mona14 Skrevet 15. desember 2007 Del Skrevet 15. desember 2007 HJK logg ; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:07:40, on 15.12.2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16546) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SMINST\scheduler.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\F-Secure\common\FSM32.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\BearShare Applications\BearShare\BearShare.exe C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 11512 bytes Lenke til kommentar
norbat Skrevet 15. desember 2007 Del Skrevet 15. desember 2007 Har du mistanke om noe eller var det bare en sjekk? Du bruker Bearshare, noe som vil føre til at du en gang vil få rammel inn på PC-en.... Lenke til kommentar
mona14 Skrevet 15. desember 2007 Forfatter Del Skrevet 15. desember 2007 Har du mistanke om noe eller var det bare en sjekk? Du bruker Bearshare, noe som vil føre til at du en gang vil få rammel inn på PC-en.... Fikk opp noen pop-ups, og pcn begynte plutselig å henge seg opp. Ser ut som om at det er blitt bedre nå. Trykket feil på noe som kom opp, så var vel ant det som var årsaken. Har fått Vista, og er ikke helt inn i det enda ; ) Lenke til kommentar
norbat Skrevet 15. desember 2007 Del Skrevet 15. desember 2007 Du får bare titte innom igjen om disse popuppene fortsetter Lenke til kommentar
mona14 Skrevet 15. desember 2007 Forfatter Del Skrevet 15. desember 2007 Du får bare titte innom igjen om disse popuppene fortsetter Jepp. Takk for all hjelp Norbat : ) Lenke til kommentar
mona14 Skrevet 16. desember 2007 Forfatter Del Skrevet 16. desember 2007 Norbat : Fikk nettopp en pop-up fra denne siden ; celldorado.com Lenke til kommentar
norbat Skrevet 16. desember 2007 Del Skrevet 16. desember 2007 Tja, du kan rense dine temp-mapper: Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kommer disse popuppene tilfelding eller er det når du er inne på noen spesielle sider? Lenke til kommentar
mona14 Skrevet 16. desember 2007 Forfatter Del Skrevet 16. desember 2007 Tja, du kan rense dine temp-mapper:Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kommer disse popuppene tilfelding eller er det når du er inne på noen spesielle sider? Det kommer hver gang jeg trykker på internett ikonet, og skal inn på nett. Hm Lenke til kommentar
norbat Skrevet 16. desember 2007 Del Skrevet 16. desember 2007 Snakker vi om popup som kommer opp i et eget vindu eller er det 'Startsiden' din som er satt til dette nettstedet? Lenke til kommentar
Annderwin Skrevet 16. desember 2007 Del Skrevet 16. desember 2007 Endre startsiden din til noe annet da? Popup er et nytt "bilde" som popper fram uten varsel. Du kan da skaffe popup blocker. Startsiden er egenskaper på IE, FF osv. Lenke til kommentar
mona14 Skrevet 17. desember 2007 Forfatter Del Skrevet 17. desember 2007 Ja, den kommer opp i eget vindu.. Hm Lenke til kommentar
mona14 Skrevet 19. desember 2007 Forfatter Del Skrevet 19. desember 2007 Heeelp med, please : o Lenke til kommentar
norbat Skrevet 19. desember 2007 Del Skrevet 19. desember 2007 Hvis du ikke hark kjørt en scan med SAS, gjør du det: Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Hent deretter Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix. (vanligvis c:\combofix.txt) Lenke til kommentar
mona14 Skrevet 28. desember 2007 Forfatter Del Skrevet 28. desember 2007 (endret) ComboFix logg: ComboFix 07-12-21.4 - monapona 2007-12-28 14:29:10.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1044.18.231 [GMT 1:00] Running from: C:\Users\monapona\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\internetgamebox C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Privacy Policy.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Terms and conditions.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.lnk c:\Users\monapona\AppData\Local\yufythwx.dat c:\users\monapona\appdata\local\yufythwx.exe c:\Users\monapona\AppData\Local\yufythwx_nav.dat c:\Users\monapona\AppData\Local\yufythwx_navps.dat C:\Windows\system32\AutoRun.inf C:\Windows\system32\nvs2.inf . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))) . 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Users\monapona\AppData\Roaming\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-16 03:05 . 2007-12-16 03:05 1,327,104 --a------ C:\Windows\System32\quartz.dll 2007-12-16 03:05 . 2007-12-16 03:05 223,232 --a------ C:\Windows\System32\WMASF.DLL 2007-12-16 03:05 . 2007-12-16 03:05 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2007-12-16 03:05 . 2007-12-16 03:05 2,048 --a------ C:\Windows\System32\asferror.dll 2007-12-16 03:03 . 2007-12-16 03:03 1,830,912 --a------ C:\Windows\System32\inetcpl.cpl 2007-12-16 03:01 . 2007-12-16 03:01 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe 2007-12-16 03:01 . 2007-12-16 03:01 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe 2007-12-16 03:01 . 2007-12-16 03:01 2,048 --a------ C:\Windows\System32\tzres.dll 2007-12-15 20:06 . 2007-12-15 20:06 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-15 19:08 . 2007-12-15 19:08 244 --ah----- C:\sqmnoopt00.sqm 2007-12-15 19:08 . 2007-12-15 19:08 232 --ah----- C:\sqmdata00.sqm 2007-12-15 18:54 . 2007-12-15 18:54 286,208 --a------ C:\Windows\System32\yufythwx.exe 2007-12-07 09:47 . 2007-12-07 09:47 0 --a------ C:\Windows\nsreg.dat 2007-12-03 22:28 . 2007-12-03 22:28 <DIR> d-------- C:\Users\All Users\WEBREG 2007-12-03 22:28 . 2007-12-03 22:28 <DIR> d-------- C:\ProgramData\WEBREG 2007-12-03 22:20 . 2007-12-03 22:20 <DIR> d-------- C:\Users\monapona\AppData\Roaming\HPAppData 2007-12-03 22:20 . 2007-12-03 22:20 <DIR> d-------- C:\Users\All Users\HPSSUPPLY 2007-12-03 22:20 . 2007-12-03 22:20 <DIR> d-------- C:\ProgramData\HPSSUPPLY 2007-12-03 22:17 . 2007-12-03 22:17 <DIR> d-------- C:\Users\All Users\HP Product Assistant 2007-12-03 22:17 . 2007-12-03 22:17 <DIR> d-------- C:\ProgramData\HP Product Assistant 2007-12-03 22:16 . 2007-12-03 22:16 <DIR> d-------- C:\Program Files\Common Files\HP 2007-12-03 22:15 . 2007-12-03 22:15 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-12-03 22:13 . 2007-03-17 17:11 675,840 --a------ C:\Windows\System32\hpowiax3.dll 2007-12-03 22:13 . 2007-03-17 17:11 569,344 --a------ C:\Windows\System32\hpotscl3.dll 2007-12-03 22:13 . 2007-03-08 05:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll 2007-12-03 22:13 . 2007-03-08 05:20 309,760 --a------ C:\Windows\System32\difxapi.dll 2007-12-03 22:13 . 2007-03-17 17:11 303,104 --a------ C:\Windows\System32\hpovst10.dll 2007-12-03 22:08 . 2007-12-03 22:30 152,029 --a------ C:\Windows\hpoins14.dat 2007-12-03 22:08 . 2007-06-06 00:07 2,000 --------- C:\Windows\hpomdl14.dat 2007-12-03 22:07 . 2007-12-03 22:28 <DIR> d-------- C:\Users\All Users\HP 2007-12-03 22:07 . 2007-12-03 22:28 <DIR> d-------- C:\ProgramData\HP 2007-12-03 22:03 . 2007-03-30 16:07 267,864 --a------ C:\Windows\System32\hpzids01.dll 2007-12-03 22:03 . 2007-03-28 14:01 117,760 --a------ C:\Windows\System32\hpzll5ha.dll 2007-12-03 08:34 . 2007-12-03 08:34 143,845,527 --a------ C:\Windows\MEMORY.DMP 2007-11-30 18:52 . 2007-12-27 19:58 <DIR> d-------- C:\Users\monapona\AppData\Roaming\BearShare 2007-11-30 18:52 . 2007-11-30 18:52 <DIR> d-------- C:\Program Files\BearShare Applications 2007-11-30 18:52 . 2007-11-30 18:52 <DIR> d-------- C:\My Downloads 2007-11-30 18:52 . 2006-11-12 11:39 483,328 --a------ C:\Windows\System32\actskn45.ocx 2007-11-30 17:31 . 2007-12-28 00:47 <DIR> d-------- C:\Users\monapona\AppData\Roaming\OpenOffice.org2 2007-11-30 16:50 . 2007-12-01 13:28 <DIR> d-------- C:\Users\monapona\Shared 2007-11-30 16:50 . 2007-12-01 13:28 <DIR> d-------- C:\Users\monapona\Incomplete 2007-11-30 16:46 . 2007-12-01 13:28 <DIR> d-------- C:\Users\monapona\AppData\Roaming\LimeWire 2007-11-30 16:40 . 2007-12-01 13:27 <DIR> d-------- C:\Program Files\LimeWire 2007-11-30 16:38 . 2007-11-30 16:39 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2007-11-30 12:53 . 2007-11-30 12:53 704,000 --a------ C:\Windows\System32\PhotoScreensaver.scr 2007-11-30 12:52 . 2007-11-30 12:52 2,923,520 --a------ C:\Windows\explorer.exe 2007-11-30 12:52 . 2007-11-30 12:52 2,027,008 --a------ C:\Windows\System32\win32k.sys 2007-11-30 12:52 . 2007-11-30 12:52 258,232 --a------ C:\Windows\System32\drivers\acpi.sys 2007-11-30 12:52 . 2007-11-30 12:52 28,344 --a------ C:\Windows\System32\drivers\battc.sys 2007-11-30 12:52 . 2007-11-30 12:52 24,064 --a------ C:\Windows\System32\wtsapi32.dll 2007-11-30 12:52 . 2007-11-30 12:52 20,920 --a------ C:\Windows\System32\drivers\compbatt.sys 2007-11-30 12:52 . 2007-11-30 12:52 14,208 --a------ C:\Windows\System32\drivers\CmBatt.sys 2007-11-30 12:52 . 2007-11-30 12:52 11,264 --a------ C:\Windows\System32\drivers\wmiacpi.sys 2007-11-30 12:32 . 2007-11-30 12:32 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-30 12:30 . 2007-11-30 12:30 <DIR> d-------- C:\Users\Student\AppData 2007-11-30 08:38 . 2007-11-30 08:38 507 --a------ C:\Windows\DKAAY2DD.ini 2007-11-30 08:37 . 2007-05-15 10:25 155,648 --a------ C:\Windows\System32\gencoin.dll 2007-11-30 08:37 . 2007-05-15 10:25 102,400 --a------ C:\Windows\System32\softcoin.dll 2007-11-30 08:37 . 2007-05-07 08:21 65,888 --a------ C:\Windows\System32\DKAAY2TH.HLP 2007-11-30 08:37 . 2007-05-07 08:21 42,496 --a------ C:\Windows\System32\DKAAY2BJ.DLL 2007-11-30 08:33 . 2007-11-30 08:33 714,240 --a------ C:\Windows\System32\timedate.cpl 2007-11-30 08:33 . 2007-11-30 08:33 542,720 --a------ C:\Windows\System32\sysmain.dll 2007-11-30 08:32 . 2007-11-30 08:32 1,655,289 --a------ C:\Windows\System32\wlan.tmf 2007-11-30 08:32 . 2007-11-30 08:32 502,784 --a------ C:\Windows\System32\wlansvc.dll 2007-11-30 08:32 . 2007-11-30 08:32 297,984 --a------ C:\Windows\System32\wlansec.dll 2007-11-30 08:32 . 2007-11-30 08:32 290,816 --a------ C:\Windows\System32\wlanmsm.dll 2007-11-30 08:32 . 2007-11-30 08:32 67,584 --a------ C:\Windows\System32\wlanhlp.dll 2007-11-30 08:32 . 2007-11-30 08:32 47,104 --a------ C:\Windows\System32\wlanapi.dll 2007-11-29 14:19 . 2007-11-29 14:19 8,147,968 --a------ C:\Windows\System32\wmploc.DLL 2007-11-29 14:19 . 2007-11-29 14:19 7,680 --a------ C:\Windows\System32\spwmp.dll 2007-11-29 14:19 . 2007-11-29 14:19 4,096 --a------ C:\Windows\System32\dxmasf.dll 2007-11-29 14:18 . 2007-11-29 14:18 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll 2007-11-29 14:18 . 2007-11-29 14:18 224,768 --a------ C:\Windows\System32\drivers\usbport.sys 2007-11-29 14:18 . 2007-11-29 14:18 193,536 --a------ C:\Windows\System32\drivers\usbhub.sys 2007-11-29 14:18 . 2007-11-29 14:18 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys 2007-11-29 14:18 . 2007-11-29 14:18 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys 2007-11-29 14:18 . 2007-11-29 14:18 19,456 --a------ C:\Windows\System32\drivers\usbohci.sys 2007-11-29 14:18 . 2007-11-29 14:18 8,704 --a------ C:\Windows\System32\hcrstco.dll 2007-11-29 14:18 . 2007-11-29 14:18 8,704 --a------ C:\Windows\System32\hccoin.dll 2007-11-29 14:18 . 2007-11-29 14:18 5,888 --a------ C:\Windows\System32\drivers\usbd.sys 2007-11-29 14:18 . 2007-11-29 14:18 4,096 --a------ C:\Windows\System32\msdxm.ocx 2007-11-29 14:16 . 2007-12-10 10:55 <DIR> d-------- C:\Users\All Users\WLInstaller 2007-11-29 14:16 . 2007-12-10 10:55 <DIR> d-------- C:\ProgramData\WLInstaller 2007-11-29 14:16 . 2007-11-30 16:41 <DIR> d-------- C:\Program Files\Windows Live 2007-11-29 14:16 . 2007-11-30 16:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2007-11-29 14:15 . 2007-11-29 14:15 788,992 --a------ C:\Windows\System32\rpcrt4.dll 2007-11-29 14:15 . 2007-11-29 14:15 737,792 --a------ C:\Windows\System32\inetcomm.dll 2007-11-29 14:15 . 2007-11-29 14:15 84,480 --a------ C:\Windows\System32\INETRES.dll 2007-11-29 11:23 . 2007-11-29 11:23 <DIR> d-------- C:\Users\monapona\Bluetooth Software 2007-11-29 11:23 . 2007-11-29 11:23 <DIR> d-------- C:\Users\monapona\AppData\Roaming\ATI 2007-11-29 11:22 . 2007-11-29 11:22 <DIR> dr------- C:\Users\monapona\Searches 2007-11-29 11:22 . 2007-12-28 12:08 <DIR> dr------- C:\Users\monapona\Contacts 2007-11-29 11:17 . 2007-11-29 11:17 <DIR> d-------- C:\Users\monapona\AppData\Roaming\Hewlett-Packard 2007-11-29 11:15 . 2007-11-29 11:22 <DIR> dr------- C:\Users\monapona\Videos 2007-11-29 11:15 . 2007-11-30 20:44 <DIR> dr------- C:\Users\monapona\Saved Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-16 02:06 --------- d-----w C:\ProgramData\Microsoft Help 2007-12-16 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-16 02:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-16 02:03 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-16 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-16 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-16 02:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-16 02:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-03 21:20 --------- d-----w C:\Program Files\Hp 2007-12-03 21:20 --------- d-----w C:\Program Files\Hewlett-Packard 2007-12-03 21:08 --------- d-----w C:\ProgramData\Hewlett-Packard 2007-11-30 11:34 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-11-30 07:56 --------- d-----w C:\Program Files\Windows Mail 2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll 2007-09-11 01:25 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] 2007-03-02 16:52 177768 -ra------ C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2007-11-05 11:51 402872 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:34] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 C:\Windows\System32\oobefldr.dll] "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 12:26] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-14 03:03] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-15 12:08] "PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 07:38] "PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 14:52] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 14:36] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 15:17] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34] "WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 10:00] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-08-27 14:28] "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 14:27] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "ST Recovery Launcher"="%WINDIR%\SMINST\launcher.exe" [] C:\Users\monapona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54] OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 04:43:54] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 12:11:50] DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-09-10 08:17:10] HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders credssp.dll R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 12:23] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 14:27] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-08-27 14:27] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-08-27 14:27] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-08-27 14:27] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [] R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 15:52] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 11:42] R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 11:42] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 11:42] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 14:27] R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 17:09] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-13 11:49] S3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 10:50] S3 WimFltr;WimFltr;C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-02 00:50] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 14:27] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 14:27] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ GPSvcGroup REG_MULTI_SZ GPSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2007-11-30 15:39:31 C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-28 14:33:32 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-28 14:34:29 . 2007-12-28 10:54:55 --- E O F --- Fikk også nå beskjed om at det hadde blitt funnet virus; Trojan.Win32.Inject.ph. Når jeg desifiserer viruset, kommer det bare beskjed om at objektet ikke kan desinfiseres.. Endret 28. desember 2007 av mona14 Lenke til kommentar
norbat Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 Heisann, Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\Windows\System32\yufythwx.exe Kjør også en ny scan med av-programmet ditt og se om det fortsatt finner noe. Lenke til kommentar
mona14 Skrevet 28. desember 2007 Forfatter Del Skrevet 28. desember 2007 Ny ComboFix logg: ComboFix 07-12-21.4 - monapona 2007-12-28 15:39:53.2 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1044.18.134 [GMT 1:00] Running from: C:\Users\monapona\Desktop\ComboFix.exe Command switches used :: C:\Users\monapona\Desktop\CFScript.txt..docx . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))) . 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Users\monapona\AppData\Roaming\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-16 03:05 . 2007-12-16 03:05 1,327,104 --a------ C:\Windows\System32\quartz.dll 2007-12-16 03:05 . 2007-12-16 03:05 223,232 --a------ C:\Windows\System32\WMASF.DLL 2007-12-16 03:05 . 2007-12-16 03:05 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2007-12-16 03:05 . 2007-12-16 03:05 2,048 --a------ C:\Windows\System32\asferror.dll 2007-12-16 03:03 . 2007-12-16 03:03 1,830,912 --a------ C:\Windows\System32\inetcpl.cpl 2007-12-16 03:01 . 2007-12-16 03:01 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe 2007-12-16 03:01 . 2007-12-16 03:01 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe 2007-12-16 03:01 . 2007-12-16 03:01 2,048 --a------ C:\Windows\System32\tzres.dll 2007-12-15 20:06 . 2007-12-15 20:06 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-15 19:08 . 2007-12-15 19:08 244 --ah----- C:\sqmnoopt00.sqm 2007-12-15 19:08 . 2007-12-15 19:08 232 --ah----- C:\sqmdata00.sqm 2007-12-15 18:54 . 2007-12-15 18:54 286,208 --a------ C:\Windows\System32\yufythwx.exe 2007-12-07 09:47 . 2007-12-07 09:47 0 --a------ C:\Windows\nsreg.dat 2007-12-03 22:28 . 2007-12-03 22:28 <DIR> d-------- C:\Users\All Users\WEBREG 2007-12-03 22:28 . 2007-12-03 22:28 <DIR> d-------- C:\ProgramData\WEBREG 2007-12-03 22:20 . 2007-12-03 22:20 <DIR> d-------- C:\Users\monapona\AppData\Roaming\HPAppData 2007-12-03 22:20 . 2007-12-03 22:20 <DIR> d-------- C:\Users\All Users\HPSSUPPLY 2007-12-03 22:20 . 2007-12-03 22:20 <DIR> d-------- C:\ProgramData\HPSSUPPLY 2007-12-03 22:17 . 2007-12-03 22:17 <DIR> d-------- C:\Users\All Users\HP Product Assistant 2007-12-03 22:17 . 2007-12-03 22:17 <DIR> d-------- C:\ProgramData\HP Product Assistant 2007-12-03 22:16 . 2007-12-03 22:16 <DIR> d-------- C:\Program Files\Common Files\HP 2007-12-03 22:15 . 2007-12-03 22:15 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-12-03 22:13 . 2007-03-17 17:11 675,840 --a------ C:\Windows\System32\hpowiax3.dll 2007-12-03 22:13 . 2007-03-17 17:11 569,344 --a------ C:\Windows\System32\hpotscl3.dll 2007-12-03 22:13 . 2007-03-08 05:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll 2007-12-03 22:13 . 2007-03-08 05:20 309,760 --a------ C:\Windows\System32\difxapi.dll 2007-12-03 22:13 . 2007-03-17 17:11 303,104 --a------ C:\Windows\System32\hpovst10.dll 2007-12-03 22:08 . 2007-12-03 22:30 152,029 --a------ C:\Windows\hpoins14.dat 2007-12-03 22:08 . 2007-06-06 00:07 2,000 --------- C:\Windows\hpomdl14.dat 2007-12-03 22:07 . 2007-12-03 22:28 <DIR> d-------- C:\Users\All Users\HP 2007-12-03 22:07 . 2007-12-03 22:28 <DIR> d-------- C:\ProgramData\HP 2007-12-03 22:03 . 2007-03-30 16:07 267,864 --a------ C:\Windows\System32\hpzids01.dll 2007-12-03 22:03 . 2007-03-28 14:01 117,760 --a------ C:\Windows\System32\hpzll5ha.dll 2007-12-03 08:34 . 2007-12-03 08:34 143,845,527 --a------ C:\Windows\MEMORY.DMP 2007-11-30 18:52 . 2007-12-27 19:58 <DIR> d-------- C:\Users\monapona\AppData\Roaming\BearShare 2007-11-30 18:52 . 2007-11-30 18:52 <DIR> d-------- C:\Program Files\BearShare Applications 2007-11-30 18:52 . 2007-11-30 18:52 <DIR> d-------- C:\My Downloads 2007-11-30 18:52 . 2006-11-12 11:39 483,328 --a------ C:\Windows\System32\actskn45.ocx 2007-11-30 17:31 . 2007-12-28 00:47 <DIR> d-------- C:\Users\monapona\AppData\Roaming\OpenOffice.org2 2007-11-30 16:50 . 2007-12-01 13:28 <DIR> d-------- C:\Users\monapona\Shared 2007-11-30 16:50 . 2007-12-01 13:28 <DIR> d-------- C:\Users\monapona\Incomplete 2007-11-30 16:46 . 2007-12-01 13:28 <DIR> d-------- C:\Users\monapona\AppData\Roaming\LimeWire 2007-11-30 16:40 . 2007-12-01 13:27 <DIR> d-------- C:\Program Files\LimeWire 2007-11-30 16:38 . 2007-11-30 16:39 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2007-11-30 12:53 . 2007-11-30 12:53 704,000 --a------ C:\Windows\System32\PhotoScreensaver.scr 2007-11-30 12:52 . 2007-11-30 12:52 2,923,520 --a------ C:\Windows\explorer.exe 2007-11-30 12:52 . 2007-11-30 12:52 2,027,008 --a------ C:\Windows\System32\win32k.sys 2007-11-30 12:52 . 2007-11-30 12:52 258,232 --a------ C:\Windows\System32\drivers\acpi.sys 2007-11-30 12:52 . 2007-11-30 12:52 28,344 --a------ C:\Windows\System32\drivers\battc.sys 2007-11-30 12:52 . 2007-11-30 12:52 24,064 --a------ C:\Windows\System32\wtsapi32.dll 2007-11-30 12:52 . 2007-11-30 12:52 20,920 --a------ C:\Windows\System32\drivers\compbatt.sys 2007-11-30 12:52 . 2007-11-30 12:52 14,208 --a------ C:\Windows\System32\drivers\CmBatt.sys 2007-11-30 12:52 . 2007-11-30 12:52 11,264 --a------ C:\Windows\System32\drivers\wmiacpi.sys 2007-11-30 12:32 . 2007-11-30 12:32 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-30 12:30 . 2007-11-30 12:30 <DIR> d-------- C:\Users\Student\AppData 2007-11-30 08:38 . 2007-11-30 08:38 507 --a------ C:\Windows\DKAAY2DD.ini 2007-11-30 08:37 . 2007-05-15 10:25 155,648 --a------ C:\Windows\System32\gencoin.dll 2007-11-30 08:37 . 2007-05-15 10:25 102,400 --a------ C:\Windows\System32\softcoin.dll 2007-11-30 08:37 . 2007-05-07 08:21 65,888 --a------ C:\Windows\System32\DKAAY2TH.HLP 2007-11-30 08:37 . 2007-05-07 08:21 42,496 --a------ C:\Windows\System32\DKAAY2BJ.DLL 2007-11-30 08:33 . 2007-11-30 08:33 714,240 --a------ C:\Windows\System32\timedate.cpl 2007-11-30 08:33 . 2007-11-30 08:33 542,720 --a------ C:\Windows\System32\sysmain.dll 2007-11-30 08:32 . 2007-11-30 08:32 1,655,289 --a------ C:\Windows\System32\wlan.tmf 2007-11-30 08:32 . 2007-11-30 08:32 502,784 --a------ C:\Windows\System32\wlansvc.dll 2007-11-30 08:32 . 2007-11-30 08:32 297,984 --a------ C:\Windows\System32\wlansec.dll 2007-11-30 08:32 . 2007-11-30 08:32 290,816 --a------ C:\Windows\System32\wlanmsm.dll 2007-11-30 08:32 . 2007-11-30 08:32 67,584 --a------ C:\Windows\System32\wlanhlp.dll 2007-11-30 08:32 . 2007-11-30 08:32 47,104 --a------ C:\Windows\System32\wlanapi.dll 2007-11-29 14:19 . 2007-11-29 14:19 8,147,968 --a------ C:\Windows\System32\wmploc.DLL 2007-11-29 14:19 . 2007-11-29 14:19 7,680 --a------ C:\Windows\System32\spwmp.dll 2007-11-29 14:19 . 2007-11-29 14:19 4,096 --a------ C:\Windows\System32\dxmasf.dll 2007-11-29 14:18 . 2007-11-29 14:18 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll 2007-11-29 14:18 . 2007-11-29 14:18 224,768 --a------ C:\Windows\System32\drivers\usbport.sys 2007-11-29 14:18 . 2007-11-29 14:18 193,536 --a------ C:\Windows\System32\drivers\usbhub.sys 2007-11-29 14:18 . 2007-11-29 14:18 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys 2007-11-29 14:18 . 2007-11-29 14:18 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys 2007-11-29 14:18 . 2007-11-29 14:18 19,456 --a------ C:\Windows\System32\drivers\usbohci.sys 2007-11-29 14:18 . 2007-11-29 14:18 8,704 --a------ C:\Windows\System32\hcrstco.dll 2007-11-29 14:18 . 2007-11-29 14:18 8,704 --a------ C:\Windows\System32\hccoin.dll 2007-11-29 14:18 . 2007-11-29 14:18 5,888 --a------ C:\Windows\System32\drivers\usbd.sys 2007-11-29 14:18 . 2007-11-29 14:18 4,096 --a------ C:\Windows\System32\msdxm.ocx 2007-11-29 14:16 . 2007-12-10 10:55 <DIR> d-------- C:\Users\All Users\WLInstaller 2007-11-29 14:16 . 2007-12-10 10:55 <DIR> d-------- C:\ProgramData\WLInstaller 2007-11-29 14:16 . 2007-11-30 16:41 <DIR> d-------- C:\Program Files\Windows Live 2007-11-29 14:16 . 2007-11-30 16:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2007-11-29 14:15 . 2007-11-29 14:15 788,992 --a------ C:\Windows\System32\rpcrt4.dll 2007-11-29 14:15 . 2007-11-29 14:15 737,792 --a------ C:\Windows\System32\inetcomm.dll 2007-11-29 14:15 . 2007-11-29 14:15 84,480 --a------ C:\Windows\System32\INETRES.dll 2007-11-29 11:23 . 2007-11-29 11:23 <DIR> d-------- C:\Users\monapona\Bluetooth Software 2007-11-29 11:23 . 2007-11-29 11:23 <DIR> d-------- C:\Users\monapona\AppData\Roaming\ATI 2007-11-29 11:22 . 2007-11-29 11:22 <DIR> dr------- C:\Users\monapona\Searches 2007-11-29 11:22 . 2007-12-28 12:08 <DIR> dr------- C:\Users\monapona\Contacts 2007-11-29 11:17 . 2007-11-29 11:17 <DIR> d-------- C:\Users\monapona\AppData\Roaming\Hewlett-Packard 2007-11-29 11:15 . 2007-11-29 11:22 <DIR> dr------- C:\Users\monapona\Videos 2007-11-29 11:15 . 2007-11-30 20:44 <DIR> dr------- C:\Users\monapona\Saved Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-16 02:06 --------- d-----w C:\ProgramData\Microsoft Help 2007-12-16 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-16 02:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-16 02:03 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-16 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-16 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-16 02:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-16 02:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-03 21:20 --------- d-----w C:\Program Files\Hp 2007-12-03 21:20 --------- d-----w C:\Program Files\Hewlett-Packard 2007-12-03 21:08 --------- d-----w C:\ProgramData\Hewlett-Packard 2007-11-30 11:34 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-11-30 07:56 --------- d-----w C:\Program Files\Windows Mail 2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll 2007-09-11 01:25 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2007-12-28_14.33.53.56 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-28 13:27:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2007-12-28 14:33:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2007-12-28 13:27:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2007-12-28 14:33:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2007-12-28 13:27:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2007-12-28 14:33:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] 2007-03-02 16:52 177768 -ra------ C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2007-11-05 11:51 402872 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:34] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 C:\Windows\System32\oobefldr.dll] "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 12:26] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-14 03:03] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-15 12:08] "PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 07:38] "PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 14:52] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 14:36] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 15:17] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34] "WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 10:00] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-08-27 14:28] "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 14:27] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "ST Recovery Launcher"="%WINDIR%\SMINST\launcher.exe" [] C:\Users\monapona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54] OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 04:43:54] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 12:11:50] DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-09-10 08:17:10] HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders credssp.dll R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 12:23] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 14:27] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-08-27 14:27] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-08-27 14:27] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-08-27 14:27] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [] R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 15:52] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 11:42] R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 11:42] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 11:42] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 14:27] R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 17:09] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-13 11:49] S3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 10:50] S3 WimFltr;WimFltr;C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-02 00:50] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 14:27] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 14:27] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ GPSvcGroup REG_MULTI_SZ GPSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2007-11-30 15:39:31 C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-28 15:44:21 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-28 15:45:35 C:\ComboFix2.txt ... 2007-12-28 14:34 . 2007-12-28 10:54:55 --- E O F --- Lenke til kommentar
norbat Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 (endret) Prøv en gang til med å opprette ei fil med navn CFScript.txt (bruk notisblokk. Det oppretter automatisk endelsen txt, så du trenger egentlig å bare skrive CFScript i filnavnet.) Sett inn følgende (i fet): KILLALL:: File:: C:\Windows\System32\yufythwx.exe Endret 28. desember 2007 av norbat Lenke til kommentar
mona14 Skrevet 28. desember 2007 Forfatter Del Skrevet 28. desember 2007 finner ikke notisblokk jeg, hm.. bruker vista? og forresten skal begge disse skrives inn? - KILLALL: og File:: C:\Windows\System32\yufythwx.exe Lenke til kommentar
norbat Skrevet 28. desember 2007 Del Skrevet 28. desember 2007 Ja, kopier inn slik det står. Notisblokk bør finnes under tilbehør e.l. Lenke til kommentar
mona14 Skrevet 29. desember 2007 Forfatter Del Skrevet 29. desember 2007 Ny ComboFix logg: ComboFix 07-12-21.4 - monapona 2007-12-29 1:17:49.3 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1044.18.402 [GMT 1:00] Running from: C:\Users\monapona\Desktop\ComboFix.exe Command switches used :: C:\Users\monapona\Desktop\CFScript.txt.txt FILE C:\Windows\System32\yufythwx.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\System32\yufythwx.exe . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))) . 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Users\monapona\AppData\Roaming\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2007-12-27 23:17 . 2007-12-27 23:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-12-27 23:17 . 2007-12-27 23:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-16 03:05 . 2007-12-16 03:05 1,327,104 --a------ C:\Windows\System32\quartz.dll 2007-12-16 03:05 . 2007-12-16 03:05 223,232 --a------ C:\Windows\System32\WMASF.DLL 2007-12-16 03:05 . 2007-12-16 03:05 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2007-12-16 03:05 . 2007-12-16 03:05 2,048 --a------ C:\Windows\System32\asferror.dll 2007-12-16 03:03 . 2007-12-16 03:03 1,830,912 --a------ C:\Windows\System32\inetcpl.cpl 2007-12-16 03:01 . 2007-12-16 03:01 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe 2007-12-16 03:01 . 2007-12-16 03:01 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe 2007-12-16 03:01 . 2007-12-16 03:01 2,048 --a------ C:\Windows\System32\tzres.dll 2007-12-15 20:06 . 2007-12-15 20:06 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-15 19:08 . 2007-12-15 19:08 244 --ah----- C:\sqmnoopt00.sqm 2007-12-15 19:08 . 2007-12-15 19:08 232 --ah----- C:\sqmdata00.sqm 2007-12-07 09:47 . 2007-12-07 09:47 0 --a------ C:\Windows\nsreg.dat 2007-12-03 22:28 . 2007-12-03 22:28 <DIR> d-------- C:\Users\All Users\WEBREG 2007-12-03 22:28 . 2007-12-03 22:28 <DIR> d-------- C:\ProgramData\WEBREG 2007-12-03 22:20 . 2007-12-03 22:20 <DIR> d-------- C:\Users\monapona\AppData\Roaming\HPAppData 2007-12-03 22:20 . 2007-12-03 22:20 <DIR> d-------- C:\Users\All Users\HPSSUPPLY 2007-12-03 22:20 . 2007-12-03 22:20 <DIR> d-------- C:\ProgramData\HPSSUPPLY 2007-12-03 22:17 . 2007-12-03 22:17 <DIR> d-------- C:\Users\All Users\HP Product Assistant 2007-12-03 22:17 . 2007-12-03 22:17 <DIR> d-------- C:\ProgramData\HP Product Assistant 2007-12-03 22:16 . 2007-12-03 22:16 <DIR> d-------- C:\Program Files\Common Files\HP 2007-12-03 22:15 . 2007-12-03 22:15 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-12-03 22:13 . 2007-03-17 17:11 675,840 --a------ C:\Windows\System32\hpowiax3.dll 2007-12-03 22:13 . 2007-03-17 17:11 569,344 --a------ C:\Windows\System32\hpotscl3.dll 2007-12-03 22:13 . 2007-03-08 05:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll 2007-12-03 22:13 . 2007-03-08 05:20 309,760 --a------ C:\Windows\System32\difxapi.dll 2007-12-03 22:13 . 2007-03-17 17:11 303,104 --a------ C:\Windows\System32\hpovst10.dll 2007-12-03 22:08 . 2007-12-03 22:30 152,029 --a------ C:\Windows\hpoins14.dat 2007-12-03 22:08 . 2007-06-06 00:07 2,000 --------- C:\Windows\hpomdl14.dat 2007-12-03 22:07 . 2007-12-03 22:28 <DIR> d-------- C:\Users\All Users\HP 2007-12-03 22:07 . 2007-12-03 22:28 <DIR> d-------- C:\ProgramData\HP 2007-12-03 22:03 . 2007-03-30 16:07 267,864 --a------ C:\Windows\System32\hpzids01.dll 2007-12-03 22:03 . 2007-03-28 14:01 117,760 --a------ C:\Windows\System32\hpzll5ha.dll 2007-12-03 08:34 . 2007-12-03 08:34 143,845,527 --a------ C:\Windows\MEMORY.DMP 2007-11-30 18:52 . 2007-12-27 19:58 <DIR> d-------- C:\Users\monapona\AppData\Roaming\BearShare 2007-11-30 18:52 . 2007-11-30 18:52 <DIR> d-------- C:\Program Files\BearShare Applications 2007-11-30 18:52 . 2007-11-30 18:52 <DIR> d-------- C:\My Downloads 2007-11-30 18:52 . 2006-11-12 11:39 483,328 --a------ C:\Windows\System32\actskn45.ocx 2007-11-30 17:31 . 2007-12-28 21:51 <DIR> d-------- C:\Users\monapona\AppData\Roaming\OpenOffice.org2 2007-11-30 16:50 . 2007-12-01 13:28 <DIR> d-------- C:\Users\monapona\Shared 2007-11-30 16:50 . 2007-12-01 13:28 <DIR> d-------- C:\Users\monapona\Incomplete 2007-11-30 16:46 . 2007-12-01 13:28 <DIR> d-------- C:\Users\monapona\AppData\Roaming\LimeWire 2007-11-30 16:40 . 2007-12-01 13:27 <DIR> d-------- C:\Program Files\LimeWire 2007-11-30 16:38 . 2007-11-30 16:39 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2007-11-30 12:53 . 2007-11-30 12:53 704,000 --a------ C:\Windows\System32\PhotoScreensaver.scr 2007-11-30 12:52 . 2007-11-30 12:52 2,923,520 --a------ C:\Windows\explorer.exe 2007-11-30 12:52 . 2007-11-30 12:52 2,027,008 --a------ C:\Windows\System32\win32k.sys 2007-11-30 12:52 . 2007-11-30 12:52 258,232 --a------ C:\Windows\System32\drivers\acpi.sys 2007-11-30 12:52 . 2007-11-30 12:52 28,344 --a------ C:\Windows\System32\drivers\battc.sys 2007-11-30 12:52 . 2007-11-30 12:52 24,064 --a------ C:\Windows\System32\wtsapi32.dll 2007-11-30 12:52 . 2007-11-30 12:52 20,920 --a------ C:\Windows\System32\drivers\compbatt.sys 2007-11-30 12:52 . 2007-11-30 12:52 14,208 --a------ C:\Windows\System32\drivers\CmBatt.sys 2007-11-30 12:52 . 2007-11-30 12:52 11,264 --a------ C:\Windows\System32\drivers\wmiacpi.sys 2007-11-30 12:32 . 2007-11-30 12:32 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-30 12:30 . 2007-11-30 12:30 <DIR> d-------- C:\Users\Student\AppData 2007-11-30 08:38 . 2007-11-30 08:38 507 --a------ C:\Windows\DKAAY2DD.ini 2007-11-30 08:37 . 2007-05-15 10:25 155,648 --a------ C:\Windows\System32\gencoin.dll 2007-11-30 08:37 . 2007-05-15 10:25 102,400 --a------ C:\Windows\System32\softcoin.dll 2007-11-30 08:37 . 2007-05-07 08:21 65,888 --a------ C:\Windows\System32\DKAAY2TH.HLP 2007-11-30 08:37 . 2007-05-07 08:21 42,496 --a------ C:\Windows\System32\DKAAY2BJ.DLL 2007-11-30 08:33 . 2007-11-30 08:33 714,240 --a------ C:\Windows\System32\timedate.cpl 2007-11-30 08:33 . 2007-11-30 08:33 542,720 --a------ C:\Windows\System32\sysmain.dll 2007-11-30 08:32 . 2007-11-30 08:32 1,655,289 --a------ C:\Windows\System32\wlan.tmf 2007-11-30 08:32 . 2007-11-30 08:32 502,784 --a------ C:\Windows\System32\wlansvc.dll 2007-11-30 08:32 . 2007-11-30 08:32 297,984 --a------ C:\Windows\System32\wlansec.dll 2007-11-30 08:32 . 2007-11-30 08:32 290,816 --a------ C:\Windows\System32\wlanmsm.dll 2007-11-30 08:32 . 2007-11-30 08:32 67,584 --a------ C:\Windows\System32\wlanhlp.dll 2007-11-30 08:32 . 2007-11-30 08:32 47,104 --a------ C:\Windows\System32\wlanapi.dll 2007-11-29 14:19 . 2007-11-29 14:19 8,147,968 --a------ C:\Windows\System32\wmploc.DLL 2007-11-29 14:19 . 2007-11-29 14:19 7,680 --a------ C:\Windows\System32\spwmp.dll 2007-11-29 14:19 . 2007-11-29 14:19 4,096 --a------ C:\Windows\System32\dxmasf.dll 2007-11-29 14:18 . 2007-11-29 14:18 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll 2007-11-29 14:18 . 2007-11-29 14:18 224,768 --a------ C:\Windows\System32\drivers\usbport.sys 2007-11-29 14:18 . 2007-11-29 14:18 193,536 --a------ C:\Windows\System32\drivers\usbhub.sys 2007-11-29 14:18 . 2007-11-29 14:18 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys 2007-11-29 14:18 . 2007-11-29 14:18 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys 2007-11-29 14:18 . 2007-11-29 14:18 19,456 --a------ C:\Windows\System32\drivers\usbohci.sys 2007-11-29 14:18 . 2007-11-29 14:18 8,704 --a------ C:\Windows\System32\hcrstco.dll 2007-11-29 14:18 . 2007-11-29 14:18 8,704 --a------ C:\Windows\System32\hccoin.dll 2007-11-29 14:18 . 2007-11-29 14:18 5,888 --a------ C:\Windows\System32\drivers\usbd.sys 2007-11-29 14:18 . 2007-11-29 14:18 4,096 --a------ C:\Windows\System32\msdxm.ocx 2007-11-29 14:16 . 2007-12-10 10:55 <DIR> d-------- C:\Users\All Users\WLInstaller 2007-11-29 14:16 . 2007-12-10 10:55 <DIR> d-------- C:\ProgramData\WLInstaller 2007-11-29 14:16 . 2007-11-30 16:41 <DIR> d-------- C:\Program Files\Windows Live 2007-11-29 14:16 . 2007-11-30 16:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2007-11-29 14:15 . 2007-11-29 14:15 788,992 --a------ C:\Windows\System32\rpcrt4.dll 2007-11-29 14:15 . 2007-11-29 14:15 737,792 --a------ C:\Windows\System32\inetcomm.dll 2007-11-29 14:15 . 2007-11-29 14:15 84,480 --a------ C:\Windows\System32\INETRES.dll 2007-11-29 11:23 . 2007-11-29 11:23 <DIR> d-------- C:\Users\monapona\Bluetooth Software 2007-11-29 11:23 . 2007-11-29 11:23 <DIR> d-------- C:\Users\monapona\AppData\Roaming\ATI 2007-11-29 11:22 . 2007-11-29 11:22 <DIR> dr------- C:\Users\monapona\Searches 2007-11-29 11:22 . 2007-12-28 12:08 <DIR> dr------- C:\Users\monapona\Contacts 2007-11-29 11:17 . 2007-11-29 11:17 <DIR> d-------- C:\Users\monapona\AppData\Roaming\Hewlett-Packard 2007-11-29 11:15 . 2007-11-29 11:22 <DIR> dr------- C:\Users\monapona\Videos 2007-11-29 11:15 . 2007-11-30 20:44 <DIR> dr------- C:\Users\monapona\Saved Games 2007-11-29 11:15 . 2007-12-22 21:29 <DIR> dr------- C:\Users\monapona\Pictures . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-16 02:06 --------- d-----w C:\ProgramData\Microsoft Help 2007-12-16 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-16 02:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-16 02:03 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-16 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-16 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-16 02:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-16 02:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-03 21:20 --------- d-----w C:\Program Files\Hp 2007-12-03 21:20 --------- d-----w C:\Program Files\Hewlett-Packard 2007-12-03 21:08 --------- d-----w C:\ProgramData\Hewlett-Packard 2007-11-30 11:34 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-11-30 07:56 --------- d-----w C:\Program Files\Windows Mail 2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll 2007-09-11 01:25 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2007-12-28_14.33.53.56 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-28 10:32:58 67,584 --s-a-w C:\Windows\bootstat.dat + 2007-12-29 00:21:21 67,584 --s-a-w C:\Windows\bootstat.dat - 2007-12-28 12:33:05 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2007-12-28 23:54:41 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2007-12-27 23:45:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2007-12-29 00:21:48 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2007-12-29 00:21:48 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2007-12-28 10:57:03 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2007-12-28 21:00:54 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat - 2007-12-27 23:45:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2007-12-29 00:21:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2007-12-29 00:21:48 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2007-12-28 13:27:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2007-12-29 00:10:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2007-12-28 13:27:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2007-12-29 00:10:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2007-12-28 13:27:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2007-12-29 00:10:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2007-12-28 13:29:04 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2007-12-29 00:15:29 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2007-12-29 00:15:29 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2007-12-27 23:46:25 4,318 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2824029198-3598538209-984558974-1010_UserData.bin + 2007-12-28 20:50:34 4,548 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2824029198-3598538209-984558974-1010_UserData.bin - 2007-12-27 23:46:24 75,560 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2007-12-28 20:50:31 75,942 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2007-12-27 23:46:22 38,652 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2007-12-28 14:54:33 39,188 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2007-12-28 10:33:02 253,856 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2007-12-28 23:54:31 255,850 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] 2007-03-02 16:52 177768 -ra------ C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2007-11-05 11:51 402872 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:34] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 C:\Windows\System32\oobefldr.dll] "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 12:26] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-14 03:03] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-15 12:08] "PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 07:38] "PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 14:52] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 14:36] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 15:17] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34] "WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 10:00] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-08-27 14:28] "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 14:27] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "ST Recovery Launcher"="%WINDIR%\SMINST\launcher.exe" [] C:\Users\monapona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54] OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 04:43:54] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 12:11:50] DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-09-10 08:17:10] HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders credssp.dll R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 12:23] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 14:27] R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-08-27 14:27] R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-08-27 14:27] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-08-27 14:27] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [] R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 15:52] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 11:42] R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 11:42] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 11:42] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 14:27] R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 17:09] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-13 11:49] S3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 10:50] S3 WimFltr;WimFltr;C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-02 00:50] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 14:27] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 14:27] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ GPSvcGroup REG_MULTI_SZ GPSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2007-11-30 15:39:31 C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-29 01:21:58 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-29 1:24:11 - machine was rebooted C:\ComboFix2.txt ... 2007-12-28 15:45 C:\ComboFix3.txt ... 2007-12-28 14:34 . 2007-12-28 10:54:55 --- E O F --- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå