Poster utskilt fra veiledertråden-2

[Piddy]

Hallo. Jeg klarte å lukke loggen som kom etter hurtigscannen med MalwareByte, men jeg husker den fjernet 4 saker kalt Trojan.FakeAlert.

 

Her er main.txt:

Klikk for å se/fjerne innholdet nedenfor

Performed disk cleanup.

 

System Drive C: has 28.04 GiB (less than 15%) free.

 

 

-- HijackThis (run as Piddy.exe) -----------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:03:57 PM, on 8/17/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\FeedReader30\feedreader.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Windows\V0230Mon.exe

C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\apvxdwin.exe

C:\Users\Piddy\AppData\Local\Temp\lsass.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Program Files (x86)\Internet Explorer\ieuser.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\conime.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil9f.exe

C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe

C:\Users\Piddy\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe

C:\Users\Piddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ960MIP\dss[1].exe

C:\Users\Piddy\Desktop\HIJACK~1\Piddy.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\avciman.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files (x86)\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sYSTEM.rt32] C:\Users\Piddy\AppData\Local\Temp\lsass.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent

O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files (x86)\FeedReader30\feedreader.exe"

O4 - HKCU\..\Run: [MoeMonitor.exe] "C:\Users\Piddy\AppData\Local\Microsoft\Live Mesh\Bin\Servicing.9.3103.9\MoeMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: SetPointII.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Nedlasting alle med Free Nedlasting Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Nedlasting med Free Nedlasting Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: Nedlasting valgte med Free Nedlasting Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~3\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~3\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files (x86)\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files (x86)\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\pavsrvx86.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files (x86)\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PskSvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer3\TeamViewer_Host.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\TPSrvWow.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12329 bytes

 

-- File Associations -----------------------------------------------------------

 

.js - JSFile - shell\open\command - C:\PROGRA~3\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*

.reg - regfile - shell\open\command - regedit.exe "%1" %*

.scr - scrfile - shell\open\command - "%1" %*

.vbs - VBSFile - shell\open\command - C:\PROGRA~3\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)

R0 atapi (IDE Channel) - c:\windows\system32\drivers\atapi.sys (file missing)

R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing)

R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)

R0 disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)

R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing)

R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing)

R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)

R0 fvevol (BitLocker Drive Encryption Filter Driver) - c:\windows\system32\drivers\fvevol.sys (file missing)

R0 intelide - c:\windows\system32\drivers\intelide.sys (file missing)

R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)

R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)

R0 msisadrv (ISA/EISA Class Driver) - c:\windows\system32\drivers\msisadrv.sys (file missing)

R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)

R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)

R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)

R0 pavboot - c:\windows\system32\drivers\pavboot64.sys (file missing)

R0 pci (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)

R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing)

R0 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)

R0 volmgr (Volume Manager Driver) - c:\windows\system32\drivers\volmgr.sys (file missing)

R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing)

R0 volsnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)

R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing)

R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing)

R1 APPFLT (App Filter Plugin) - c:\windows\system32\drivers\appflt64.sys (file missing)

R1 cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)

R1 CSC (Offline Files Driver) - c:\windows\system32\drivers\csc.sys (file missing)

R1 DfsC (DFS Namespace Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing)

R1 DSAFLT (DSA Filter Plugin) - c:\windows\system32\drivers\dsaflt64.sys (file missing)

R1 FNETMON (NetMon Filter Plugin) - c:\windows\system32\drivers\fnetm64.sys (file missing)

R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)

R1 IDSFLT (Ids Filter Plugin) - c:\windows\system32\drivers\idsflt64.sys (file missing)

R1 kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)

R1 mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)

R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)

R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)

R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing)

R1 NETFLTDI (Panda Net Driver [TDI Layer]) - c:\windows\system32\drivers\nettdi64.sys (file missing)

R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)

R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing)

R1 Null - c:\windows\system32\drivers\null.sys (file missing)

R1 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\pacer.sys (file missing)

R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)

R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing)

R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)

R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing)

R1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing)

R1 ShldFlt (Panda File Shield Driver) - c:\windows\system32\drivers\shldflt.sys (file missing)

R1 Smb (Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)) - c:\windows\system32\drivers\smb.sys (file missing)

R1 SMSFLT (SMS Filter Plugin) - c:\windows\system32\drivers\smsflt64.sys (file missing)

R1 tdx (NetIO Legacy TDI Support Driver) - c:\windows\system32\drivers\tdx.sys (file missing)

R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)

R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing)

R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)

R1 WNMFLT (Wifi Monitor Filter Plugin) - c:\windows\system32\drivers\wnmflt64.sys (file missing)

R1 ws2ifsl (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - c:\windows\system32\drivers\ws2ifsl.sys (file missing)

R2 AmFSM - c:\windows\system32\drivers\amm6460.sys (file missing)

R2 ComFiltr (Panda Anti-Dialer) - c:\windows\system32\drivers\comfiltr.sys (file missing)

R2 cpoint (Panda CPoint Driver) - c:\windows\system32\drivers\cpoint64.sys (file missing)

R2 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)

R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing)

R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing)

R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing)

R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing)

R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)

R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing)

R3 AgereSoftModem (Agere Systems Soft Modem) - c:\windows\system32\drivers\agrsm64.sys (file missing)

R3 atikmdag - c:\windows\system32\drivers\atikmdag.sys (file missing)

R3 b57nd60a (%SvcDispName%) - c:\windows\system32\drivers\b57nd60a.sys (file missing)

R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing)

R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing)

R3 fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)

R3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)

R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)

R3 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)

R3 iScsiPrt (iScsiPort Driver) - c:\windows\system32\drivers\msiscsi.sys (file missing)

R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing)

R3 L8042Kbd (SetPoint Keyboard Driver) - c:\windows\system32\drivers\l8042kbd.sys (file missing)

R3 L8042mou (SetPoint PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042mou.sys (file missing)

R3 LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - c:\windows\system32\drivers\lhidfilt.sys (file missing)

R3 LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - c:\windows\system32\drivers\lmoufilt.sys (file missing)

R3 LMouKE (SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)

R3 LUsbFilt (Logitech SetPoint KMDF USB Filter) - c:\windows\system32\drivers\lusbfilt.sys (file missing)

R3 Modem - c:\windows\system32\drivers\modem.sys (file missing)

R3 monitor (Microsoft Monitor Class Function Driver Service) - c:\windows\system32\drivers\monitor.sys (file missing)

R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)

R3 mpsdrv (Windows Firewall Authorization Driver) - c:\windows\system32\drivers\mpsdrv.sys (file missing)

R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing)

R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing)

R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing)

R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing)

R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)

R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)

R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)

R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)

R3 NETIMFLT01050097 (PANDA NDIS IM Filter Miniport v1.5.0.97) - c:\windows\system32\drivers\netim64.sys (file missing)

R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)

R3 ohci1394 (AGERE OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing)

R3 P17 (SB Live! 24-bit) - c:\windows\system32\drivers\p17.sys (file missing)

R3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)

R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)

R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)

R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)

R3 RasSstp (WAN Miniport (SSTP)) - c:\windows\system32\drivers\rassstp.sys (file missing)

R3 RDPDISPM - c:\windows\system32\drivers\rdpdispm.sys (file missing)

R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)

R3 Serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)

R3 srv - c:\windows\system32\drivers\srv.sys (file missing)

R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing)

R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing)

R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)

R3 tunmp (Microsoft Tun Miniport Adapter Driver) - c:\windows\system32\drivers\tunmp.sys (file missing)

R3 tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver) - c:\windows\system32\drivers\tunnel.sys (file missing)

R3 umbus (UMBus Enumerator Driver) - c:\windows\system32\drivers\umbus.sys (file missing)

R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)

R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)

R3 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing)

R3 V0230Vfx - c:\windows\system32\drivers\v0230vfx.sys (file missing)

R3 V0230VID (Live! Cam Video IM Pro) - c:\windows\system32\drivers\v0230vid.sys (file missing)

R3 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing)

R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing)

R4 udfs - c:\windows\system32\drivers\udfs.sys (file missing)

 

S1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)

S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing)

S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)

S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing)

S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing)

S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing)

S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:\windows\system32\drivers\drmkaud.sys (file missing)

S3 E1G60 (Intel® PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing)

S3 exfat (exFAT File System Driver) - c:\windows\system32\drivers\exfat.sys (file missing)

S3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing)

S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing)

S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing)

S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)

S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing)

S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)

S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)

S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)

S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing)

S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - c:\windows\system32\drivers\mstee.sys (file missing)

S3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing)

S3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)

S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing)

S3 QWAVEdrv (QWAVE driver) - c:\windows\system32\drivers\qwavedrv.sys (file missing)

S3 R300 - c:\windows\system32\drivers\atikmdag.sys (file missing)

S3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing)

S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing)

S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing)

S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)

S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)

S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)

S3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing)

S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing)

S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing)

S3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)

S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)

S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)

S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)

S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing)

S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing)

S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing)

S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing)

S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing)

S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing)

S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing)

S4 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)

S4 arc - c:\windows\system32\drivers\arc.sys (file missing)

S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing)

S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing)

S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing)

S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing)

S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing)

S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing)

S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing)

S4 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing)

S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing)

S4 flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)

S4 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)

S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing)

S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing)

S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing)

S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing)

S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing)

S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing)

S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing)

S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)

S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing)

S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing)

S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing)

S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing)

S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing)

S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing)

S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing)

S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing)

S4 msahci - c:\windows\system32\drivers\msahci.sys (file missing)

S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing)

S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing)

S4 nvraid - c:\windows\system32\drivers\nvraid.sys (file missing)

S4 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing)

S4 pciide - c:\windows\system32\drivers\pciide.sys (file missing)

S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)

S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)

S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing)

S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing)

S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing)

S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing)

S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing)

S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing)

S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing)

S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing)

S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing)

S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing)

S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing)

S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing)

S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing)

S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing)

S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing)

S4 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)

S4 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing)

S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing)

S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing)

S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing)

S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing)

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 AgereModemAudio (Agere Modem Call Progress Audio) - c:\windows\system32\agr64svc.exe (file missing)

R2 Ati External Event Utility - c:\windows\system32\ati2evxx.exe (file missing)

R2 pmshellsrv (Panda Antispam Engine) - c:\program files (x86)\panda security\panda internet security 2008\antispam\pskmssvc.exe

R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)

R2 slsvc (Software Licensing) - c:\windows\system32\slsvc.exe (file missing)

R2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing)

R3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)

 

S3 ALG (Application Layer Gateway Service) - c:\windows\system32\alg.exe (file missing)

S3 DFSR (DFS Replication) - c:\windows\system32\dfsr.exe (file missing)

S3 Fax - c:\windows\system32\fxssvc.exe (file missing)

S3 KeyIso (CNG Key Isolation) - c:\windows\system32\lsass.exe (file missing)

S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)

S3 Netlogon - c:\windows\system32\lsass.exe (file missing)

S3 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)

S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe (file missing)

S3 SNMPTRAP (SNMP Trap) - c:\windows\system32\snmptrap.exe (file missing)

S3 Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe /runasservice

S3 UI0Detect (Interactive Services Detection) - c:\windows\system32\ui0detect.exe (file missing)

S3 vds (Virtual Disk) - c:\windows\system32\vds.exe (file missing)

S3 wbengine (Block Level Backup Engine Service) - "c:\windows\system32\wbengine.exe" (file missing)

S3 wmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-08-11 22:47:55 266 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job

 

 

-- Files created between 2008-07-17 and 2008-08-17 -----------------------------

 

2008-08-17 20:48:07 0 d-------- C:\Users\All Users\Malwarebytes

2008-08-17 20:48:06 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2008-08-17 09:59:31 0 d-------- C:\Program Files (x86)\ImgBurn

2008-08-13 01:16:22 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-08-13 01:15:49 0 d-------- C:\Program Files (x86)\SUPERAntiSpyware

2008-08-13 01:03:45 0 d-------- C:\Program Files (x86)\CCleaner

2008-08-12 18:06:22 0 d-------- C:\Windows\FltMgr

2008-08-12 18:05:52 0 d-------- C:\Users\All Users\sentinel

2008-08-12 18:02:03 0 d-------- C:\Users\All Users\Backup

2008-08-12 18:01:37 446464 --a------ C:\Windows\system32\HHActiveX.dll <Not Verified; eHelp Corporation.; RoboHELP HTML 9.2>

2008-08-12 18:00:57 0 d-------- C:\Windows\system32\PAV

2008-08-12 13:57:13 0 --a------ C:\Autoexec.bat

2008-08-12 13:29:16 0 d-------- C:\Users\All Users\Avg8

2008-08-12 13:23:07 0 d-------- C:\Program Files (x86)\Common Files\Panda Software

2008-08-11 23:56:29 0 d-------- C:\Program Files (x86)\Panda Security

2008-08-11 22:47:14 0 d-------- C:\Program Files (x86)\Windows Live Toolbar

2008-08-11 22:47:09 0 d-------- C:\Program Files (x86)\Windows Live Favorites

2008-08-11 22:43:49 0 d-------- C:\Program Files (x86)\Windows Live

2008-08-11 19:25:27 0 d-------- C:\Program Files (x86)\VideoLAN

2008-08-07 14:58:37 0 d-------- C:\Users\All Users\Google Updater

2008-08-07 14:58:34 0 d-------- C:\Program Files (x86)\Google

2008-08-05 23:49:32 0 d-------- C:\Program Files (x86)\thriXXX

2008-08-05 22:14:58 0 d-------- C:\Program Files (x86)\Me.dium

2008-08-05 14:56:35 0 d-------- C:\Program Files (x86)\QuickTime

2008-08-04 20:19:47 0 d-------- C:\Program Files (x86)\Java

2008-08-04 20:19:12 0 d-------- C:\Program Files (x86)\Common Files\Java

2008-08-03 23:32:46 0 d-------- C:\Program Files (x86)\JAM Software

2008-08-01 02:10:39 171136 -rahs---- C:\grldr

2008-07-31 16:51:23 0 d-------- C:\Program Files (x86)\Unreal Tournament 3

2008-07-31 16:26:44 0 d-------- C:\Windows\system32\AGEIA

2008-07-31 16:26:43 0 d-------- C:\Program Files (x86)\AGEIA Technologies

2008-07-29 17:33:50 0 d-------- C:\Program Files (x86)\Common Files\Adobe AIR

2008-07-29 17:29:01 0 d-------- C:\Users\All Users\Adobe

2008-07-29 17:28:47 0 d-------- C:\Program Files (x86)\Common Files\Adobe

2008-07-29 17:22:35 0 d-------- C:\Users\All Users\NOS

2008-07-29 17:22:33 0 d-------- C:\Program Files (x86)\NOS

2008-07-29 05:47:04 0 d-------- C:\Program Files (x86)\Lionhead Studios Ltd

2008-07-28 01:35:15 0 d-------- C:\Diablo

2008-07-27 21:46:01 0 d-------- C:\Users\All Users\Logitech

2008-07-24 14:41:10 0 d-------- C:\Program Files (x86)\FeedReader30

2008-07-23 18:29:31 39765 --a------ C:\Windows\DIIUnin.dat

2008-07-23 18:29:28 2829 --a------ C:\Windows\DIIUnin.pif

2008-07-23 18:29:28 94208 --a------ C:\Windows\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>

2008-07-23 17:39:19 0 d-------- C:\Program Files (x86)\Diablo II

2008-07-23 05:05:43 0 d-------- C:\Users\All Users\Ubisoft

2008-07-23 04:52:22 0 d-------- C:\Program Files (x86)\Ubisoft

2008-07-23 04:05:26 0 d-------- C:\Users\All Users\TrackMania

2008-07-23 03:52:42 0 d-------- C:\Program Files (x86)\TmNationsForever

2008-07-23 00:29:39 0 d-------- C:\Program Files (x86)\DOOM 3

2008-07-23 00:17:56 0 d-------- C:\Program Files (x86)\Common Files\LogiShrd

2008-07-23 00:15:36 0 d-------- C:\Users\All Users\LogiShrd

2008-07-21 18:11:35 0 d-------- C:\Program Files (x86)\Microsoft Games

2008-07-19 03:05:57 0 d-------- C:\Windows\SQLTools9_KB948109_ENU

2008-07-19 03:03:09 0 d-------- C:\Windows\SQL9_KB948109_ENU

2008-07-18 15:12:01 0 d-------- C:\Program Files (x86)\Microsoft Expression

2008-07-17 23:13:30 0 d-------- C:\Program Files (x86)\Ventrilo

2008-07-17 23:12:45 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2008-07-17 20:08:22 0 d-------- C:\Program Files (x86)\EA GAMES

2008-07-17 17:57:21 0 d-------- C:\Users\All Users\PreEmptive Solutions

2008-07-17 17:53:09 0 d-------- C:\Windows\symbols

2008-07-17 17:52:48 0 d-------- C:\Windows\system32\1033

2008-07-17 17:51:29 0 d-------- C:\Program Files (x86)\HTML Help Workshop

2008-07-17 17:51:29 0 d-------- C:\Program Files (x86)\Common Files\Merge Modules

2008-07-17 17:51:29 0 d-------- C:\Program Files (x86)\CE Remote Tools

2008-07-17 17:22:23 0 d-------- C:\Windows\system32\js

2008-07-17 17:22:23 0 d-------- C:\Windows\system32\images

2008-07-17 17:22:23 0 d-------- C:\Windows\system32\html

2008-07-17 17:22:23 0 d-------- C:\Windows\system32\css

2008-07-17 17:22:23 0 d-------- C:\Program Files (x86)\Business Objects

2008-07-17 17:17:51 0 d-------- C:\Program Files (x86)\Microsoft SQL Server

2008-07-17 17:17:28 0 d-------- C:\Program Files (x86)\Microsoft Device Emulator

2008-07-17 17:16:17 0 d-------- C:\Program Files (x86)\Windows Mobile 5.0 SDK R2

2008-07-17 17:15:23 0 d-------- C:\Program Files (x86)\Microsoft Synchronization Services

2008-07-17 17:15:22 0 d-------- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2008-07-17 17:05:06 0 d-------- C:\My Downloads

2008-07-17 17:05:04 0 d-------- C:\Program Files (x86)\BearShare

2008-07-17 16:59:39 0 d-------- C:\Program Files (x86)\Microsoft SDKs

2008-07-17 16:59:38 0 d-------- C:\Program Files (x86)\Microsoft.NET

2008-07-17 16:59:38 0 d-------- C:\Program Files (x86)\Microsoft Visual Studio 9.0

2008-07-17 16:56:48 0 d-------- C:\Program Files (x86)\Microsoft Web Designer Tools

2008-07-17 16:56:29 0 dr-h----- C:\MSOCache

2008-07-17 16:55:12 0 d-------- C:\Users\All Users\Microsoft Help

2008-07-17 16:47:05 0 d-------- C:\Program Files (x86)\DAEMON Tools Lite

2008-07-17 14:14:41 0 d-------- C:\Users\All Users\ATI

2008-07-17 13:50:02 0 d-------- C:\PerfLogs

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-08-17 20:48:14 0 d-------- C:\Users\Piddy\AppData\Roaming\Malwarebytes

2008-08-17 20:28:30 0 d-------- C:\Users\Piddy\AppData\Roaming\ImgBurn

2008-08-16 02:24:45 0 d-------- C:\Program Files (x86)\Windows Mail

2008-08-15 21:26:35 0 d-------- C:\Users\Piddy\AppData\Roaming\mIRC

2008-08-13 14:04:05 0 d-------- C:\Program Files (x86)\Steam

2008-08-13 01:15:49 0 d-------- C:\Users\Piddy\AppData\Roaming\SUPERAntiSpyware.com

2008-08-12 13:56:38 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information

2008-08-12 13:31:26 0 d-------- C:\Program Files (x86)\Common Files

2008-08-11 22:23:04 0 d-------- C:\Users\Piddy\AppData\Roaming\vlc

2008-08-11 03:30:32 0 d-------- C:\Users\Piddy\AppData\Roaming\Free Download Manager

2008-08-07 15:00:04 0 d-------- C:\Users\Piddy\AppData\Roaming\Google

2008-08-05 23:49:32 0 d-------- C:\Users\Piddy\AppData\Roaming\thriXXX

2008-08-03 23:32:54 0 d-------- C:\Users\Piddy\AppData\Roaming\JAM Software

2008-08-03 04:22:11 0 d-------- C:\Users\Piddy\AppData\Roaming\PeerNetworking

2008-08-03 04:21:32 31049 --a------ C:\Users\Piddy\AppData\Roaming\UserTile.png

2008-08-01 02:57:00 0 d-------- C:\Program Files (x86)\Common Files\Steam

2008-07-31 17:36:01 0 d-------- C:\Users\Piddy\AppData\Roaming\InstallShield Installation Information

2008-07-29 17:35:26 0 d-------- C:\Users\Piddy\AppData\Roaming\Adobe

2008-07-29 17:27:45 0 d-------- C:\Program Files (x86)\Common Files\InstallShield

2008-07-27 21:49:46 0 d-------- C:\Users\Piddy\AppData\Roaming\Logitech

2008-07-24 14:46:46 0 d-------- C:\Users\Piddy\AppData\Roaming\Feedreader

2008-07-23 04:30:52 0 d-------- C:\Users\Piddy\AppData\Roaming\WinRAR

2008-07-23 00:17:58 0 d-------- C:\Users\Piddy\AppData\Roaming\Leadertech

2008-07-17 23:15:17 0 d-------- C:\Users\Piddy\AppData\Roaming\Ventrilo

2008-07-17 17:53:45 0 d-------- C:\Program Files (x86)\MSBuild

2008-07-17 16:39:12 0 d-------- C:\Program Files (x86)\Microsoft Silverlight

2008-07-17 15:49:30 0 d-------- C:\Users\Piddy\AppData\Roaming\DAEMON Tools

2008-07-17 14:14:41 0 d-------- C:\Users\Piddy\AppData\Roaming\ATI

2008-07-17 14:05:29 174 --ahs---- C:\Program Files (x86)\desktop.ini

2008-07-17 13:53:21 0 d-------- C:\Program Files (x86)\Windows Sidebar

2008-07-17 13:53:20 0 d-------- C:\Program Files (x86)\Windows Calendar

2008-07-17 13:53:19 0 d-------- C:\Program Files (x86)\Windows Photo Gallery

2008-07-17 13:53:19 0 d-------- C:\Program Files (x86)\Windows Collaboration

2008-07-17 13:53:14 0 d-------- C:\Program Files (x86)\Windows Defender

2008-07-16 18:18:20 0 d-------- C:\Program Files (x86)\ATI Technologies

2008-07-16 16:08:27 0 d-------- C:\Program Files (x86)\Creative

2008-07-16 00:18:34 0 d-------- C:\Users\Piddy\AppData\Roaming\TeamViewer

2008-07-15 20:10:33 0 d-------- C:\Program Files (x86)\mIRC

2008-07-15 17:14:54 0 d-------- C:\Program Files (x86)\Free Download Manager

2008-07-15 16:44:01 0 --a------ C:\Windows\ativpsrm.bin

2008-07-15 16:26:49 0 d-------- C:\Program Files (x86)\TeamViewer3

2008-07-15 16:14:52 0 d--hs--c- C:\Program Files (x86)\Common Files\WindowsLiveInstaller

2008-07-15 15:46:21 0 d-------- C:\Users\Piddy\AppData\Roaming\Macromedia

2008-07-15 15:43:24 0 d-------- C:\Users\Piddy\AppData\Roaming\teamspeak2

2008-07-15 15:43:18 0 d-------- C:\Program Files (x86)\Teamspeak2_RC2

2008-07-15 15:34:49 0 d-------- C:\Users\Piddy\AppData\Roaming\Identities

2008-07-08 08:34:02 250560 --ahs---- C:\ntldr

 

 

-- Registry Dump ---------------------------------------------------------------

 

 

 

-- End of Deckard's System Scanner: finished at 2008-08-17 21:07:33 ------------

 

 

Her er extra.txt:

Klikk for å se/fjerne innholdet nedenfor

Event Submitted/Written: 08/17/2008 09:50:26 AM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

 

Event Record #/Type14909 / Success

Event Submitted/Written: 08/17/2008 09:47:09 AM

Event ID/Source: 5617 / WinMgmt

Event Description:

 

 

Event Record #/Type14907 / Success

Event Submitted/Written: 08/17/2008 09:47:06 AM

Event ID/Source: 5615 / WinMgmt

Event Description:

 

 

Event Record #/Type14874 / Success

Event Submitted/Written: 08/17/2008 09:46:53 AM

Event ID/Source: 902 / Software Licensing Service

Event Description:

The Software Licensing service has started.

 

Event Record #/Type14864 / Warning

Event Submitted/Written: 08/17/2008 01:38:46 AM

Event ID/Source: 1530 / profsvc

Event Description:

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

 

DETAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-611929590-3355502564-1922588030-1000_Classes:

Process 1000 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611929590-3355502564-1922588030-1000_CLASSES

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type26968 / Warning

Event Submitted/Written: 08/17/2008 09:04:22 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%%8271.1.1600.0{5899C49C-9CC2-4018-B05C-59B7A2D30344}Piddy-PCPiddyS-1-5-21-611929590-3355502564-1922588030-1000Unknown%%832service:xpdt0%%807

 

Event Record #/Type26967 / Warning

Event Submitted/Written: 08/17/2008 09:04:22 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%%8271.1.1600.0{77AA151D-7335-4B4F-8D2A-7BA1204897C2}Piddy-PCPiddyS-1-5-21-611929590-3355502564-1922588030-1000Unknown%%832driver:xpdt0%%807

 

Event Record #/Type26962 / Warning

Event Submitted/Written: 08/17/2008 08:56:02 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%%8271.1.1600.0{90AAC9BB-2C66-489E-9071-1026CF5D1ED3}Piddy-PCPiddyS-1-5-21-611929590-3355502564-1922588030-1000Unknown%%832shellopencmd:HKLM\Software\Classes\scrfile\shell\open\command\%%807

 

Event Record #/Type26961 / Warning

Event Submitted/Written: 08/17/2008 08:56:02 PM

Event ID/Source: 3004 / WinDefend

Event Description:

%%8271.1.1600.0{AFB756BC-22A6-4217-8327-7A9E8274822D}Piddy-PCPiddyS-1-5-21-611929590-3355502564-1922588030-1000Unknown%%832shellopencmd:HKLM\Software\Classes\Wow6432Node\scrfile\shell\open\command\%%807

 

Event Record #/Type26839 / Error

Event Submitted/Written: 08/17/2008 09:46:50 AM

Event ID/Source: 15016 / HTTP

Event Description:

\Device\Http\ReqQueueKerberos

 

 

 

-- End of Deckard's System Scanner: finished at 2008-08-17 21:07:33 ------------

 

 

Og her er ny Hijackthis logg

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:17:26 PM, on 8/17/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\FeedReader30\feedreader.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Windows\V0230Mon.exe

C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\apvxdwin.exe

C:\Users\Piddy\AppData\Local\Temp\lsass.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Program Files (x86)\Internet Explorer\ieuser.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\conime.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil9f.exe

C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe

C:\Users\Piddy\AppData\Local\Microsoft\Live Mesh\GacBase\Moe.exe

C:\Users\Piddy\Desktop\Hijackthis\jaujau.exe

C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\avciman.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files (x86)\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sYSTEM.rt32] C:\Users\Piddy\AppData\Local\Temp\lsass.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent

O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files (x86)\FeedReader30\feedreader.exe"

O4 - HKCU\..\Run: [MoeMonitor.exe] "C:\Users\Piddy\AppData\Local\Microsoft\Live Mesh\Bin\Servicing.9.3103.9\MoeMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: SetPointII.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Nedlasting alle med Free Nedlasting Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

O8 - Extra context menu item: Nedlasting med Free Nedlasting Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

O8 - Extra context menu item: Nedlasting valgte med Free Nedlasting Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~3\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~3\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files (x86)\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files (x86)\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\pavsrvx86.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files (x86)\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\PskSvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer3\TeamViewer_Host.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files (x86)\Panda Security\Panda Internet Security 2008\TPSrvWow.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12227 bytes

[/skul]

 

Håper du finner noe.

 

Takker på forhånd

- Piddy

[GML]

Last ned og kjør tidligere nevnte Norton Removal Tool

Hvis mulig, avinstaller AVG fra legg til / fjern programmer

 

Kjør combofix på nytt og post loggen.

 

Jeg får ikke frem siden når jeg trykker Download på Norton Removal Tool, bare beskjed om at siden ikke kan vises i Internett Explorer...

 

AVG finner jeg ikke lenger spor av i legg til/fjern programmer...

 

Huff, så vanskelig det skal være, da

[GML]

Jeg fant nå et par"rester"etter AVG da jeg brukte søkefunksjonen så nå er de slettet. Søkte på Norton, også men der fikk jeg ingen resultat... Rettere sagt, søket gav ingen treff.

[norbat]

Piddy:

hmm, MBAM burde fjernet denne C:\Users\Piddy\AppData\Local\Temp\lsass.exe. Åpne MBAM og velg arkfanen Loggfiler. Åpne siste logg og kopier innholdet i din neste post.

 

 

GML:

Jeg fant nå et par"rester"etter AVG da jeg brukte søkefunksjonen så nå er de slettet. Søkte på Norton, også men der fikk jeg ingen resultat... Rettere sagt, søket gav ingen treff.

 

Direktelink: Norton Removal Tool. Legg fila på skrivebordet.

Endret 17. august 2008 av norbat

[GML]

Piddy:

hmm, MBAM burde fjernet denne C:\Users\Piddy\AppData\Local\Temp\lsass.exe. Åpne MBAM og velg arkfanen Loggfiler. Åpne siste logg og kopier innholdet i din neste post.

 

 

GML:

Jeg fant nå et par"rester"etter AVG da jeg brukte søkefunksjonen så nå er de slettet. Søkte på Norton, også men der fikk jeg ingen resultat... Rettere sagt, søket gav ingen treff.

 

Direktelink: Norton Removal Tool. Legg fila på skrivebordet.

 

Funker fremdeles ikke, får bare opp at siden ikke kan vises når jeg bruker direktelinken, også

[r2d290]

prøv ftp://ftp.symantec.com/public/english_us_.../removal_tools/ og velg den øverste fila på den siden

[GML]

prøv ftp://ftp.symantec.com/public/english_us_.../removal_tools/ og velg den øverste fila på den siden

 

Jeg får bare tom side der også, jeg...

[Piddy]

MBAM loggfil:)

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.24

Database versjon: 1061

Windows 6.0.6001 Service Pack 1

 

8:55:59 PM 8/17/2008

mbam-log-8-17-2008 (20-55-59).txt

 

Skanntype: Rask Skann

Objekter skannet: 34500

Tid tilbakelagt: 5 minute(s), 1 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 2

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\battle.net (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\diablo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Windows\bnetunin.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\diabunin.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[marrismarflow]

beklager men postet denne feil..

hvordan ser den ut ?

 

ComboFix 08-08-17.03 - Øyvind Johansen 2008-08-18 13:03:26.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.442 [GMT 2:00]

Running from: C:\Documents and Settings\Øyvind Johansen\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Øyvind Johansen\UserData

C:\Documents and Settings\Øyvind Johansen\UserData\C1YBOXAF\Tdy58[1].xml

C:\Documents and Settings\Øyvind Johansen\UserData\index.dat

C:\Documents and Settings\Øyvind Johansen\UserData\S16V0P6V\oWindowsUpdate[1].xml

 

.

((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))

.

 

2008-08-18 12:44 . 2008-08-18 12:44 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-08-18 12:44 . 2008-08-18 12:44 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-18 12:44 . 2008-08-18 12:44 <DIR> d-------- C:\Documents and Settings\Øyvind Johansen\Programdata\SUPERAntiSpyware.com

2008-08-18 12:44 . 2008-08-18 12:44 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-08-18 12:42 . 2008-08-18 12:42 <DIR> dr-h----- C:\Documents and Settings\Øyvind Johansen\Siste

2008-08-18 12:42 . 2008-08-18 12:42 <DIR> dr-h----- C:\Documents and Settings\Øyvind Johansen\Siste

2008-08-18 12:41 . 2008-08-18 12:41 <DIR> d-------- C:\Programfiler\Yahoo!

2008-08-18 12:41 . 2008-08-18 12:41 <DIR> d-------- C:\Programfiler\CCleaner

2008-08-18 07:50 . 2008-08-18 07:50 <DIR> d-------- C:\Programfiler\mIRC

2008-08-18 07:50 . 2008-08-18 07:58 <DIR> d-------- C:\Documents and Settings\Øyvind Johansen\Programdata\mIRC

2008-08-15 07:58 . 2008-08-15 07:58 381 --a------ C:\Shortcut to Film - Dvd.lnk

2008-08-15 07:53 . 2008-08-15 07:53 <DIR> d-------- C:\Programfiler\FileZilla FTP Client

2008-08-15 07:53 . 2008-08-18 12:25 <DIR> d-------- C:\Documents and Settings\Øyvind Johansen\Programdata\FileZilla

2008-08-15 07:35 . 2008-08-15 07:35 <DIR> d-------- C:\TPSINST

2008-08-15 07:35 . 2008-08-15 07:35 <DIR> d-------- C:\MITOITUS

2008-08-15 07:35 . 2008-08-15 07:42 173 --a------ C:\WINDOWS\PeikPlat.INI

2008-07-27 19:06 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2008-07-27 19:06 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

2008-07-27 19:06 . 2008-07-27 19:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-07-27 19:06 . 2008-07-27 19:06 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-07-27 19:00 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-07-27 19:00 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-07-27 19:00 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys

2008-07-27 19:00 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys

2008-07-27 19:00 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2008-07-27 19:00 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2008-07-27 18:59 . 2008-07-27 18:59 <DIR> d-------- C:\Programfiler\MSXML 6.0

2008-07-27 18:59 . 2008-02-01 16:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys

2008-07-27 18:59 . 2008-02-01 16:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-18 04:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7

2008-08-14 01:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-08-08 19:25 --------- d-----w C:\Documents and Settings\Øyvind Johansen\Programdata\uTorrent

2008-08-07 06:02 --------- d-----w C:\Programfiler\Zattoo

2008-07-27 17:00 --------- d-----w C:\Programfiler\Nokia

2008-07-27 17:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations

2008-07-27 16:59 --------- d-----w C:\Programfiler\Fellesfiler\Nokia

2008-07-27 16:47 --------- d-----w C:\Programfiler\Avanquest update

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:41 658,944 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PCSync2.exe" [2007-11-07 18:35 1294336]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-08-02 16:55 348160]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

"PC Suite Tray"="C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 15:05 7557120]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 15:05 86016]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 05:10 580096]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

"SansaDispatch"="C:\Programfiler\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 20:00 55368]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"nwiz"="nwiz.exe" [2006-02-13 15:05 1519616 C:\WINDOWS\system32\nwiz.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 05:10 219136]

"Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^AutoCAD Startup Accelerator.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\AutoCAD Startup Accelerator.lnk

backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\uTorrent\\utorrent.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Zattoo\\zattood.exe"=

"C:\\Programfiler\\Zattoo\\Zattoo2.exe"=

"C:\\Programfiler\\Zattoo\\Zattoo.exe"=

"C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 16:17]

S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 16:17]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 13:55]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 13:55]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 13:55]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 13:56]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 13:56]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 13:56]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 13:56]

S3 UXDCMN;UXDCMN;D:\Software\ws\UXDCMN.SYS [2007-02-20 07:52]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2008-08-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Øyvind Johansen\Programdata\Mozilla\Firefox\Profiles\5ldz2obs.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-18 13:04:58

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-08-18 13:05:41

ComboFix-quarantined-files.txt 2008-08-18 11:05:37

 

Pre-Run: 25,454,583,808 byte ledig

Post-Run: 25,451,126,784 byte ledig

 

155 --- E O F --- 2008-08-14 01:02:55

[2bb1]

Hei, har noen logger fra en kompis. Noen som kan sjekke dem?

 

SAS-logg:

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 08/20/2008 at 01:09 PM

 

Application Version : 4.15.1000

 

Core Rules Database Version : 3541

Trace Rules Database Version: 1530

 

Scan type : Quick Scan

Total Scan Time : 00:21:44

 

Memory items scanned : 426

Memory threats detected : 0

Registry items scanned : 439

Registry threats detected : 17

File items scanned : 7570

File threats detected : 6

 

Trojan.Unclassified/C00-Installer

[A00F31614.exe] C:\DOCUME~1\MAGNUS~1.NOR\LOKALE~1\TEMP\_A00F31614.EXE

C:\DOCUME~1\MAGNUS~1.NOR\LOKALE~1\TEMP\_A00F31614.EXE

C:\DOCUMENTS AND SETTINGS\MAGNUS S. NORE\LOKALE INNSTILLINGER\TEMP\_A00F31614.EXE

 

Adware.ToolBar888

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C004DEC2-2623-438e-9CA2-C9043AB28508}

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32#ThreadingModel

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}\ProgID

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}\Programmable

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}\TypeLib

HKCR\CLSID\{C004DEC2-2623-438E-9CA2-C9043AB28508}\VersionIndependentProgID

C:\PROGRA~1\FELLES~1\{3CF1B~1\888BAR.DLL

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C004DEC2-2623-438e-9CA2-C9043AB28508}

HKCR\LuckyToolBar.LuckyToolBarObj.1

HKCR\LuckyToolBar.LuckyToolBarObj.1\CLSID

HKCR\LuckyToolBar.LuckyToolBarObj

HKCR\LuckyToolBar.LuckyToolBarObj\CLSID

HKCR\LuckyToolBar.LuckyToolBarObj\CurVer

HKCR\TypeLib\{ED0FB633-C311-4bcd-824A-4D345386BE64}

 

Trojan.ErrorSafe

C:\DOCUMENTS AND SETTINGS\MAGNUS S. NORE\PROGRAMDATA\ERRORSAFEFREEINSTALL_NO[1].EXE:ZONE.IDENTIFIER

C:\DOCUMENTS AND SETTINGS\MAGNUS S. NORE\PROGRAMDATA\ERRORSAFEFREEINSTALL_NO[1].EXE

 

Trojan.Unclassified/C00-WL

C:\WINDOWS\SYSTEM32\__C005A1F1.DAT

 

Combofix-logg:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-08-18.05 - Magnus S. Nore 2008-08-20 13:26:10.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.149 [GMT 2:00]

Running from: C:\Documents and Settings\Magnus S. Nore\Skrivebord\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Magnus S. Nore\UserData

C:\Documents and Settings\Magnus S. Nore\UserData\index.dat

C:\Documents and Settings\Magnus S. Nore\UserData\SN0PQ5MB\Tdy58[1].xml

C:\Programfiler\Fellesfiler\{0CF1B~1

C:\Programfiler\Fellesfiler\{3CF1B~1

C:\Programfiler\Fellesfiler\{3CF1B~1\toolbardll.lzma

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\system32\__c0077B26.dat

C:\WINDOWS\system32\~.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))

.

 

2008-08-20 12:58 . 2008-08-20 13:23 <DIR> dr-h----- C:\Documents and Settings\Magnus S. Nore\Siste

2008-08-20 12:45 . 2008-08-20 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-08-20 12:44 . 2008-08-20 12:44 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-08-20 12:44 . 2008-08-20 12:44 <DIR> d-------- C:\Documents and Settings\Magnus S. Nore\Programdata\SUPERAntiSpyware.com

2008-08-20 12:43 . 2008-08-20 12:43 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-20 12:37 . 2008-08-20 12:38 <DIR> d-------- C:\Programfiler\CCleaner

2008-08-10 15:37 . 2008-08-10 15:37 <DIR> d-------- C:\Programfiler\Sun

2008-08-10 15:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-10 15:35 . 2008-08-10 15:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-08-07 20:02 . 2008-08-07 20:02 0 --a------ C:\WINDOWS\nsreg.dat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-10 13:37 --------- d-----w C:\Programfiler\Java

2008-08-10 13:33 --------- d-----w C:\Programfiler\LimeWire

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"pdfSaver3"="C:\Programfiler\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 18:20 380928]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 04:10 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 15:51 110592]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 15:44 610304]

"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2002-12-02 10:22 32768]

"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2003-01-09 10:41 57418]

"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2002-10-23 17:18 163840]

"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2003-01-09 09:57 53248]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-06 23:19 155648]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-06 23:07 114688]

"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.EXE" [2007-08-09 14:40 183352]

"Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-20 16:06 1838592]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 10:59 88107 C:\WINDOWS\AGRSMMSG.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

 

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2002-10-29 14:25]

R1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [2002-10-23 11:25]

R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56]

R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]

R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2002-11-07 19:48]

R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2002-11-28 17:04]

S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]

S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25]

S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25]

S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25]

S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]

S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 18:23]

S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 18:23]

S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23]

S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18:23]

S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 18:23]

S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 18:24]

.

Contents of the 'Scheduled Tasks' folder

 

2008-05-02 C:\WINDOWS\Tasks\Norton Security Scan.job

- C:\Programfiler\Norton Security Scan\Nss.exe [2007-04-19 23:42]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-MMReminderService - C:\Programfiler\Mindjet\MindManager 6\MMReminderService.exe

HKCU-Explorer_Run-{0CF1BE2F-0258-1044-0902-040204002f} - C:\Programfiler\Fellesfiler\{0CF1BE2F-0258-1044-0902-040204002f}\Update.exe

Notify-__c005A1F1 - C:\WINDOWS\system32\__c005A1F1.dat

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Magnus S. Nore\Programdata\Mozilla\Firefox\Profiles\mq0cptw9.default\

FF -: plugin - C:\Programfiler\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Programfiler\Java\jre1.5.0_10\bin\NPJava11.dll

FF -: plugin - C:\Programfiler\Java\jre1.5.0_10\bin\NPJava12.dll

FF -: plugin - C:\Programfiler\Java\jre1.5.0_10\bin\NPJava13.dll

FF -: plugin - C:\Programfiler\Java\jre1.5.0_10\bin\NPJava14.dll

FF -: plugin - C:\Programfiler\Java\jre1.5.0_10\bin\NPJava32.dll

FF -: plugin - C:\Programfiler\Java\jre1.5.0_10\bin\NPJPI150_10.dll

FF -: plugin - C:\Programfiler\Java\jre1.5.0_10\bin\NPOJI610.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-20 13:33:31

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Norman\npm\bin\elogsvc.exe

C:\Norman\npm\bin\Zanda.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\wdfmgr.exe

C:\Norman\npm\bin\Njeeves.exe

C:\PROGRA~1\SYNAPT~1\SynTP\SynTPLpr.exe

C:\PROGRA~1\SYNAPT~1\SynTP\SynTPEnh.exe

C:\PROGRA~2\LAUNCH~1\LaunchAp.exe

C:\PROGRA~2\LAUNCH~1\HOTKEY~1.EXE

C:\PROGRA~2\LAUNCH~1\ctrlvol.exe

C:\PROGRA~2\LAUNCH~1\WButton.exe

C:\Norman\NVC\Bin\Nip.exe

C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~2.EXE

C:\Norman\NVC\Bin\CClaw.exe

C:\PROGRA~1\TRACKE~1\PDF-XC~1\pdfSaver\PDFSAV~1.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~2.EXE

C:\Norman\npm\bin\niu.exe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2008-08-20 13:38:33 - machine was rebooted

ComboFix-quarantined-files.txt 2008-08-20 11:38:18

 

Pre-Run: 40,170,180,608 byte ledig

Post-Run: 40,161,046,528 byte ledig

 

154 --- E O F --- 2008-08-18 14:18:26

 

HiJackThis-logg:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:43:12, on 20.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\wdfmgr.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\System32\alg.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\CtrlVol.exe

C:\Program Files\Launch Manager\Wbutton.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\Norman\Nvc\BIN\NIP.EXE

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\Programfiler\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe

C:\Norman\npm\bin\niu.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe

O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [pdfSaver3] "C:\Programfiler\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

 

--

End of file - 8468 bytes

 

[norbat]

2bb1: Hvis du oppretter en ny tråd (klikk Nytt Emne-knappen) der du legger loggene dine, så vil noe se på dem

[Piddy]

2bb1: Hvis du oppretter en ny tråd (klikk Nytt Emne-knappen) der du legger loggene dine, så vil noe se på dem

Hallo Norbat:) Fant du noe snålt i MBAM loggen min, eller har du ikke fått tid til å se på den enda?

 

Mvh Piddy

[norbat]

Piddy:

Kan du kjøre Decard på nytt og poste Main.txt-fila

[Gjest medlem-75284]

finnes det combofix for vista?

[norbat]

Combofix kjører fint på Vista, så lenge du ikke har en 64 bits versjon av OS'et.

[Krutt-kim]

hei. jeg har også fått troyaneren _c005DA40.dat og virusprogrammet klarte ikke å fjerne den.. det gikk heller ikke ann å gjøre det manuelt...

 

jeg fulgte retningslinjene i tråden "Fjerne Trojaner Tibs.gen222" og problemet ser ut til å ha løst seg.. men på oppfordring fra Norbat poster jeg loggene her.

 

Noe som gjorde meg litt nervøs er at det i combofixloggen stod: WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

 

 

Malware:

 

Klikk for å se/fjerne innholdet nedenfor

<Malwarebytes' Anti-Malware 1.25

Database versjon: 1077

Windows 5.1.2600 Service Pack 3

 

22:44:59 22.08.2008

mbam-log-08-22-2008 (22-44-59).txt

 

Skanntype: Rask Skann

Objekter skannet: 40266

Tid tilbakelagt: 3 minute(s), 4 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 1

Registernøkler infisert: 6

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 5

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

C:\WINDOWS\system32\__c0029359.dat (Trojan.Agent) -> Delete on reboot.

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0029359 (Trojan.Vundo) -> Delete on reboot.

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f36ff1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Programfiler\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

C:\Documents and Settings\Hanna Emilie Wiik\Lokale innstillinger\Temp\_A00F36FF1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c0029359.dat (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\__c0027DC4.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

>

 

Combofix:

 

Klikk for å se/fjerne innholdet nedenfor

<ComboFix 08-08-21.02 - Hanna Emilie Wiik 2008-08-22 23:03:21.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.515 [GMT 2:00]

Running from: C:\Documents and Settings\Hanna Emilie Wiik\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Hanna Emilie Wiik\Cookies\hanna emilie [email protected][1].txt

C:\Documents and Settings\Hanna Emilie Wiik\Cookies\hanna_emilie_wiik@myspace[1].txt

C:\Documents and Settings\Hanna Emilie Wiik\Programdata\macromedia\Flash Player\#SharedObjects\SGBARJ96\static.youku.com

C:\Documents and Settings\Hanna Emilie Wiik\Programdata\macromedia\Flash Player\#SharedObjects\SGBARJ96\static.youku.com\v1.0.0255\v\swf\qplayer.swf\qplayer.sol

C:\Documents and Settings\Hanna Emilie Wiik\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com

C:\Documents and Settings\Hanna Emilie Wiik\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol

 

.

((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))

.

 

2008-08-22 22:39 . 2008-08-22 22:39 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-08-22 22:39 . 2008-08-22 22:39 <DIR> d-------- C:\Documents and Settings\Hanna Emilie Wiik\Programdata\Malwarebytes

2008-08-22 22:39 . 2008-08-22 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-08-22 22:39 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-22 22:39 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-22 21:31 . 2008-08-22 21:31 23,716 --a------ C:\WINDOWS\system32\__c0029359.rar

2008-08-22 20:50 . 2008-08-22 20:50 <DIR> d-------- C:\WINDOWS\system32\no

2008-08-22 20:50 . 2008-08-22 20:50 <DIR> d-------- C:\WINDOWS\system32\bits

2008-08-22 20:50 . 2008-08-22 20:50 <DIR> d-------- C:\WINDOWS\l2schemas

2008-08-22 20:49 . 2008-08-22 20:49 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-08-22 20:45 . 2008-08-22 20:45 <DIR> d-------- C:\WINDOWS\EHome

2008-08-22 14:58 . 2008-08-22 14:58 <DIR> d-------- C:\Programfiler\Lavasoft

2008-08-22 14:58 . 2008-08-22 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-08-22 14:57 . 2008-08-22 14:57 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-19 13:33 . 2004-08-04 00:54 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-08-19 13:03 . 2008-04-11 21:06 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-07-30 21:06 . 2008-07-30 21:06 <DIR> d-------- C:\Documents and Settings\Hanna Emilie Wiik\Programdata\DivX

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-22 20:57 --------- d-----w C:\Documents and Settings\Hanna Emilie Wiik\Programdata\DNA

2008-08-22 12:46 --------- d-----w C:\Documents and Settings\Hanna Emilie Wiik\Programdata\BitTorrent

2008-08-08 22:49 --------- d-----w C:\Documents and Settings\Hanna Emilie Wiik\Programdata\dvdcss

2008-07-30 21:21 --------- d-----w C:\Programfiler\DivX

2008-07-18 18:38 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys

2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys

2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:29 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll

2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:46 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-24 08:57 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-23 09:23 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-06-23 09:22 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:49 246,784 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:49 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-06-14 17:36 272,256 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2006-08-12 18:21 0 -c--a-w C:\Documents and Settings\Hanna Emilie Wiik\Programdata\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"BitTorrent DNA"="C:\PROGRAMFILER\DNA\BTDNA.EXE" [2008-05-09 21:12 289088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]

"pccguide.exe"="C:\Programfiler\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-16 21:23 897089]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]

"CanonSolutionMenu"="C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 18:01 644696]

"CanonMyPrinter"="C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 15:34 16143872 C:\WINDOWS\RTHDCPL.EXE]

"SMSERIAL"="sm56hlpr.exe" [2006-01-20 13:34 544768 C:\WINDOWS\sm56hlpr.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

"MySpaceIM"="C:\Programfiler\MySpace\IM\MySpaceIM.exe" [2008-02-01 22:32 8699904]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Gamma Loader.exe.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-25 20:00:45 113664]

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2006-05-22 16:39:43 29696]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\Msmsgs.exe"=

"C:\\Programfiler\\AIM\\aim.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Programfiler\\BitTorrent_DNA\\dna.exe"=

"C:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\DNA\\btdna.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\MySpace\\IM\\MySpaceIM.exe"=

 

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 16:00]

R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 17:01]

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b4eedb6-3ddc-11dc-a5d8-001302913db8}]

\Shell\AutoRun\command - E:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c0c561c-2a41-11db-a475-001302913db8}]

\Shell\AutoRun\command - I:\PTstart.exe Madvillain.mpg

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77b8162f-9f3c-11db-a509-001302913db8}]

\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d82ed7ba-e987-11da-b655-001302161164}]

\Shell\AutoRun\command - E:\setupSNK.exe

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2008-08-21 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job

- C:\Programfiler\AntiSpywareApp\AntiSpyware.exe []

 

2008-08-21 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job

- C:\Programfiler\AntiSpywareApp []

 

2008-05-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Hanna Emilie Wiik\Programdata\Mozilla\Firefox\Profiles\c6zeowi1.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.knowmore.org/

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-22 23:05:31

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMSwissArmy]

"ImagePath"="\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys"

.

Completion time: 2008-08-22 23:06:27

ComboFix-quarantined-files.txt 2008-08-22 21:06:23

 

Pre-Run: 24,045,506,560 byte ledig

Post-Run: 24,109,461,504 byte ledig

 

156 --- E O F --- 2008-08-22 18:53:46

>

 

takk for bra hjelp!

[2bb1]

2bb1: Hvis du oppretter en ny tråd (klikk Nytt Emne-knappen) der du legger loggene dine, så vil noe se på dem

Ååå, beklager. Trodde (uten å egentlig sjekke) at folk la ut loggene sine i denne tråden

[norbat]

Krutt-Kim:

Opprett en egen tråd (klikk Nytt Emne-knappen) og legg loggende der, så rydder vi bort de siste sporene etter malwaren du hadde.

[Rudde]

Hey, jeg lastet ned en fil og etter at jeg kjørte den forsvant den bare og CD'rommen min begynte å gå ut og inn. AVG Free 8.0 reagerte ikke på det. Jeg logget av og på CD rommet sluttet å gå ut og inn men er fortsatt litt redd. tørr ikke å gjøre noe xD

 

Jeg misstenker at det er en keylogger.

 

Burde jeg formatere? :'(

[norbat]

Rudden93:

Nei, jeg synes ikke du burde reintallere. Kjør gjennom veiledningen i 1.post og post loggene det spørre om i din egen tråd: https://www.diskusjon.no/index.php?showtopic=998507