\fork enc amen\Peak Free.exe C:\Documents and Settings\elev\Programdata\fork enc amen\pile 2 settings.exe C:\Programfiler\BearShare C:\Programfiler\BearShare\BearShare.dat C:\Programfiler\BearShare\BearShare.exe C:\Programfiler\BearShare\BSidle.dll C:\Programfiler\BearShare\db\config.bin C:\Programfiler\BearShare\db\connect.txt C:\Programfiler\BearShare\db\gwebcache.dat C:\Programfiler\BearShare\db\Hostiles-Chat.txt C:\Programfiler\BearShare\db\Hostiles.txt C:\Programfiler\BearShare\db\library.2.db C:\Programfiler\BearShare\db\library.2.db.lastgoodload.bak C:\Programfiler\BearShare\db\library.db C:\Programfiler\BearShare\db\library.db.lastgoodload.bak C:\Programfiler\BearShare\db\searches.ini C:\Programfiler\BearShare\FreePeers.ini C:\Programfiler\BearShare\History.txt C:\Programfiler\BearShare\INSTALL.LOG C:\Programfiler\BearShare\Installer\BSInstall5.2.5.1.exe C:\Programfiler\BearShare\Logs\hosts-state.txt C:\Programfiler\BearShare\Logs\memory.txt C:\Programfiler\BearShare\Logs\ordinal.txt C:\Programfiler\BearShare\Logs\streams.txt C:\Programfiler\BearShare\RunMSC.dll C:\Programfiler\BearShare\sounds\notify.wav C:\Programfiler\BearShare\Temp\425AC.tmp C:\Programfiler\BearShare\Temp\425AE.tmp C:\Programfiler\BearShare\Temp\425B0.tmp C:\Programfiler\BearShare\Temp\425B4.tmp C:\Programfiler\BearShare\Temp\425BC.tmp C:\Programfiler\BearShare\Temp\425BF.tmp C:\Programfiler\BearShare\Temp\425C2.tmp C:\Programfiler\BearShare\Temp\TMPDuffy - Mercy(1).dat C:\Programfiler\BearShare\Temp\TMPDuffy - Mercy(1).dat.bak C:\Programfiler\BearShare\Temp\TMPDuffy - Mercy(1).mp3 C:\Programfiler\BearShare\Temp\TMPDuffy - Mercy.dat C:\Programfiler\BearShare\Temp\TMPDuffy - Mercy.dat.bak C:\Programfiler\BearShare\Temp\TMPDuffy - Mercy.mp3 C:\Programfiler\BearShare\Temp\TMPJason Mraz - I'm Yours.dat C:\Programfiler\BearShare\Temp\TMPJason Mraz - I'm Yours.dat.bak C:\Programfiler\BearShare\Temp\TMPJason Mraz - I'm Yours.mp3 C:\Programfiler\BearShare\Temp\TMPJason Mraz - Mr. A-Z - 03 - Geek In The Pink.dat C:\Programfiler\BearShare\Temp\TMPJason Mraz - Mr. A-Z - 03 - Geek In The Pink.dat.bak C:\Programfiler\BearShare\Temp\TMPJason Mraz - Mr. A-Z - 03 - Geek In The Pink.mp3 C:\Programfiler\BearShare\Temp\TMPJason Mraz - Mr. A-Z - 03 - Geek In The Pink.tiger C:\Programfiler\BearShare\Temp\TMPJason Mraz - You And I Both.dat C:\Programfiler\BearShare\Temp\TMPJason Mraz - You And I Both.dat.bak C:\Programfiler\BearShare\Temp\TMPJason Mraz - You And I Both.mp3 C:\Programfiler\BearShare\Temp\TMPRihanna ft. Chris Brown - Umbrella (Remix).dat C:\Programfiler\BearShare\Temp\TMPRihanna ft. Chris Brown - Umbrella (Remix).dat.bak C:\Programfiler\BearShare\Temp\TMPRihanna ft. Chris Brown - Umbrella (Remix).mp3 C:\Programfiler\BearShare\UNWISE.EXE C:\Programfiler\BearShare\Webstats.bat C:\Programfiler\BearShare\Webstats.exe C:\Programfiler\BearShare\Webstats.ini C:\Programfiler\fork enc amen C:\WINDOWS\system32\MsgPlusLoader.dll C:\WINDOWS\Tasks\AE1A1084914D8524.job . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))) . 2008-03-28 14:03 . 2008-03-28 14:03 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-28 13:59 . 2008-03-28 15:39 <DIR> dr-h----- C:\Documents and Settings\elev\Siste 2008-03-26 20:17 . 2008-03-26 20:17 268 --ah----- C:\sqmdata08.sqm 2008-03-26 20:17 . 2008-03-26 20:17 244 --ah----- C:\sqmnoopt08.sqm 2008-03-20 13:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-20 13:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-20 13:04 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-19 17:22 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-19 17:21 . 2008-03-19 17:21 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition 2008-03-19 17:11 . 2008-03-19 17:15 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-03-19 17:10 . 2008-03-28 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-03-17 14:41 . 2008-03-17 14:41 <DIR> d-------- C:\Programfiler\Lavasoft 2008-03-17 14:41 . 2008-03-17 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-03-16 20:24 . 2008-03-16 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\nView_Profiles 2008-03-16 18:56 . 2008-03-16 18:56 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7 2008-03-16 18:56 . 2008-03-27 17:57 <DIR> d-------- C:\Documents and Settings\elev\Programdata\AVG7 2008-03-16 18:56 . 2008-03-16 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-03-16 18:56 . 2008-03-16 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7 2008-03-16 15:37 . 2008-03-16 15:37 <DIR> d-------- C:\Documents and Settings\elev\Programdata\VSRevoGroup 2008-03-16 14:51 . 2008-03-16 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-16 14:50 . 2008-03-28 14:03 <DIR> d-------- C:\Documents and Settings\elev\Programdata\SUPERAntiSpyware.com 2008-03-16 14:49 . 2008-03-16 14:49 <DIR> d-------- C:\Programfiler\VS Revo Group 2008-03-16 14:44 . 2008-03-16 14:44 <DIR> d-------- C:\Programfiler\CCleaner 2008-02-28 00:55 . 2008-03-28 14:02 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-28 14:42 --------- d-----w C:\Documents and Settings\elev\Programdata\DNA 2008-03-28 12:47 --------- d-----w C:\Programfiler\Trend Micro 2008-03-28 12:41 --------- d-----w C:\Programfiler\Windows Live 2008-03-27 17:23 --------- d-----w C:\Documents and Settings\elev\Programdata\OpenOffice.org2 2008-03-22 22:12 --------- d-----w C:\Documents and Settings\elev\Programdata\uTorrent 2008-03-16 16:06 --------- d-----w C:\Programfiler\Google 2008-03-16 15:02 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-03-13 22:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\OrdnettPluss 2008-03-03 15:51 --------- d-----w C:\Programfiler\uTorrent 2008-02-24 15:00 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-02-18 21:42 --------- d-----w C:\Documents and Settings\elev\Programdata\BitTorrent 2008-02-18 18:28 --------- d-----w C:\Programfiler\DNA 2008-02-08 19:07 --------- d-----w C:\Programfiler\DivX 2007-07-31 09:55 76 --sh--r C:\WINDOWS\CT4CET.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [ ] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-03-27 17:12 288576] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-02-02 00:00 36864] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35 221184] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 11:48 1392640] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-06 15:07 8433664] "nwiz"="nwiz.exe" [2007-06-06 15:07 1626112 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2007-06-06 15:07 67584 C:\WINDOWS\system32\nvhotkey.dll] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-06 15:07 81920] "SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 16:10 405504 C:\WINDOWS\stsystra.exe] "Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2007-07-03 12:57 1228800] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 15:10 851968] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-16 18:58 579072] "Ad-Watch"="C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-11 10:57 2684280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-16 18:56 219136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Kunnskapsforlaget\\Ordnett Pluss\\lib\\IeEmbed.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 09:35] R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 11:31] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-03-20 00:00] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 17:45] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder "2008-03-12 09:10:00 C:\WINDOWS\Tasks\Oppdater Ordnett Pluss.job" - C:\Programfiler\Kunnskapsforlaget\Ordnett Pluss\updater.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-28 15:45:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe . ************************************************************************** . Completion time: 2008-03-28 15:47:40 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-28 14:47:37 ComboFix2.txt 2008-03-28 13:39:40 Pre-Run: 12,094,881,792 byte ledig Post-Run: 12,101,365,760 byte ledig . 2008-03-20 16:01:28 --- E O F --- Lenke til kommentar
norbat Skrevet 28. mars 2008 Forfatter Del Skrevet 28. mars 2008 Jeg vil egentlig ikke anbefale noen for for fildelingsprogram da mesteparten av malwaren som brukere får på PC-en, kommer via dette. Nå når PC-en din er ferdigrenset, får du selv avgjøre om, og hvilket, p2p-program som er 'best' å bruke. Litt usikker på om dette er riktig forumkategori for den slags. Kanskje i programkategorien? Du kan rydde bort combofix ved å skrive combofix /u i kjør-vinduet (start->kjør). Dette fjerner programmet, backup-filer samt nullstiller systemgjenopprettingen. MSN er trygt å bruke, så lenge du ikke klikker ukritisk på linker du får tilsendt. Det finnes en del MSN-ormer som svirrer rundt i messenger-miljøet. Surf trygt. Lenke til kommentar
r2d290 Skrevet 28. mars 2008 Del Skrevet 28. mars 2008 (endret) Limewire er nok regnet som noe "sikrere" enn bearshare, og jeg tror det er limewire de fleste av p2p-brukerene velger å bruke. Men, det finnes virkelig sikrere plasser å få tak i det du ønsker, uten at jeg skal gå for mye i detalj på dette... Men husk at det er veldig viktig å være kritisk til filnavn og filstørelse på det du velger å laste ned... (selv, ville jeg aldri brukt windows til å laste ned fra et p2p-nettverk.) Endret 28. mars 2008 av r2d290 Lenke til kommentar
Monkey553 Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 (endret) de andre ligger nederst i combofixen Combofix: Klikk for å se/fjerne innholdet nedenfor <ComboFix 08-03-30.2 - Kristoffer 2008-03-30 17:21:29.1 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.846 [GMT 2:00] Running from: C:\Users\Kristoffer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJ8M1RTG\ComboFix[1].exe * Created a new restore point . TimedOut: Windir.dat ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-30 14:39 --------- d-----w C:\Users\Kristoffer\AppData\Roaming\SUPERAntiSpyware.com 2008-03-30 14:39 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-03-30 14:39 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-30 14:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-30 14:34 --------- d-----w C:\Program Files\CCleaner 2008-03-30 13:08 118,784 ----a-w C:\Users\Kristoffer\pbweb.exe 2008-03-30 13:04 82,082 ----a-w C:\Users\Kristoffer\AppData\Roaming\nvModes.dat 2008-03-30 13:04 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-03-30 12:50 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-03-30 12:45 22,328 ----a-w C:\Users\Kristoffer\AppData\Roaming\PnkBstrK.sys 2008-03-30 12:44 674,600 ----a-w C:\Windows\System32\pbsvc.exe 2008-03-30 12:44 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-03-29 16:17 --------- d-----w C:\Program Files\Norton 360 Online 2008-03-29 15:32 --------- d-----w C:\ProgramData\Symantec 2008-03-29 01:47 --------- d-----w C:\Users\Kristoffer\AppData\Roaming\Skype 2008-03-28 17:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-03-28 16:51 674,600 ----a-w C:\Windows\System32\pbsvc[1].exe 2008-03-28 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-25 17:31 --------- d-----w C:\Program Files\Red Storm Entertainment 2008-03-25 17:30 --------- d-----w C:\ProgramData\Media Center Programs 2008-03-24 20:14 --------- d-----w C:\Program Files\Ubi Soft 2008-03-23 12:33 --------- d-----w C:\Program Files\QuickTime 2008-03-20 14:13 --------- d-----w C:\Program Files\Google 2008-03-19 13:10 --------- d-----w C:\Program Files\Windows Live 2008-03-15 10:15 --------- d-----w C:\ProgramData\Steam 2008-03-15 10:15 --------- d-----w C:\ProgramData\PopCap Games 2008-03-15 06:47 --------- d-----w C:\ProgramData\Lavasoft 2008-03-15 06:46 --------- d-----w C:\Program Files\Lavasoft 2008-03-15 06:27 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-03-15 06:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-15 02:09 --------- d-----w C:\Program Files\Windows Mail 2008-03-15 02:03 --------- d-----w C:\ProgramData\Microsoft Help 2008-03-14 22:02 --------- d---a-w C:\ProgramData\TEMP 2008-03-13 20:29 --------- d-----w C:\ProgramData\Memo Drive Vc Log 2008-03-13 20:29 --------- d-----w C:\Program Files\Guild Wars 2008-03-11 19:07 --------- d-----w C:\Users\Kristoffer\AppData\Roaming\Template 2008-03-11 19:05 0 ----a-w C:\Users\Kristoffer\AppData\Roaming\wklnhst.dat 2008-03-09 13:17 212 ----a-w C:\delete.bat 2008-03-09 13:15 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-09 09:02 --------- d-----w C:\Program Files\MSN Messenger 2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat 2008-03-06 14:43 --------- d-----w C:\ProgramData\Great Safe 2008-03-01 13:22 562,044,991 ----a-w C:\Users\Kristoffer\BF2_Patch_1.41.exe 2008-03-01 10:30 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-01 10:27 --------- d-----w C:\ProgramData\WLInstaller 2008-02-29 23:09 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-29 23:09 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-29 23:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-29 23:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-29 23:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-29 23:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-29 23:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-29 23:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-02-29 23:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-29 23:03 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-29 23:03 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-29 23:03 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-29 23:03 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-29 23:03 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-29 23:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-29 23:02 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-29 23:02 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-29 23:02 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-29 23:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-29 23:02 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-29 22:59 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-29 22:59 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-29 22:59 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-29 22:59 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-29 22:57 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-02-29 19:25 --------- d-----w C:\Program Files\EA GAMES 2008-02-29 19:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-30 19:50 --------- d-----w C:\Users\Kristoffer\AppData\Roaming\Qtrax1 2008-01-30 19:50 --------- d-----w C:\ProgramData\SongbirdVLC 2008-01-27 14:11 39,936 ----a-w C:\Windows\System32\dwmapi.dll 2008-01-27 14:11 2,016,256 ----a-w C:\Windows\System32\milcore.dll 2008-01-21 19:26 361,544,078 ----a-w C:\Users\Kristoffer\GTA2INSTALLER.ZIP 2008-01-18 22:13 111,063,040 ----a-w C:\Users\Kristoffer\EN_100_140_Patch.exe 2008-01-10 16:32 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-12-25 01:08 174 --sha-w C:\Program Files\desktop.ini 2007-12-25 00:57 87,040 ----a-w C:\Windows\System32\msoert2.dll 2007-12-25 00:57 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-12-25 00:57 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-12-25 00:57 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-12-25 00:57 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-12-25 00:57 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-12-25 00:57 39,424 ----a-w C:\Windows\System32\ACCTRES.dll 2007-12-25 00:57 299,008 ----a-w C:\Windows\System32\wlansec.dll 2007-12-25 00:57 289,280 ----a-w C:\Windows\System32\wlanmsm.dll 2007-12-25 00:57 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-12-25 00:57 205,824 ----a-w C:\Windows\System32\msoeacct.dll 2007-12-25 00:57 2,923,520 ----a-w C:\Windows\explorer.exe 2007-12-25 00:57 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-12-25 00:55 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2007-12-25 00:55 7,680 ----a-w C:\Windows\System32\spwmp.dll 2007-12-25 00:55 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2007-12-25 00:55 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2007-12-25 00:54 86,016 ----a-w C:\Windows\System32\icfupgd.dll 2007-12-25 01:18 22 --sha-w C:\Windows\SMINST\HPCD.sys . <pre> ----a-w 325,204 2006-12-21 19:56:28 C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 18:32 1232896] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-14 01:41 20034600] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "mfcdroam"="C:\ProgramData\Setup Size Size.4fy6the" [2008-03-06 16:43 188432] "vc log bows face"="C:\ProgramData\Cash Save Dent.1pe092j" [2008-03-06 16:43 221200] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-20 13:45 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 05:36 827392] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-09 04:57 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-09 04:57 8433664] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-09 04:57 81920] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 20:12 17920] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] C:\Users\Kristoffer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Telenor Sikker Lagring.lnk - C:\Program Files\Telenor Sikker Lagring\safestorage.exe [2007-12-26 23:09:06 91648] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872] Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-04 19:04:20 784912] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{9DB488AA-465B-49F7-BB72-84989EE814A8}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{8A9CAB74-927D-4162-9027-08F1DABD1866}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{47BB0779-5DA7-44A3-9A0A-902CFFFB3BAA}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{A527A7B2-7620-4B5C-A773-5159A4C518BE}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{32E24CEB-BD8A-4BB8-A051-18F58D452999}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{1133B6DD-6B10-4DEA-9054-E6062EBD04A5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C3EDA73A-38D2-4647-9765-C77BC22CE7E0}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{4F7A67B7-D078-4A4E-BB57-6EB387E2B9E4}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{D289A8B1-6580-4C59-BAB2-77F9B35FF119}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{DEA84F20-AD1E-4AE3-909E-048DEF1DEC7F}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{01B70034-CE15-4A12-AF9F-1E91AABA49E9}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{8D09ECC1-6404-4F0D-B174-11E5A2465AAA}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{2883C50F-B611-4306-9546-0252A328D436}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080325.002\IDSvix86.sys [2008-02-13 18:18] R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 11:45] R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 11:45] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 18:44] R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 01:50] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 08:32] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 17:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel bthsvcs REG_MULTI_SZ BthServ GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{935c74d1-b29c-11dc-b03a-806e6f6e6963}] \shell\AutoRun\command - E:\Autorun.exe *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-03-28 17:13:04 C:\Windows\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2008-03-30 11:20:18 C:\Windows\Tasks\User_Feed_Synchronization-{FC1CB16A-E423-4743-95A6-117DB77CCE95}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-30 17:29:47 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe C:\Windows\system32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe . ************************************************************************** . Completion time: 2008-03-30 17:32:51 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-30 15:32:44 Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. . 2008-03-28 14:26:39 --- E O F --- Hijackthis: Klikk for å se/fjerne innholdet nedenfor <Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:44:18, on 30.03.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Telenor Sikker Lagring\safestorage.exe C:\Windows\ehome\ehmsas.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\notepad.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [mfcdroam] "C:\ProgramData\Setup Size Size.4fy6the" O4 - HKCU\..\Run: [vc log bows face] "C:\ProgramData\Cash Save Dent.1pe092j" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Startup: Telenor Sikker Lagring.lnk = C:\Program Files\Telenor Sikker Lagring\safestorage.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10985 bytes> SAS Klikk for å se/fjerne innholdet nedenfor <------------------------------------------------------------------------------- PATCH Version 8.10 - RTPatch® Professional - Software Update System DOS/16-bit Windows/32-bit Windows Edition © Copyright Pocket Soft, Inc., 1991-2005. All Rights Reserved. ------------------------------------------------------------------------------- ----- Processing Patch File ----- Applying HISTORY File Patch for 'AIDLL.dll' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'admin\standard_admin\autobalance.py' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'BF2.exe' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'bf2_w32ded.exe' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'BF2Audio.dll' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'BF2VoipServer.dll' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'BF2VoipServer.exe' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'BF2VoipServer_w32ded.dll' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'BF2VoipServer_w32ded.exe' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Localization\chinese\chinese.utxt' warning wpt0015: Old File does not exist Applying HISTORY File Patch for 'mods\bf2\Common_client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Common_server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'python\bf2\stats\constants.py' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying MODIFY File Patch for 'mods\bf2\Settings\Controls.con' New Version of File 'mods\bf2\Settings\Controls.con' already exists. Applying HISTORY File Patch for 'CoreDLL.dll' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying MODIFY File Patch for 'dice_py.dll' New Version of File 'dice_py.dll' already exists. Applying HISTORY File Patch for 'mods\bf2\Localization\dutch\dutch.utxt' warning wpt0015: Old File does not exist Applying MODIFY File Patch for 'python\bf2\stats\endofround.py' New Version of File 'python\bf2\stats\endofround.py' already exists. Applying HISTORY File Patch for 'mods\bf2\Localization\english\English.utxt' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Localization\french\french.utxt' warning wpt0015: Old File does not exist Applying HISTORY File Patch for 'mods\bf2\Localization\german\german.utxt' warning wpt0015: Old File does not exist Applying DELETE File Patch for 'gp.info' Old Version of File 'gp.info' does not exist. Applying HISTORY File Patch for 'mods\bf2\python\game\gamemodes\gpm_cq.py' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying DELETE File Patch for 'mods\bf2\python\game\gamemodes\gpm_sl.py' Old Version of File 'mods\bf2\python\game\gamemodes\gpm_sl.py' does not exist. Applying HISTORY File Patch for 'mods\bf2\Localization\italian\italian.utxt' warning wpt0015: Old File does not exist Applying HISTORY File Patch for 'mods\bf2\Localization\japanese\japanese.utxt' warning wpt0015: Old File does not exist Applying HISTORY File Patch for 'mods\bf2\Localization\korean\korean.utxt' warning wpt0015: Old File does not exist Applying HISTORY File Patch for 'Memory.dll' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'Memory_w32ded.dll' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Menu_client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Menu_server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Objects_client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Objects_server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying DELETE File Patch for 'pb\pbcl.db' Old Version of File 'pb\pbcl.db' does not exist. Applying MODIFY File Patch for 'pb\pbcl.dll' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying DELETE File Patch for 'pb\pbclold.dll' Deleting Old File Applying DELETE File Patch for 'pb\pbsslog.htm' Old Version of File 'pb\pbsslog.htm' does not exist. Applying HISTORY File Patch for 'PCRegExp.dll' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Localization\polish\polish.utxt' warning wpt0015: Old File does not exist Applying MODIFY File Patch for 'python\bf2\stats\rank.py' New Version of File 'python\bf2\stats\rank.py' already exists. Applying HISTORY File Patch for 'ReadmeServer.txt' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\python\game\scoringCommon.py' New Version of File 'mods\bf2\python\game\scoringCommon.py' already exists. Applying HISTORY File Patch for 'mods\bf2\Shaders_client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Localization\spanish\spanish.utxt' warning wpt0015: Old File does not exist Applying HISTORY File Patch for 'python\bf2\stats\stats.py' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\std_archive.md5' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Localization\swedish\swedish.utxt' warning wpt0015: Old File does not exist Applying HISTORY File Patch for 'SwiffPlayer.dll' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'TextureAtlasBuilder.dll' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Localization\thai\thai.utxt' warning wpt0015: Old File does not exist Applying HISTORY File Patch for 'admin\standard_admin\tk_punish.py' New Version of File 'admin\standard_admin\tk_punish.py' already exists. Applying MODIFY File Patch for 'python\bf2\stats\unlocks.py' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying DELETE File Patch for 'mods\bf2\Settings\Usersettings.con' Old Version of File 'mods\bf2\Settings\Usersettings.con' does not exist. Applying DELETE File Patch for 'pb\dll\wc001128.dll' Old Version of File 'pb\dll\wc001128.dll' does not exist. Applying DELETE File Patch for 'pb\htm\wc001128.htm' Old Version of File 'pb\htm\wc001128.htm' does not exist. Applying HISTORY File Patch for 'mods\bf2\Levels\Dalian_plant\client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Daqing_oilfields\client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Dragon_Valley\client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\FuShe_Pass\client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Gulf_of_Oman\client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\kubra_dam\client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Mashtuur_City\client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Operation_Clean_Sweep\client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Sharqi_Peninsula\client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Songhua_Stalemate\client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Strike_at_Karkand\client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Zatar_Wetlands\client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Fonts_client.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\levels.md5' File 'mods\bf2\levels.md5' already Up-To-Date Applying HISTORY File Patch for 'mods\bf2\Levels\Dalian_plant\server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Daqing_oilfields\server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Dragon_Valley\server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\FuShe_Pass\server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Gulf_of_Oman\server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\kubra_dam\server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Mashtuur_City\server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Operation_Clean_Sweep\server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Sharqi_Peninsula\server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Songhua_Stalemate\server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Strike_at_Karkand\server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Zatar_Wetlands\server.zip' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying HISTORY File Patch for 'mods\bf2\Levels\Dalian_plant\archive.md5' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying HISTORY File Patch for 'mods\bf2\Levels\Daqing_oilfields\archive.md5' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying HISTORY File Patch for 'mods\bf2\Levels\Dragon_Valley\archive.md5' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying HISTORY File Patch for 'mods\bf2\Levels\FuShe_Pass\archive.md5' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying HISTORY File Patch for 'mods\bf2\Levels\Gulf_of_Oman\archive.md5' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying HISTORY File Patch for 'mods\bf2\Levels\kubra_dam\archive.md5' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying HISTORY File Patch for 'mods\bf2\Levels\Mashtuur_City\archive.md5' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying HISTORY File Patch for 'mods\bf2\Levels\Operation_Clean_Sweep\archive.md5' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying HISTORY File Patch for 'mods\bf2\Levels\Sharqi_Peninsula\archive.md5' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying HISTORY File Patch for 'mods\bf2\Levels\Songhua_Stalemate\archive.md5' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying HISTORY File Patch for 'mods\bf2\Levels\Strike_at_Karkand\archive.md5' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying HISTORY File Patch for 'mods\bf2\Levels\Wake_Island_2007\archive.md5' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying HISTORY File Patch for 'mods\bf2\Levels\Zatar_Wetlands\archive.md5' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying DELETE File Patch for 'ArchiveScripts\archiveShaders.py' Old Version of File 'ArchiveScripts\archiveShaders.py' does not exist. Applying HISTORY File Patch for 'BF2ServerLauncher.exe' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying ADD File Patch for 'mods\bf2\Localization\chinese\Chinese_Mappacks.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\chinese\Chinese_Patch.utxt' Adding New File Verifying - Passed! Applying HISTORY File Patch for 'mods\bf2\Levels\Wake_Island_2007\client.zip' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying MODIFY File Patch for 'admin\default.py' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying ADD File Patch for 'mods\bf2\Localization\dutch\Dutch_Mappacks.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\dutch\Dutch_Patch.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\english\English_Mappacks.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\english\English_Patch.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Levels\Wake_Island_2007\Info\favoriteMap.png' New Version of File 'mods\bf2\Levels\Wake_Island_2007\Info\favoriteMap.png' already exists. Applying MODIFY File Patch for 'python\bf2\stats\fragalyzer_log.py' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying ADD File Patch for 'mods\bf2\Localization\french\French_Mappacks.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\french\French_Patch.utxt' Adding New File Verifying - Passed! Applying MODIFY File Patch for 'python\bf2\GameLogic.py' New Version of File 'python\bf2\GameLogic.py' already exists. Applying HISTORY File Patch for 'generate_md5.py' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying ADD File Patch for 'mods\bf2\Localization\german\German_Mappacks.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\german\German_Patch.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Levels\Wake_Island_2007\Info\gpm_cq_16_menuMap.png' New Version of File 'mods\bf2\Levels\Wake_Island_2007\Info\gpm_cq_16_menuMap.png' already exists. Applying ADD File Patch for 'mods\bf2\Levels\Wake_Island_2007\Info\gpm_cq_32_menuMap.png' New Version of File 'mods\bf2\Levels\Wake_Island_2007\Info\gpm_cq_32_menuMap.png' already exists. Applying ADD File Patch for 'mods\bf2\Levels\Wake_Island_2007\Info\gpm_cq_64_menuMap.png' New Version of File 'mods\bf2\Levels\Wake_Island_2007\Info\gpm_cq_64_menuMap.png' already exists. Applying ADD File Patch for 'mods\bf2\Localization\italian\Italian_Mappacks.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\italian\Italian_Patch.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\japanese\Japanese_Mappacks.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\japanese\Japanese_Patch.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\korean\Korean_Mappacks.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\korean\Korean_Patch.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Levels\Wake_Island_2007\Info\loadmap.png' New Version of File 'mods\bf2\Levels\Wake_Island_2007\Info\loadmap.png' already exists. Applying HISTORY File Patch for 'ArchiveScripts\makeArchive.bat' File 'ArchiveScripts\makeArchive.bat' already Up-To-Date Applying DELETE File Patch for 'makeArchives.py' Old Version of File 'makeArchives.py' does not exist. Applying HISTORY File Patch for 'ArchiveScripts\makeLevelArchive.bat' File 'ArchiveScripts\makeLevelArchive.bat' already Up-To-Date Applying MODIFY File Patch for 'python\bf2\stats\medal_data.py' warning wpt0015: Old File does not exist Applying DELETE File Patch for 'obfuscate.py' Old Version of File 'obfuscate.py' does not exist. Applying MODIFY File Patch for 'python\bf2\ObjectManager.py' New Version of File 'python\bf2\ObjectManager.py' already exists. Applying ADD File Patch for 'mods\bf2\Localization\polish\Polish_Mappacks.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\polish\Polish_Patch.utxt' Adding New File Verifying - Passed! Applying HISTORY File Patch for 'LinuxReadmes\readme-linux.txt' warning wpt0015: Old File does not exist Applying ADD File Patch for 'mods\bf2\Settings\ReservedSlots.con' New Version of File 'mods\bf2\Settings\ReservedSlots.con' already exists. Applying HISTORY File Patch for 'mods\bf2\Levels\Wake_Island_2007\server.zip' Updating ... Updating to next version ... File successfully Added and Updated! Deleting Old File Applying MODIFY File Patch for 'mods\bf2\Settings\ServerSettings.con' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying MODIFY File Patch for 'mods\bf2\Settings\ServerSettingsDesc.dat' warning wpt0036: Old File not found. However, a file of the same name was found. No update done since file contents do not match. Applying MODIFY File Patch for 'mods\bf2\Settings\Sound.con' New Version of File 'mods\bf2\Settings\Sound.con' already exists. Applying ADD File Patch for 'mods\bf2\Localization\spanish\Spanish_Mappacks.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\spanish\Spanish_Patch.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\swedish\Swedish_Mappacks.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\swedish\Swedish_Patch.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\thai\Thai_Mappacks.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\thai\Thai_Patch.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Levels\Wake_Island_2007\Info\Wake_Island_2007.desc' New Version of File 'mods\bf2\Levels\Wake_Island_2007\Info\Wake_Island_2007.desc' already exists. Applying MODIFY File Patch for '00000000.256' New Version of File '00000000.256' already exists. Applying MODIFY File Patch for '00000001.TMP' warning wpt0015: Old File does not exist Applying DELETE File Patch for 'maya\Script\1p_BatchScript.bat' Old Version of File 'maya\Script\1p_BatchScript.bat' does not exist. Applying DELETE File Patch for 'maya\Script\3p_BatchScript.bat' Old Version of File 'maya\Script\3p_BatchScript.bat' does not exist. Applying DELETE File Patch for 'NavMesh\_ALL.bat' Old Version of File 'NavMesh\_ALL.bat' does not exist. Applying DELETE File Patch for 'NavMesh\_TestLevel.bat' Old Version of File 'NavMesh\_TestLevel.bat' does not exist. Applying DELETE File Patch for 'maya\Script\AErscMeshShaderTemplate.mel' Old Version of File 'maya\Script\AErscMeshShaderTemplate.mel' does not exist. Applying MODIFY File Patch for 'mods\bf2\AI\AIBehaviours.ai' New Version of File 'mods\bf2\AI\AIBehaviours.ai' already exists. Applying DELETE File Patch for 'maya\Script\ak_renameToolBox.mel' Old Version of File 'maya\Script\ak_renameToolBox.mel' does not exist. Applying DELETE File Patch for 'NavMesh\asprintf.dll' Old Version of File 'NavMesh\asprintf.dll' does not exist. Applying DELETE File Patch for 'maya\Script\BatchScript.bat' Old Version of File 'maya\Script\BatchScript.bat' does not exist. Applying DELETE File Patch for 'maya\Script\BatchTemplate.bat' Old Version of File 'maya\Script\BatchTemplate.bat' does not exist. Applying DELETE File Patch for 'maya\Script\BatchUtils.mel' Old Version of File 'maya\Script\BatchUtils.mel' does not exist. Applying DELETE File Patch for 'BF2-PLAY ONLINE NOW.bat' Old Version of File 'BF2-PLAY ONLINE NOW.bat' does not exist. Applying DELETE File Patch for 'BF2.bat' Old Version of File 'BF2.bat' does not exist. Applying DELETE File Patch for 'bf2usingmenu.bat' Old Version of File 'bf2usingmenu.bat' does not exist. Applying DELETE File Patch for 'buildMemeAtlas.bat' Old Version of File 'buildMemeAtlas.bat' does not exist. Applying DELETE File Patch for 'maya\cgfxShader\cgfxShader_dummyl.mel' Old Version of File 'maya\cgfxShader\cgfxShader_dummyl.mel' does not exist. Applying DELETE File Patch for 'maya\cgfxShader\cgfxShaderLess.xpm' Old Version of File 'maya\cgfxShader\cgfxShaderLess.xpm' does not exist. Applying DELETE File Patch for 'maya\cgfxShader\cgfxShaderMore.xpm' Old Version of File 'maya\cgfxShader\cgfxShaderMore.xpm' does not exist. Applying DELETE File Patch for 'NavMesh\charset.dll' Old Version of File 'NavMesh\charset.dll' does not exist. Applying DELETE File Patch for 'NavMesh\CleanWork.bat' Old Version of File 'NavMesh\CleanWork.bat' does not exist. Applying MODIFY File Patch for 'ArchiveScripts\Client.lst' warning wpt0015: Old File does not exist Applying DELETE File Patch for 'Misc Tools\AI-Terrain texture tool\convertPFMapToTerrainTexture.bat' Old Version of File 'Misc Tools\AI-Terrain texture tool\convertPFMapToTerrainTexture.bat' does not exist. Applying MODIFY File Patch for 'dbghelp.dll' New Version of File 'dbghelp.dll' already exists. Applying MODIFY File Patch for 'demo.cmd' warning wpt0015: Old File does not exist Applying MODIFY File Patch for 'demo_documentation.txt' warning wpt0015: Old File does not exist Applying ADD File Patch for 'DIAG.EXE' New Version of File 'DIAG.EXE' already exists. Applying DELETE File Patch for 'maya\Script\DICE.mel' Old Version of File 'maya\Script\DICE.mel' does not exist. Applying MODIFY File Patch for 'dice_TextureAtlasTool.exe' warning wpt0015: Old File does not exist Applying DELETE File Patch for 'maya\Script\dnyUVPanel.mel' Old Version of File 'maya\Script\dnyUVPanel.mel' does not exist. Applying DELETE File Patch for 'NavMesh\ExportGTS.bat' Old Version of File 'NavMesh\ExportGTS.bat' does not exist. Applying DELETE File Patch for 'maya\Script\exportSkinMap.mel' Old Version of File 'maya\Script\exportSkinMap.mel' does not exist. Applying MODIFY File Patch for 'FragAnalyzer.exe' warning wpt0015: Old File does not exist Applying DELETE File Patch for 'NavMesh\GenerateAll.bat' Old Version of File 'NavMesh\GenerateAll.bat' does not exist. Applying DELETE File Patch for 'NavMesh\GenerateNavMesh.bat' Old Version of File 'NavMesh\GenerateNavMesh.bat' does not exist. Applying DELETE File Patch for 'NavMesh\GenerateNavmeshLocal.py' Old Version of File 'NavMesh\GenerateNavmeshLocal.py' does not exist. Applying DELETE File Patch for 'NavMesh\GetLatestEditor.bat' Old Version of File 'NavMesh\GetLatestEditor.bat' does not exist. Applying DELETE File Patch for 'NavMesh\gts.dll' Old Version of File 'NavMesh\gts.dll' does not exist. Applying DELETE File Patch for 'NavMesh\iconv.dll' Old Version of File 'NavMesh\iconv.dll' does not exist. Applying DELETE File Patch for 'maya\Install DICE Maya tools PLE.bat' Old Version of File 'maya\Install DICE Maya tools PLE.bat' does not exist. Applying DELETE File Patch for 'maya\Install DICE Maya tools.bat' Old Version of File 'maya\Install DICE Maya tools.bat' does not exist. Applying DELETE File Patch for 'NavMesh\intl.dll' Old Version of File 'NavMesh\intl.dll' does not exist. Applying DELETE File Patch for 'NavMesh\libglib-2.0-0.dll' Old Version of File 'NavMesh\libglib-2.0-0.dll' does not exist. Applying DELETE File Patch for 'NavMesh\libgmodule-2.0-0.dll' Old Version of File 'NavMesh\libgmodule-2.0-0.dll' does not exist. Applying DELETE File Patch for 'NavMesh\libgobject-2.0-0.dll' Old Version of File 'NavMesh\libgobject-2.0-0.dll' does not exist. Applying DELETE File Patch for 'NavMesh\libgthread-2.0-0.dll' Old Version of File 'NavMesh\libgthread-2.0-0.dll' does not exist. Applying DELETE File Patch for 'maya\Icons\lod.bmp' Old Version of File 'maya\Icons\lod.bmp' does not exist. Applying DELETE File Patch for 'maya\Script\LodTool.mel' Old Version of File 'maya\Script\LodTool.mel' does not exist. Applying MODIFY File Patch for 'makeMiniMap.con' warning wpt0015: Old File does not exist Applying DELETE File Patch for 'maya\Maya.env' Old Version of File 'maya\Maya.env' does not exist. Applying DELETE File Patch for 'mods\bf2\MemeEdit.exe' Deleting Old File Applying DELETE File Patch for 'maya\Icons\model.bmp' Old Version of File 'maya\Icons\model.bmp' does not exist. Applying DELETE File Patch for 'maya\Script\ModelTool.mel' Old Version of File 'maya\Script\ModelTool.mel' does not exist. Applying DELETE File Patch for 'NavMesh\Nav.bat' Old Version of File 'NavMesh\Nav.bat' does not exist. Applying DELETE File Patch for 'NavMesh\NavMesh.exe' Old Version of File 'NavMesh\NavMesh.exe' does not exist. Applying DELETE File Patch for 'NavMesh\NavMeshControl.exe' Old Version of File 'NavMesh\NavMeshControl.exe' does not exist. Applying DELETE File Patch for 'NavMesh\ObjectTest.exe' Old Version of File 'NavMesh\ObjectTest.exe' does not exist. Applying DELETE File Patch for 'maya\OpenMayaAnim.dll' Old Version of File 'maya\OpenMayaAnim.dll' does not exist. Applying DELETE File Patch for 'maya\Plugin\ProgressiveMesh_Release.mll' Old Version of File 'maya\Plugin\ProgressiveMesh_Release.mll' does not exist. Applying DELETE File Patch for 'maya\Script\ProgressiveMeshUI.mel' Old Version of File 'maya\Script\ProgressiveMeshUI.mel' does not exist. Applying DELETE File Patch for 'maya\Icons\rack.bmp' Old Version of File 'maya\Icons\rack.bmp' does not exist. Applying DELETE File Patch for 'maya\Script\README.txt' Old Version of File 'maya\Script\README.txt' does not exist. Applying DELETE File Patch for 'NavMesh\ReExportQuad.bat' Old Version of File 'NavMesh\ReExportQuad.bat' does not exist. Applying DELETE File Patch for 'maya\Icons\reload.bmp' Old Version of File 'maya\Icons\reload.bmp' does not exist. Applying DELETE File Patch for 'maya\Script\remote.mel' Old Version of File 'maya\Script\remote.mel' does not exist. Applying DELETE File Patch for 'maya\cgfxShader\render_cgfxShader.xpm' Old Version of File 'maya\cgfxShader\render_cgfxShader.xpm' does not exist. Applying DELETE File Patch for 'NavMesh\ROBOCOPY.exe' Old Version of File 'NavMesh\ROBOCOPY.exe' does not exist. Applying DELETE File Patch for 'NavMesh\SaveQuad.bat' Old Version of File 'NavMesh\SaveQuad.bat' does not exist. Applying DELETE File Patch for 'NavMesh\SaveQuadLocal.bat' Old Version of File 'NavMesh\SaveQuadLocal.bat' does not exist. Applying ADD File Patch for 'mods\bf2\Settings\ServerSettingsDesc.xls' Adding New File Verifying - Passed! Applying DELETE File Patch for 'maya\Icons\shader.bmp' Old Version of File 'maya\Icons\shader.bmp' does not exist. Applying DELETE File Patch for 'maya\Script\ShaderTool.mel' Old Version of File 'maya\Script\ShaderTool.mel' does not exist. Applying DELETE File Patch for 'SinglePlayer.bat' Old Version of File 'SinglePlayer.bat' does not exist. Applying ADD File Patch for 'mods\bf2\Levels\Dalian_plant\Info\sp1_16_menuMap.png' New Version of File 'mods\bf2\Levels\Dalian_plant\Info\sp1_16_menuMap.png' already exists. Applying ADD File Patch for 'mods\bf2\Levels\Daqing_oilfields\Info\sp1_16_menuMap.png' New Version of File 'mods\bf2\Levels\Daqing_oilfields\Info\sp1_16_menuMap.png' already exists. Applying ADD File Patch for 'mods\bf2\Levels\Dragon_Valley\Info\sp1_16_menuMap.png' New Version of File 'mods\bf2\Levels\Dragon_Valley\Info\sp1_16_menuMap.png' already exists. Applying ADD File Patch for 'mods\bf2\Levels\FuShe_Pass\Info\sp1_16_menuMap.png' New Version of File 'mods\bf2\Levels\FuShe_Pass\Info\sp1_16_menuMap.png' already exists. Applying ADD File Patch for 'mods\bf2\Levels\Gulf_of_Oman\Info\sp1_16_menuMap.png' New Version of File 'mods\bf2\Levels\Gulf_of_Oman\Info\sp1_16_menuMap.png' already exists. Applying ADD File Patch for 'mods\bf2\Levels\kubra_dam\Info\sp1_16_menuMap.png' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Levels\Mashtuur_City\Info\sp1_16_menuMap.png' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Levels\Operation_Clean_Sweep\Info\sp1_16_menuMap.png' New Version of File 'mods\bf2\Levels\Operation_Clean_Sweep\Info\sp1_16_menuMap.png' already exists. Applying ADD File Patch for 'mods\bf2\Levels\Sharqi_Peninsula\Info\sp1_16_menuMap.png' New Version of File 'mods\bf2\Levels\Sharqi_Peninsula\Info\sp1_16_menuMap.png' already exists. Applying ADD File Patch for 'mods\bf2\Levels\Songhua_Stalemate\Info\sp1_16_menuMap.png' New Version of File 'mods\bf2\Levels\Songhua_Stalemate\Info\sp1_16_menuMap.png' already exists. Applying ADD File Patch for 'mods\bf2\Levels\Strike_at_Karkand\Info\sp1_16_menuMap.png' New Version of File 'mods\bf2\Levels\Strike_at_Karkand\Info\sp1_16_menuMap.png' already exists. Applying ADD File Patch for 'mods\bf2\Levels\Zatar_Wetlands\Info\sp1_16_menuMap.png' New Version of File 'mods\bf2\Levels\Zatar_Wetlands\Info\sp1_16_menuMap.png' already exists. Applying DELETE File Patch for 'NavMesh\StartNavmesh.bat' Old Version of File 'NavMesh\StartNavmesh.bat' does not exist. Applying DELETE File Patch for 'NavMesh\StartNavmesh.py' Old Version of File 'NavMesh\StartNavmesh.py' does not exist. Applying ADD File Patch for 'mods\bf2\std_archive_mod.md5' Adding New File Verifying - Passed! Applying DELETE File Patch for 'maya\Icons\sync.bmp' Old Version of File 'maya\Icons\sync.bmp' does not exist. Applying ADD File Patch for 'mods\bf2\t1040t5440.tmp' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\t2820t5413.tmp' Adding New File Verifying - Passed! Applying DELETE File Patch for 'testrange.bat' Old Version of File 'testrange.bat' does not exist. Applying DELETE File Patch for 'Misc Tools\AI-Terrain texture tool\to8bit.bat' Old Version of File 'Misc Tools\AI-Terrain texture tool\to8bit.bat' does not exist. Applying DELETE File Patch for 'maya\transform.fx' Old Version of File 'maya\transform.fx' does not exist. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\sasrif_fn2000\Info\unlockIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\sasrif_fn2000\Info\unlockIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\sasrif_g36e\Info\unlockIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\sasrif_g36e\Info\unlockIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\sasrif_mg36\Info\unlockIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\sasrif_mg36\Info\unlockIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\sasrif_mp7\Info\unlockIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\sasrif_mp7\Info\unlockIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\usrif_fnscarl\Info\unlockIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\usrif_fnscarl\Info\unlockIcon.png' already exists. Applying DELETE File Patch for 'maya\Script\userSetup.mel' Old Version of File 'maya\Script\userSetup.mel' does not exist. Applying DELETE File Patch for 'maya\Script\Util.mel' Old Version of File 'maya\Script\Util.mel' does not exist. Applying DELETE File Patch for 'maya\Icons\uvanim.bmp' Old Version of File 'maya\Icons\uvanim.bmp' does not exist. Applying DELETE File Patch for 'maya\Script\UvAnimTool.mel' Old Version of File 'maya\Script\UvAnimTool.mel' does not exist. Applying DELETE File Patch for 'maya\Icons\weapon.bmp' Old Version of File 'maya\Icons\weapon.bmp' does not exist. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\nshgr_flashbang\Info\weaponIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\nshgr_flashbang\Info\weaponIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\nsrif_crossbow\Info\weaponIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\nsrif_crossbow\Info\weaponIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\nsrif_grapplinghook\Info\weaponIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\nsrif_grapplinghook\Info\weaponIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\sasgr_fn2000\Info\weaponIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\sasgr_fn2000\Info\weaponIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\sasrif_fn2000\Info\weaponIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\sasrif_fn2000\Info\weaponIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\sasrif_g36e\Info\weaponIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\sasrif_g36e\Info\weaponIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\sasrif_mg36\Info\weaponIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\sasrif_mg36\Info\weaponIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\sasrif_mp7\Info\weaponIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\sasrif_mp7\Info\weaponIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\sasrif_teargas\Info\weaponIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\sasrif_teargas\Info\weaponIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\usrif_fnscarh\Info\weaponIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\usrif_fnscarh\Info\weaponIcon.png' already exists. Applying ADD File Patch for 'mods\bf2\Objects\Weapons\Handheld\usrif_fnscarl\Info\weaponIcon.png' New Version of File 'mods\bf2\Objects\Weapons\Handheld\usrif_fnscarl\Info\weaponIcon.png' already exists. Applying DELETE File Patch for 'maya\Script\WeaponTool.mel' Old Version of File 'maya\Script\WeaponTool.mel' does not exist. Applying ADD File Patch for 'mods\bf2\Localization\chinese\XPChinese.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\dutch\XPDutch.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\english\XPEnglish.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\french\XPFrench.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\german\XPGerman.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\italian\XPItalian.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\japanese\XPJapanese.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\korean\XPKorean.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\polish\XPPolish.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\spanish\XPSpanish.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\swedish\XPSwedish.utxt' Adding New File Verifying - Passed! Applying ADD File Patch for 'mods\bf2\Localization\thai\XPThai.utxt' Adding New File Verifying - Passed! ----- Patch File Processing Complete ----- ----------------------------------------------------- - Results of Application of Patch File - ----------------------------------------------------- File Patches Applied ......................... ( 59) Files Modified .................. ( 0) Files Renamed. .................. ( 0) Files Added ..................... ( 57) Files Deleted ................... ( 2) Temporary Files Processed........ ( 0) File Patches Skipped: New Files Up-To-Date.... ( 132) File Patches Ignored: Old Files Missing....... ( 20) Old Files Invalid....... ( 61) ----------------------------------------------------- Total File Patches Processed ................. ( 272) ----------------------------------------------------- > Endret 30. mars 2008 av GuZzlE Lenke til kommentar
norbat Skrevet 30. mars 2008 Forfatter Del Skrevet 30. mars 2008 GuZzIe: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. Folder:: C:\ProgramData\Memo Drive Vc Log Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mfcdroam"=- "vc log bows face"=- RenV:: ----a-w 325,204 2006-12-21 19:56:28 C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe Kjenner du til denne mappa: C:\ProgramData\Great Safe (hvis ikke, sjekk om det ligger noen filer inni og evt. hvilke filer er det) Lenke til kommentar
Monkey553 Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 GuZzIe: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. Folder:: C:\ProgramData\Memo Drive Vc Log Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mfcdroam"=- "vc log bows face"=- RenV:: ----a-w 325,204 2006-12-21 19:56:28 C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe Kjenner du til denne mappa: C:\ProgramData\Great Safe (hvis ikke, sjekk om det ligger noen filer inni og evt. hvilke filer er det) Her er loggen: Klikk for å se/fjerne innholdet nedenfor <ComboFix 08-03-30.2 - Kristoffer 2008-03-30 20:53:20.2 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1083 [GMT 2:00] Running from: C:\Users\Kristoffer\Desktop\ComboFix.exe Command switches used :: C:\Users\Kristoffer\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Memo Drive Vc Log C:\ProgramData\Memo Drive Vc Log\dent else.exe . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-30 16:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-03-30 15:40 --------- d-----w C:\Program Files\Trend Micro 2008-03-30 14:39 --------- d-----w C:\Users\Kristoffer\AppData\Roaming\SUPERAntiSpyware.com 2008-03-30 14:39 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-03-30 14:39 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-30 14:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-30 14:34 --------- d-----w C:\Program Files\CCleaner 2008-03-30 13:08 118,784 ----a-w C:\Users\Kristoffer\pbweb.exe 2008-03-30 13:04 82,082 ----a-w C:\Users\Kristoffer\AppData\Roaming\nvModes.dat 2008-03-30 13:04 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-03-30 12:50 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-03-30 12:45 22,328 ----a-w C:\Users\Kristoffer\AppData\Roaming\PnkBstrK.sys 2008-03-30 12:44 674,600 ----a-w C:\Windows\System32\pbsvc.exe 2008-03-30 12:44 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-03-29 16:17 --------- d-----w C:\Program Files\Norton 360 Online 2008-03-29 15:32 --------- d-----w C:\ProgramData\Symantec 2008-03-29 01:47 --------- d-----w C:\Users\Kristoffer\AppData\Roaming\Skype 2008-03-28 16:51 674,600 ----a-w C:\Windows\System32\pbsvc[1].exe 2008-03-28 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-25 17:31 --------- d-----w C:\Program Files\Red Storm Entertainment 2008-03-25 17:30 --------- d-----w C:\ProgramData\Media Center Programs 2008-03-24 20:14 --------- d-----w C:\Program Files\Ubi Soft 2008-03-23 12:33 --------- d-----w C:\Program Files\QuickTime 2008-03-20 14:13 --------- d-----w C:\Program Files\Google 2008-03-19 13:10 --------- d-----w C:\Program Files\Windows Live 2008-03-15 10:15 --------- d-----w C:\ProgramData\Steam 2008-03-15 10:15 --------- d-----w C:\ProgramData\PopCap Games 2008-03-15 06:47 --------- d-----w C:\ProgramData\Lavasoft 2008-03-15 06:46 --------- d-----w C:\Program Files\Lavasoft 2008-03-15 06:27 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-03-15 06:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-15 02:09 --------- d-----w C:\Program Files\Windows Mail 2008-03-15 02:03 --------- d-----w C:\ProgramData\Microsoft Help 2008-03-14 22:02 --------- d---a-w C:\ProgramData\TEMP 2008-03-13 20:29 --------- d-----w C:\Program Files\Guild Wars 2008-03-11 19:07 --------- d-----w C:\Users\Kristoffer\AppData\Roaming\Template 2008-03-11 19:05 0 ----a-w C:\Users\Kristoffer\AppData\Roaming\wklnhst.dat 2008-03-09 13:17 212 ----a-w C:\delete.bat 2008-03-09 13:15 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-09 09:02 --------- d-----w C:\Program Files\MSN Messenger 2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat 2008-03-06 14:43 --------- d-----w C:\ProgramData\Great Safe 2008-03-01 13:22 562,044,991 ----a-w C:\Users\Kristoffer\BF2_Patch_1.41.exe 2008-03-01 10:30 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-01 10:27 --------- d-----w C:\ProgramData\WLInstaller 2008-02-29 23:09 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-29 23:09 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-29 23:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-29 23:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-29 23:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-29 23:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-29 23:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-29 23:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-02-29 23:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-29 23:03 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-29 23:03 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-29 23:03 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-29 23:03 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-29 23:03 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-29 23:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-29 23:02 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-29 23:02 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-29 23:02 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-29 23:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-29 23:02 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-29 22:59 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-29 22:59 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-29 22:59 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-29 22:59 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-29 22:57 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-02-29 19:25 --------- d-----w C:\Program Files\EA GAMES 2008-02-29 19:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-30 19:50 --------- d-----w C:\Users\Kristoffer\AppData\Roaming\Qtrax1 2008-01-30 19:50 --------- d-----w C:\ProgramData\SongbirdVLC 2008-01-27 14:11 39,936 ----a-w C:\Windows\System32\dwmapi.dll 2008-01-27 14:11 2,016,256 ----a-w C:\Windows\System32\milcore.dll 2008-01-21 19:26 361,544,078 ----a-w C:\Users\Kristoffer\GTA2INSTALLER.ZIP 2008-01-18 22:13 111,063,040 ----a-w C:\Users\Kristoffer\EN_100_140_Patch.exe 2008-01-10 16:32 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-12-25 01:08 174 --sha-w C:\Program Files\desktop.ini 2007-12-25 00:57 87,040 ----a-w C:\Windows\System32\msoert2.dll 2007-12-25 00:57 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-12-25 00:57 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-12-25 00:57 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-12-25 00:57 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-12-25 00:57 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-12-25 00:57 39,424 ----a-w C:\Windows\System32\ACCTRES.dll 2007-12-25 00:57 299,008 ----a-w C:\Windows\System32\wlansec.dll 2007-12-25 00:57 289,280 ----a-w C:\Windows\System32\wlanmsm.dll 2007-12-25 00:57 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-12-25 00:57 205,824 ----a-w C:\Windows\System32\msoeacct.dll 2007-12-25 00:57 2,923,520 ----a-w C:\Windows\explorer.exe 2007-12-25 00:57 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-12-25 00:55 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2007-12-25 00:55 7,680 ----a-w C:\Windows\System32\spwmp.dll 2007-12-25 00:55 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2007-12-25 00:55 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2007-12-25 00:54 86,016 ----a-w C:\Windows\System32\icfupgd.dll 2007-12-25 01:18 22 --sha-w C:\Windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((( snapshot@2008-03-30_17.32.12.68 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-30 15:28:20 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-03-30 18:42:04 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-03-30 14:29:56 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-03-30 18:44:32 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-03-30 15:29:30 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-03-30 18:44:23 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-03-30 18:44:23 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-03-30 15:20:44 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-03-30 18:52:50 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-03-30 15:29:30 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-03-30 18:44:17 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-03-30 18:44:17 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-03-30 11:22:06 103,924 ----a-w C:\Windows\System32\perfc009.dat + 2008-03-30 18:48:20 103,924 ----a-w C:\Windows\System32\perfc009.dat - 2008-03-30 11:22:06 79,408 ----a-w C:\Windows\System32\perfc014.dat + 2008-03-30 18:48:20 79,408 ----a-w C:\Windows\System32\perfc014.dat - 2008-03-30 11:22:06 610,142 ----a-w C:\Windows\System32\perfh009.dat + 2008-03-30 18:48:20 610,142 ----a-w C:\Windows\System32\perfh009.dat - 2008-03-30 11:22:06 476,858 ----a-w C:\Windows\System32\perfh014.dat + 2008-03-30 18:48:20 476,858 ----a-w C:\Windows\System32\perfh014.dat - 2008-03-30 11:17:18 7,080 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2926010633-3567154249-1038596292-1000_UserData.bin + 2008-03-30 18:44:41 7,228 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2926010633-3567154249-1038596292-1000_UserData.bin - 2008-03-30 11:17:17 68,360 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-03-30 18:44:41 68,888 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-03-30 15:26:51 4,480 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat + 2008-03-30 16:10:49 5,818 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat - 2008-03-30 11:17:15 40,360 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-03-30 18:44:39 40,548 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 18:32 1232896] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-14 01:41 20034600] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-20 13:45 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 05:36 827392] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-09 04:57 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-09 04:57 8433664] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-09 04:57 81920] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 20:12 17920] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] C:\Users\Kristoffer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Telenor Sikker Lagring.lnk - C:\Program Files\Telenor Sikker Lagring\safestorage.exe [2007-12-26 23:09:06 91648] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872] Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-04 19:04:20 784912] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{9DB488AA-465B-49F7-BB72-84989EE814A8}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{8A9CAB74-927D-4162-9027-08F1DABD1866}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{47BB0779-5DA7-44A3-9A0A-902CFFFB3BAA}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{A527A7B2-7620-4B5C-A773-5159A4C518BE}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{32E24CEB-BD8A-4BB8-A051-18F58D452999}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{1133B6DD-6B10-4DEA-9054-E6062EBD04A5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C3EDA73A-38D2-4647-9765-C77BC22CE7E0}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{4F7A67B7-D078-4A4E-BB57-6EB387E2B9E4}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{D289A8B1-6580-4C59-BAB2-77F9B35FF119}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{DEA84F20-AD1E-4AE3-909E-048DEF1DEC7F}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{01B70034-CE15-4A12-AF9F-1E91AABA49E9}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{8D09ECC1-6404-4F0D-B174-11E5A2465AAA}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{2883C50F-B611-4306-9546-0252A328D436}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080325.002\IDSvix86.sys [2008-02-13 18:18] R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 11:45] R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 11:45] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 18:44] R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 01:50] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 08:32] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 17:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel bthsvcs REG_MULTI_SZ BthServ GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{935c74d1-b29c-11dc-b03a-806e6f6e6963}] \shell\AutoRun\command - E:\Autorun.exe *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-03-30 16:00:11 C:\Windows\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2008-03-30 11:20:18 C:\Windows\Tasks\User_Feed_Synchronization-{FC1CB16A-E423-4743-95A6-117DB77CCE95}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-30 20:56:11 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-30 20:56:51 ComboFix-quarantined-files.txt 2008-03-30 18:56:47 ComboFix2.txt 2008-03-30 15:32:52 Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. . 2008-03-28 14:26:39 --- E O F --- > i Great Safe ligger noen programmer som heter: Fragaxissixthbits, Inside 64, tjqkcqnv og tvijzwav Lenke til kommentar
norbat Skrevet 30. mars 2008 Forfatter Del Skrevet 30. mars 2008 Da sletter du hele mappa: C:\ProgramData\Great Safe Hvordan kjører forøvrig PC-en? Lenke til kommentar
Monkey553 Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Da sletter du hele mappa: C:\ProgramData\Great Safe Hvordan kjører forøvrig PC-en? ok.. takk PC-en kjører bra.. men noen ganger er den litt treg når jeg skal inn på internett. Lenke til kommentar
norbat Skrevet 30. mars 2008 Forfatter Del Skrevet 30. mars 2008 Ok, Du kan avinstallere combofix ved å skrive combofix /u i kjør/søk-feltet. Du kunne også ha kjørt en rens av temp-mappene. Et bra prog. for dette er ccleaner: Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Lenke til kommentar
Monkey553 Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Ok,Du kan avinstallere combofix ved å skrive combofix /u i kjør/søk-feltet. Du kunne også ha kjørt en rens av temp-mappene. Et bra prog. for dette er ccleaner: Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. ok.. tusen takk.. skal jeg poste loggen etter jeg har kjørt CCleaner? Lenke til kommentar
norbat Skrevet 30. mars 2008 Forfatter Del Skrevet 30. mars 2008 Nei, det behøver du ikke. Lenke til kommentar
Monkey553 Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Nei, det behøver du ikke. ok.. Tusen hjertelig takk for hjelpen Lenke til kommentar
Monkey553 Skrevet 31. mars 2008 Del Skrevet 31. mars 2008 Når jeg slo på pc-en igjen etter jeg slo den av i går var skrivebordet og alle ikonene svarte, det eneste jeg så var startlinja og skriften som er under ikonene.. har prøvd å slå av pc-en og slå den på igjen men det skjedde ingenting.. hvis du vet hvorfor dette skjer hadde vært fint om noen kunne si hvorfor Lenke til kommentar
norbat Skrevet 31. mars 2008 Forfatter Del Skrevet 31. mars 2008 Vil tro en resetting av icon cachen kan fixe problemet. Sjekk metode 2 før du prøver deg på metode 1 på dette nettstedet: http://www.vistax64.com/tutorials/117229-i...he-rebuild.html Lenke til kommentar
Monkey553 Skrevet 31. mars 2008 Del Skrevet 31. mars 2008 Vil tro en resetting av icon cachen kan fixe problemet. Sjekk metode 2 før du prøver deg på metode 1 på dette nettstedet: http://www.vistax64.com/tutorials/117229-i...he-rebuild.html ok takk.. skal prøve det.. og tusen takk igjen for hjelpen igår. endelig er jeg kvitt pop up:) Lenke til kommentar
Monkey553 Skrevet 2. april 2008 Del Skrevet 2. april 2008 Det virket ikke.. -.-.. det som er så rart er at teksten under ikonene er der men ikke ikonene:S.. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå