SnoelK Skrevet 26. april 2007 Del Skrevet 26. april 2007 (endret) Heihei, jeg lastet ned netlimiter og fant ut at det lå noe inne i pcen min som brukte VANVITTIG mye av internettlinja mi. så at det var noe som het "taskmgr1.exe". gikk inn i oppgavebehandling og stoppet prosessen og googlet det. Fant ut at det var en eller annen form for trojan som åpner bakdører på pcen min. eller en slags spybot eller noe. er ikke så flink på dette området. Kjører for tiden NOD32 og ad-aware fra lavasoft. Har nylig installert Spybot S&D også... Har fra tid til annen fått opp vinduer fra nod32 med eventuelle trusler mot systemet. Har ikke hengt meg så opp i det siden nod32 skal være et av de beste AV-progs på markedet og regnet med at det ble fjernet automatisk. kan noen si noe mer om taskmgr1.exe? om det er en stor trussel og hvordan jeg eventuellt kan fjerne det? --Snoelk Endret 30. april 2007 av SnoelK Lenke til kommentar
norbat Skrevet 26. april 2007 Del Skrevet 26. april 2007 Hei, SnoelK Jeg foreslår følgende: Last ned SDFix.exe. Pakk ut programmet. Last ned SAS, installer og oppdater. Restart i sikker modus (tapp f8 under oppstart) Kjør RunThis.bat i SDfix-mappa. Det lages en rapport (Report.txt) som du poster senere Kjør en full scan med SAS. Restart i normal modus Hent Hijackthis, og legg det på skrivebordet. Kjør programmet, velg "Do a system scan and save a logfile". HJT-loggen poster du sammen med loggen fra SDfix og SAS (Preferences->statistics/logs) Lenke til kommentar
SnoelK Skrevet 26. april 2007 Forfatter Del Skrevet 26. april 2007 Hei:) Takk for kjemperask respons:) Fant ut at jeg har en "Spy.VBStat.J trojan" i pcen... D er d nod32 sier til meg. Men jeg skal gjøre som du sier. Poster svar når jeg er ferdi. Snakkes... --Snoelk Lenke til kommentar
norbat Skrevet 26. april 2007 Del Skrevet 26. april 2007 (endret) Det gjør du bare. Forumet sover aldri Edit: SAS-scanningen vil nok ta litt tid. Du kan godt hente hijackthis og lage en logg som du poster før du scanne med SAS. Du vil allikevel bli bedt om å poste en ny etterpå. Kan være greit å se hva som evt. ligger der. Endret 26. april 2007 av norbat Lenke til kommentar
SnoelK Skrevet 26. april 2007 Forfatter Del Skrevet 26. april 2007 (endret) Logfile of HijackThis v1.99.1 Scan saved at 01:30:43, on 27.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\NetLimiter 2 Pro\NLClient.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\FlashGet\FlashGet.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\taskmgr1.exe C:\WINDOWS\system32\psys.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\MagicDisc\MagicDisc.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Flashget] C:\Programfiler\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Microsoft System Service] taskmgr1.exe O4 - HKLM\..\Run: [Microsoft Personal Security] psys.exe O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\nwcbewdv.dll",realset O4 - HKLM\..\RunServices: [Microsoft System Service] taskmgr1.exe O4 - HKLM\..\RunServices: [Microsoft Personal Security] psys.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Last ned alle med FlashGet - C:\Programfiler\FlashGet\jc_all.htm O8 - Extra context menu item: &Last ned med FlashGet - C:\Programfiler\FlashGet\jc_link.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programfiler\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programfiler\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe ------------- Får ikke til å starte i sikkermodus. Når jeg gjør det kommer jeg ikke lengere enn til rett etter jeg har tastet inn pw. Tar det lang tid å laste inn i sikkermodus eller? skjønner ingenting. Ser at SDfix kun fungerer i sikkermodus. er det helt nødvendig å kjøre det? Endret 26. april 2007 av SnoelK Lenke til kommentar
norbat Skrevet 27. april 2007 Del Skrevet 27. april 2007 Hvis du ikke får kjørt SDfix, så går du bare videre med SAS-scanningen. Kjør SAS og legg deretter ut SAS-loggen + en ny HJT-logg Lenke til kommentar
SnoelK Skrevet 28. april 2007 Forfatter Del Skrevet 28. april 2007 (endret) Kjørte SAS i normal mode. Fant 59 skumle greier og fjernet/satt i karantene. Her er loggen fra HJThis: Logfile of HijackThis v1.99.1 Scan saved at 14:59:33, on 28.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\NetLimiter 2 Pro\NLClient.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\FlashGet\FlashGet.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\psys.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\MagicDisc\MagicDisc.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\Programfiler\Opera\Opera.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Absent\Skrivebord\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programfiler\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {856E36A9-A123-418A-A2CC-A05B3BF11AB9} - (no file) O2 - BHO: (no name) - {98DB4937-A030-443A-BAF5-3E81A862EAEb} - C:\WINDOWS\system32\ijuyyhfn.dll (file missing) O2 - BHO: (no name) - {A2B98A1C-4FEF-4736-88A0-5959F6C07E49} - (no file) O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programfiler\FlashGet\getflash.dll O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Flashget] C:\Programfiler\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Microsoft Personal Security] psys.exe O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\nwcbewdv.dll",realset O4 - HKLM\..\RunServices: [Microsoft Personal Security] psys.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Last ned alle med FlashGet - C:\Programfiler\FlashGet\jc_all.htm O8 - Extra context menu item: &Last ned med FlashGet - C:\Programfiler\FlashGet\jc_link.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programfiler\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programfiler\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe ---------- Loggen fra SAS: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/28/2007 at 02:54 PM Application Version : 3.7.1018 Core Rules Database Version : 3225 Trace Rules Database Version: 1236 Scan type : Complete Scan Total Scan Time : 00:16:52 Memory items scanned : 418 Memory threats detected : 3 Registry items scanned : 3651 Registry threats detected : 28 File items scanned : 25292 File threats detected : 24 Adware.Vundo Variant C:\WINDOWS\SYSTEM32\DDABX.DLL C:\WINDOWS\SYSTEM32\DDABX.DLL HKLM\Software\Classes\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4} HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4} HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}\InprocServer32 HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\SBLRFVEA.DLL HKLM\Software\Classes\CLSID\{67C55A8D-E808-4caa-9EA7-F77102DE0BB6} HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6} HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32 HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\TXSMDAEY.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2B98A1C-4FEF-4736-88A0-5959F6C07E49} HKCR\CLSID\{A2B98A1C-4FEF-4736-88A0-5959F6C07E49} HKCR\CLSID\{A2B98A1C-4FEF-4736-88A0-5959F6C07E49}\InprocServer32 HKCR\CLSID\{A2B98A1C-4FEF-4736-88A0-5959F6C07E49}\InprocServer32#ThreadingModel Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddabx HKCR\CLSID\{1557B435-8242-4686-9AA3-9265BF7525A4} HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6} Trojan.Downloader-Gen/HardFall C:\WINDOWS\SYSTEM32\TUVSQQO.DLL C:\WINDOWS\SYSTEM32\TUVSQQO.DLL HKLM\Software\Classes\CLSID\{856E36A9-A123-418A-A2CC-A05B3BF11AB9} HKCR\CLSID\{856E36A9-A123-418A-A2CC-A05B3BF11AB9} HKCR\CLSID\{856E36A9-A123-418A-A2CC-A05B3BF11AB9}\InprocServer32 HKCR\CLSID\{856E36A9-A123-418A-A2CC-A05B3BF11AB9}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856E36A9-A123-418A-A2CC-A05B3BF11AB9} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{856E36A9-A123-418A-A2CC-A05B3BF11AB9} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\tuvsqqo C:\WINDOWS\SYSTEM32\NNNMNML.DLL C:\WINDOWS\SYSTEM32\OPNOPML.DLL Trojan.Downloader-Gen/LIB C:\WINDOWS\SYSTEM32\KPTWOMQV.DLL C:\WINDOWS\SYSTEM32\KPTWOMQV.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D651AFF4-9590-424d-BD1E-8E33E090DFB3} HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3} HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32 HKCR\CLSID\{D651AFF4-9590-424D-BD1E-8E33E090DFB3}\InprocServer32#ThreadingModel C:\SYSTEM VOLUME INFORMATION\_RESTORE{153C09AA-B4C2-4CF8-AC4C-5178DFD90437}\RP37\A0002860.DLL Trojan.Downloader-Gen/TaskMgr-Fake [Microsoft System Service] C:\WINDOWS\SYSTEM32\TASKMGR1.EXE C:\WINDOWS\SYSTEM32\TASKMGR1.EXE [Microsoft System Service] C:\WINDOWS\SYSTEM32\TASKMGR1.EXE Adware.Tracking Cookie C:\Documents and Settings\Absent\Cookies\absent@mediaplex[1].txt C:\Documents and Settings\Absent\Cookies\[email protected][1].txt C:\Documents and Settings\Absent\Cookies\[email protected][2].txt C:\Documents and Settings\Absent\Cookies\absent@doubleclick[1].txt C:\Documents and Settings\Absent\Cookies\absent@cpvfeed[2].txt Trojan.Downloader-SpyTool C:\DOCUMENTS AND SETTINGS\ABSENT\LOKALE INNSTILLINGER\TEMP\AYIFVGOF.DLL C:\DOCUMENTS AND SETTINGS\ABSENT\LOKALE INNSTILLINGER\TEMP\BCKVRLPQ.DLL C:\DOCUMENTS AND SETTINGS\ABSENT\LOKALE INNSTILLINGER\TEMP\HPFVKOPP.DLL C:\DOCUMENTS AND SETTINGS\ABSENT\LOKALE INNSTILLINGER\TEMP\RGGVIUOP.DLL C:\DOCUMENTS AND SETTINGS\ABSENT\LOKALE INNSTILLINGER\TEMP\RVFQSLHH.DLL C:\DOCUMENTS AND SETTINGS\ABSENT\LOKALE INNSTILLINGER\TEMP\SAIHBUXG.DLL Trace.Known Threat Sources C:\Documents and Settings\Absent\Lokale innstillinger\Temporary Internet Files\Content.IE5\092BCX27\styles[1].css C:\Documents and Settings\Absent\Lokale innstillinger\Temporary Internet Files\Content.IE5\092BCX27\index[2].htm C:\Documents and Settings\Absent\Lokale innstillinger\Temporary Internet Files\Content.IE5\092BCX27\checksoft[1].js C:\Documents and Settings\Absent\Lokale innstillinger\Temporary Internet Files\Content.IE5\092BCX27\index[1].htm ----------- Hva tror du om det? Etter jeg startet pcen på nytt så kjørte ikke taskmgr1.exe lengere, som jo er et godt tegn. --Snoelk Endret 28. april 2007 av SnoelK Lenke til kommentar
norbat Skrevet 28. april 2007 Del Skrevet 28. april 2007 Det se mye bedre ut, ja. SAS fikk rensket ut mye, men det ligger noe småpirk tilbake så gjør følgende: Hent Combofix og legg det på skrivebordet. Lukk alle andre programmer. Kjør programmet. Ikke klikk på noe annet. Når programmet er ferdig åpnes en loggfil: combofix.txt Den loggfilen poster du senere. Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Vi skal sjekke to filer. Gå til http://virusscan.jotti.org/. Øverst på den siden, kan du 'upload' filer. Gjør det med følgende to filer: C:\WINDOWS\system32\psys.exe C:\WINDOWS\system32\nwcbewdv.dll Du vil få et resultat som forteller om filene er infisert. Hvis det ikke blir funnet noe knyttet til filene, utelater du det som er skrevet i blått under, foreløpig. Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {856E36A9-A123-418A-A2CC-A05B3BF11AB9} - (no file) O2 - BHO: (no name) - {98DB4937-A030-443A-BAF5-3E81A862EAEb} - C:\WINDOWS\system32\ijuyyhfn.dll (file missing) O2 - BHO: (no name) - {A2B98A1C-4FEF-4736-88A0-5959F6C07E49} - (no file) O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file) O4 - HKLM\..\Run: [Microsoft Personal Security] psys.exe O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\nwcbewdv.dll",realset O4 - HKLM\..\RunServices: [Microsoft Personal Security] psys.exe Restart i sikker modus (tapp F8 under oppstart) Bruk utforsker til å finne og slette (i fet): C:\WINDOWS\system32\psys.exe C:\WINDOWS\system32\nwcbewdv.dll Restart i normal tilstand Post en ny HJT-logg + loggen fra Combofix. Lenke til kommentar
SnoelK Skrevet 29. april 2007 Forfatter Del Skrevet 29. april 2007 (endret) Nice. Fant ikke psys.exe i \system32, men gjorde d du sa med nwcbewdv.dll. Og ja, jeg kunne se skjulte filer og mapper prøvde å søke etter den også, men fant den ikke. vet ikke om det er et godt tegn eller ikke. Uansett så klarte jeg å starte pcen i sikker modus, noe jeg ikke klarte tidligere. Her er logg fra HJthis etter sletting av nwcbewdv.dll: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 03:43:21, on 29.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\FlashGet\FlashGet.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\psys.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe C:\Programfiler\MagicDisc\MagicDisc.exe C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\NetLimiter 2 Pro\NLClient.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Opera\Opera.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Absent\Skrivebord\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programfiler\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {98DB4937-A030-443A-BAF5-3E81A862EAEb} - C:\WINDOWS\system32\ijuyyhfn.dll (file missing) O2 - BHO: (no name) - {A2B98A1C-4FEF-4736-88A0-5959F6C07E49} - (no file) O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programfiler\FlashGet\getflash.dll O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Flashget] C:\Programfiler\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Microsoft Personal Security] psys.exe O4 - HKLM\..\RunServices: [Microsoft Personal Security] psys.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Last ned alle med FlashGet - C:\Programfiler\FlashGet\jc_all.htm O8 - Extra context menu item: &Last ned med FlashGet - C:\Programfiler\FlashGet\jc_link.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programfiler\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programfiler\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Her er logg fra combofix før jeg sletta den fila: Klikk for å se/fjerne innholdet nedenfor "Absent" - 07-04-29 3:28:21 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Absent\Skrivebord\" ((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-29 )))))))))))))))))))))))))))))))))) 2007-04-27 22:47 603,504 ---hs---- C:\WINDOWS\system32\xbadd.ini2 2007-04-27 22:06 <DIR> d-------- C:\Programfiler\Opera 2007-04-27 22:06 <DIR> d-------- C:\DOCUME~1\Absent\PROGRA~1\Opera 2007-04-27 02:30 <DIR> d-------- C:\DOCUME~1\Absent\PROGRA~1\vlc 2007-04-27 01:46 <DIR> d-------- C:\Programfiler\VideoLAN 2007-04-27 01:10 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-04-27 01:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-04-27 01:10 <DIR> d-------- C:\DOCUME~1\Absent\PROGRA~1\SUPERAntiSpyware.com 2007-04-27 00:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Spybot - Search & Destroy 2007-04-26 17:57 <DIR> d-------- C:\DOCUME~1\Absent\PROGRA~1\Locktime 2007-04-26 15:25 <DIR> d-------- C:\Programfiler\NetLimiter 2 Pro 2007-04-26 15:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Locktime 2007-04-26 13:43 132,660 --a------ C:\WINDOWS\system32\nwcbewdv.dll 2007-04-23 23:24 <DIR> d-------- C:\DOCUME~1\Absent\PROGRA~1\Lavasoft 2007-04-23 23:23 <DIR> d-------- C:\Programfiler\Lavasoft 2007-04-23 23:23 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-04-23 23:21 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat 2007-04-21 13:42 668,401 ---hs---- C:\WINDOWS\system32\xbadd.bak2 2007-04-19 00:08 360 --a------ C:\drmHeader.bin 2007-04-15 17:05 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment 2007-04-12 13:40 604,726 ---hs---- C:\WINDOWS\system32\xbadd.bak1 2007-04-12 13:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\FLEXnet 2007-04-12 13:18 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-04-12 13:18 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-04-12 13:18 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-04-12 13:18 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-04-12 13:18 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys 2007-04-12 13:18 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-04-12 13:18 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-04-12 13:18 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-04-12 13:18 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-04-12 13:18 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-04-12 13:17 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2007-04-12 11:16 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2007-04-12 11:16 <DIR> d-------- C:\Programfiler\Bonjour 2007-04-12 11:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Adobe Systems 2007-04-12 10:59 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-04-12 10:59 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared 2007-04-07 13:37 <DIR> d--hs---- C:\WINDOWS\CSC 2007-04-05 03:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-04-05 03:00 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-04-04 20:31 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-04-04 19:41 <DIR> d-------- C:\DOCUME~1\Absent\PROGRA~1\DivX 2007-04-04 19:37 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-04-04 19:37 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-04-04 19:37 <DIR> d-------- C:\Programfiler\XviD 2007-04-04 19:36 <DIR> d-------- C:\Programfiler\DivX 2007-04-04 19:30 <DIR> d-------- C:\Programfiler\DC++ 2007-04-04 19:22 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-04-04 19:22 <DIR> d-------- C:\DOCUME~1\Absent\Contacts 2007-04-04 19:21 <DIR> d-------- C:\Programfiler\MSN Messenger 2007-04-04 19:19 92,160 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys 2007-04-04 19:19 <DIR> d-------- C:\Programfiler\MagicDisc 2007-04-04 19:18 57,344 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-04-04 19:18 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-04-04 19:18 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-04-04 19:17 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2007-04-04 19:17 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2007-04-04 19:16 <DIR> d--hs---- C:\WINDOWS\Installer 2007-04-04 19:16 <DIR> d-------- C:\Programfiler\MagicISO 2007-04-04 19:16 <DIR> d-------- C:\Programfiler\Fellesfiler\ODBC 2007-04-04 19:15 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-04-04 19:15 9,008 --a------ C:\WINDOWS\system\VER.DLL 2007-04-04 19:15 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-04-04 19:15 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-04-04 19:15 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-04-04 19:15 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-04-04 19:15 74,752 --a------ C:\WINDOWS\system32\storprop.dll 2007-04-04 19:15 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll 2007-04-04 19:15 69,824 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-04-04 19:15 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-04-04 19:15 68,976 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-04-04 19:15 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll 2007-04-04 19:15 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll 2007-04-04 19:15 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll 2007-04-04 19:15 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll 2007-04-04 19:15 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll 2007-04-04 19:15 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-04-04 19:15 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll 2007-04-04 19:15 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll 2007-04-04 19:15 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll 2007-04-04 19:15 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL 2007-04-04 19:15 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-04-04 19:15 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-04-04 19:15 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-04-04 19:15 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-04-04 19:15 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-04-04 19:15 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-04-04 19:15 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-04-04 19:15 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll 2007-04-04 19:15 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll 2007-04-04 19:15 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-04-04 19:15 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-04-04 19:15 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-04-04 19:15 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-04-04 19:15 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll 2007-04-04 19:15 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-04-04 19:15 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-04-04 19:15 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-04-04 19:15 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-04-04 19:15 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-04-04 19:15 33,072 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-04-04 19:15 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-04-04 19:15 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-04-04 19:15 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-04-04 19:15 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-04-04 19:15 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-04-04 19:15 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-04-04 19:15 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-04-04 19:15 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-04-04 19:15 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-04-04 19:15 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-04-04 19:15 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Programdata 2007-04-04 19:15 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Lokale innstillinger 2007-04-04 19:15 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Programdata 2007-04-04 19:15 <DIR> dr------- C:\Programfiler 2007-04-04 19:15 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Start-meny 2007-04-04 19:15 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Start-meny 2007-04-04 19:15 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenter 2007-04-04 19:15 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Skrivere 2007-04-04 19:15 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Siste 2007-04-04 19:15 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Maler 2007-04-04 19:15 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\AndrMask 2007-04-04 19:15 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Maler 2007-04-04 19:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-04-04 19:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2007-04-04 19:15 <DIR> d-------- C:\Programfiler\Fellesfiler\SpeechEngines 2007-04-04 19:15 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Skrivebord 2007-04-04 19:15 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Mine dokumenter 2007-04-04 19:15 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Favoritter 2007-04-04 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Skrivebord 2007-04-04 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Favoritter 2007-04-04 19:14 <DIR> d--hs---- C:\System Volume Information 2007-04-04 19:14 <DIR> d-------- C:\Programfiler\FlashGet 2007-04-04 19:14 <DIR> d-------- C:\Documents and Settings 2007-04-04 19:11 0 --a------ C:\WINDOWS\nsreg.dat 2007-04-04 19:09 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache 2007-04-04 19:09 <DIR> dr--s---- C:\WINDOWS\Fonts 2007-04-04 19:09 <DIR> dr------- C:\WINDOWS\Web 2007-04-04 19:09 <DIR> d--h----- C:\WINDOWS\inf 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\WinSxS 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\twain_32 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\wins 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\wbem 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\usmt 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\spool 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\ShellExt 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\Setup 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\ras 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\oobe 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\npp 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\mui 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\inetsrv 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\IME 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\icsxml 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\ias 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\export 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\drivers\etc 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\drivers 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\dhcp 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\config 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\3com_dmi 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\3076 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\2052 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\1054 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\1044 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\1042 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\1041 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\1037 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\1033 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\1031 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\1028 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32\1025 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system32 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\system 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\security 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\Resources 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\repair 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\Provisioning 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\PeerNet 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\pchealth 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\mui 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\msapps 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\msagent 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\Media 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\ime 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\Help 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\ehome 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\Driver Cache 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\Debug 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\Cursors 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\Connection Wizard 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\Config 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\AppPatch 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS\addins 2007-04-04 19:09 <DIR> d-------- C:\WINDOWS 2007-04-04 19:04 <DIR> d-------- C:\DOCUME~1\Absent\PROGRA~1\Logitech 2007-04-04 19:02 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-04-04 19:02 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-04-04 19:02 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-04-04 18:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-04-04 18:58 68,992 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys 2007-04-04 18:58 52,992 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS 2007-04-04 18:58 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-04-04 18:58 49,152 --a------ C:\WINDOWS\KHALMNPR.Exe 2007-04-04 18:58 36,480 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys 2007-04-04 18:58 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-04-04 18:58 24,704 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys 2007-04-04 18:58 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys 2007-04-04 18:58 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-04-04 18:58 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll 2007-04-04 18:58 <DIR> d-------- C:\Programfiler\Logitech 2007-04-04 18:58 <DIR> d-------- C:\Programfiler\Fellesfiler\Logitech 2007-04-04 18:56 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2007-04-04 18:55 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-04-04 18:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-04-04 18:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-04-04 18:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Windows Genuine Advantage 2007-04-04 18:50 <DIR> d--hs---- C:\RECYCLER 2007-04-04 18:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\NVIDIA 2007-04-04 18:48 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-04-04 18:48 <DIR> d-------- C:\WINDOWS\nview 2007-04-04 18:48 <DIR> d-------- C:\NVIDIA 2007-04-04 18:43 90,112 --------- C:\WINDOWS\Updreg.EXE 2007-04-04 18:43 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-04-04 18:43 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-04-04 18:43 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-04-04 18:43 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-04-04 18:43 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-04-04 18:43 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-04-04 18:43 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-04-04 18:43 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-04-04 18:43 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-04-04 18:42 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-04-04 18:42 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-04-04 18:42 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-04-04 18:42 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-04-04 18:42 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-04-04 18:42 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll 2007-04-04 18:42 11,264 --a------ C:\WINDOWS\INRES.DLL 2007-04-04 18:42 <DIR> d-------- C:\WINDOWS\system32\Data 2007-04-04 18:41 <DIR> d-------- C:\WINDOWS\RegisteredPackages 2007-04-04 18:41 <DIR> d-------- C:\Programfiler\Creative 2007-04-04 18:40 <DIR> d--h----- C:\Programfiler\InstallShield Installation Information 2007-04-04 18:39 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-04-04 18:37 180,480 -ra------ C:\WINDOWS\system32\drivers\yk51x86.sys 2007-04-04 18:35 93,568 -ra------ C:\WINDOWS\system32\drivers\nvata.sys 2007-04-04 18:35 33,280 -ra------ C:\WINDOWS\system32\NVCOI.DLL 2007-04-04 18:35 289,792 -ra------ C:\WINDOWS\system32\idecoins.dll 2007-04-04 18:35 289,792 -ra------ C:\WINDOWS\system32\idecoi.dll 2007-04-04 18:35 208,896 --a------ C:\WINDOWS\system32\nvuide.exe 2007-04-04 18:34 9,728 -ra------ C:\WINDOWS\system32\bdco1ins.dll 2007-04-04 18:34 9,728 -ra------ C:\WINDOWS\system32\bdco1.dll 2007-04-04 18:34 33,664 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys 2007-04-04 18:34 33,280 -ra------ C:\WINDOWS\system32\nvconrmins.dll 2007-04-04 18:34 33,280 -ra------ C:\WINDOWS\system32\nvconrm.dll 2007-04-04 18:34 283,136 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys 2007-04-04 18:34 209,920 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2007-04-04 18:34 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe 2007-04-04 18:34 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe 2007-04-04 18:34 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-04-04 18:34 202,240 -ra------ C:\WINDOWS\system32\fdco1ins.dll 2007-04-04 18:34 202,240 -ra------ C:\WINDOWS\system32\fdco1.dll 2007-04-04 18:34 12,928 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2007-04-04 18:34 101,120 -ra------ C:\WINDOWS\system32\drivers\nvtcp.sys 2007-04-04 18:33 36,352 -ra------ C:\WINDOWS\system32\drivers\AmdK8.sys 2007-04-04 18:33 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups 2007-04-04 18:33 <DIR> d-------- C:\Programfiler\Fellesfiler\InstallShield 2007-04-04 18:31 1,572,864 --ah----- C:\DOCUME~1\Absent\NTUSER.DAT 2007-04-04 18:31 <DIR> dr-h----- C:\DOCUME~1\Absent\Siste 2007-04-04 18:31 <DIR> dr-h----- C:\DOCUME~1\Absent\Programdata 2007-04-04 18:31 <DIR> dr------- C:\DOCUME~1\Absent\Start-meny 2007-04-04 18:31 <DIR> dr------- C:\DOCUME~1\Absent\Mine dokumenter 2007-04-04 18:31 <DIR> dr------- C:\DOCUME~1\Absent\Favoritter 2007-04-04 18:31 <DIR> d--h----- C:\DOCUME~1\Absent\Skrivere 2007-04-04 18:31 <DIR> d--h----- C:\DOCUME~1\Absent\Maler 2007-04-04 18:31 <DIR> d--h----- C:\DOCUME~1\Absent\Lokale innstillinger 2007-04-04 18:31 <DIR> d--h----- C:\DOCUME~1\Absent\AndrMask 2007-04-04 18:31 <DIR> d-------- C:\DOCUME~1\Absent\Skrivebord 2007-04-04 18:30 225,280 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-04-04 18:30 <DIR> d--h----- C:\DOCUME~1\LOCALS~1\Lokale innstillinger 2007-04-04 18:30 <DIR> d-------- C:\WINDOWS\SoftwareDistribution 2007-04-04 18:30 <DIR> d-------- C:\WINDOWS\Prefetch 2007-04-04 18:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Programdata 2007-04-04 18:16 225,280 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-04-04 18:16 <DIR> d--h----- C:\DOCUME~1\NETWOR~1\Lokale innstillinger 2007-04-04 18:16 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Programdata 2007-04-04 18:13 225,280 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-04-04 18:13 0 -rahs---- C:\MSDOS.SYS 2007-04-04 18:13 0 -rahs---- C:\IO.SYS 2007-04-04 18:13 0 --a------ C:\CONFIG.SYS 2007-04-04 18:13 0 --a------ C:\AUTOEXEC.BAT 2007-04-04 18:13 <DIR> d-------- C:\WINDOWS\system32\xircom 2007-04-04 18:13 <DIR> d-------- C:\Programfiler\microsoft frontpage 2007-04-04 18:12 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-04-04 18:12 <DIR> dr------- C:\WINDOWS\Offline Web Pages 2007-04-04 18:12 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM 2007-04-04 18:12 <DIR> d--h----- C:\Programfiler\WindowsUpdate 2007-04-04 18:12 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files 2007-04-04 18:12 <DIR> d-------- C:\Programfiler\Elektroniske tjenester 2007-04-04 18:11 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-04-04 18:11 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-04-04 18:11 73,344 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-04-04 18:11 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-04-04 18:11 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-04-04 18:11 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-04-04 18:11 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-04-04 18:11 64,512 --a------ C:\WINDOWS\system32\acctres.dll 2007-04-04 18:11 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-04-04 18:11 47,616 --a------ C:\WINDOWS\system32\inetres.dll 2007-04-04 18:11 465,176 --a------ C:\WINDOWS\system32\wuapi.dll 2007-04-04 18:11 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-04-04 18:11 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-04-04 18:11 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-04-04 18:11 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-04-04 18:11 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-04-04 18:11 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-04-04 18:11 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-04-04 18:11 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-04-04 18:11 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-04-04 18:11 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-04-04 18:11 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-04-04 18:11 240,128 --a------ C:\WINDOWS\system32\srrstr.dll 2007-04-04 18:11 23,040 --a------ C:\WINDOWS\system32\fltmc.exe 2007-04-04 18:11 194,840 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-04-04 18:11 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-04-04 18:11 174,360 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-04-04 18:11 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-04-04 18:11 170,496 --a------ C:\WINDOWS\system32\srsvc.dll 2007-04-04 18:11 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-04-04 18:11 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-04-04 18:11 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2007-04-04 18:11 127,768 --a------ C:\WINDOWS\system32\wucltui.dll 2007-04-04 18:11 124,696 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-04-04 18:11 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-04-04 18:11 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-04-04 18:11 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-04-04 18:11 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-04-04 18:11 <DIR> d---s---- C:\WINDOWS\Tasks 2007-04-04 18:11 <DIR> d-------- C:\WINDOWS\system32\Restore 2007-04-04 18:11 <DIR> d-------- C:\WINDOWS\system32\Macromed 2007-04-04 18:11 <DIR> d-------- C:\WINDOWS\system32\DirectX 2007-04-04 18:11 <DIR> d-------- C:\WINDOWS\srchasst 2007-04-04 18:11 <DIR> d-------- C:\Programfiler\Movie Maker 2007-04-04 18:11 <DIR> d-------- C:\Programfiler\Fellesfiler\Tjenester 2007-04-04 18:11 <DIR> d-------- C:\Programfiler\Fellesfiler\MSSoap 2007-04-04 18:10 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2007-04-04 18:10 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-04-04 18:10 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-04-04 18:10 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-04-04 18:10 275,968 --a------ C:\WINDOWS\system32\mstask.dll 2007-04-04 18:10 21,704 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-04-04 18:10 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-04-04 18:10 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-04-04 18:10 <DIR> d-------- C:\WINDOWS\Registration 2007-04-04 18:10 <DIR> d-------- C:\Programfiler\Messenger 2007-04-04 18:09 97,792 --a------ C:\WINDOWS\system32\comrepl.dll 2007-04-04 18:09 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-04-04 18:09 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-04-04 18:09 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-04-04 18:09 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-04-04 18:09 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-04-04 18:09 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-04-04 18:09 80,384 --a------ C:\WINDOWS\system32\charmap.exe 2007-04-04 18:09 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-04-04 18:09 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-04-04 18:09 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-04-04 18:09 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-04-04 18:09 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-04-04 18:09 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-04-04 18:09 60,928 --a------ C:\WINDOWS\system32\remotepg.dll 2007-04-04 18:09 60,416 --a------ C:\WINDOWS\system32\colbact.dll 2007-04-04 18:09 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-04-04 18:09 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-04-04 18:09 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-04-04 18:09 56,832 --a------ C:\WINDOWS\system32\sol.exe 2007-04-04 18:09 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-04-04 18:09 55,296 --a------ C:\WINDOWS\system32\freecell.exe 2007-04-04 18:09 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-04-04 18:09 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-04-04 18:09 538,624 --a------ C:\WINDOWS\system32\spider.exe 2007-04-04 18:09 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-04-04 18:09 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-04-04 18:09 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-04-04 18:09 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-04-04 18:09 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-04-04 18:09 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-04-04 18:09 408,064 --a------ C:\WINDOWS\system32\mstsc.exe 2007-04-04 18:09 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-04-04 18:09 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-04-04 18:09 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-04-04 18:09 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-04-04 18:09 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-04-04 18:09 348,672 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-04-04 18:09 344,064 --a------ C:\WINDOWS\system32\mspaint.exe 2007-04-04 18:09 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-04-04 18:09 294,912 --a------ C:\WINDOWS\system32\termsrv.dll 2007-04-04 18:09 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-04-04 18:09 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-04-04 18:09 228,864 --a------ C:\WINDOWS\system32\avtapi.dll 2007-04-04 18:09 225,792 --a------ C:\WINDOWS\system32\catsrv.dll 2007-04-04 18:09 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-04-04 18:09 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-04-04 18:09 20,992 --a------ C:\WINDOWS\system32\msg.exe 2007-04-04 18:09 20,480 --a------ C:\WINDOWS\system32\qprocess.exe 2007-04-04 18:09 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-04-04 18:09 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-04-04 18:09 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-04-04 18:09 186,368 --a------ C:\WINDOWS\system32\cmprops.dll 2007-04-04 18:09 185,344 --a------ C:\WINDOWS\system32\accwiz.exe 2007-04-04 18:09 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-04-04 18:09 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-04-04 18:09 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-04-04 18:09 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-04-04 18:09 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-04-04 18:09 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-04-04 18:09 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-04-04 18:09 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-04-04 18:09 15,360 --a------ C:\WINDOWS\system32\logoff.exe 2007-04-04 18:09 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-04-04 18:09 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-04-04 18:09 140,288 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-04-04 18:09 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-04-04 18:09 14,848 --a------ C:\WINDOWS\system32\tscon.exe 2007-04-04 18:09 14,848 --a------ C:\WINDOWS\system32\shadow.exe 2007-04-04 18:09 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-04-04 18:09 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-04-04 18:09 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-04-04 18:09 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-04-04 18:09 127,488 --a------ C:\WINDOWS\system32\mshearts.exe 2007-04-04 18:09 123,392 --a------ C:\WINDOWS\system32\mplay32.exe 2007-04-04 18:09 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-04-04 18:09 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-04-04 18:09 114,688 --a------ C:\WINDOWS\system32\calc.exe 2007-04-04 18:09 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-04-04 18:09 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-04-04 18:09 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-04-04 18:09 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-04-04 18:09 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-04-04 18:09 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-04-04 18:09 <DIR> d-------- C:\WINDOWS\system32\MsDtc 2007-04-04 18:09 <DIR> d-------- C:\WINDOWS\system32\Com 2007-04-04 18:09 <DIR> d-------- C:\Programfiler\Windows NT 2007-04-04 18:09 <DIR> d-------- C:\Programfiler\MSN Gaming Zone (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-06 03:13 46338 --a------ C:\WINDOWS\system32\perfc014.dat 2007-04-06 03:13 318982 --a------ C:\WINDOWS\system32\perfh014.dat 2007-04-04 19:15 62 --ahs---- C:\DOCUME~1\Absent\PROGRA~1\desktop.ini 2007-03-17 15:45 292864 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 17:39 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:39 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:39 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:38 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-05 22:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Programfiler\FlashGet\jccatch.dll {53707962-6F74-2D53-2644-206D7942484F} C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll {98DB4937-A030-443A-BAF5-3E81A862EAEb} C:\WINDOWS\system32\ijuyyhfn.dll [x] {F156768E-81EF-470C-9057-481BA8380DBA} C:\Programfiler\FlashGet\getflash.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "P17Helper"="Rundll32 P17.dll,P17Helper" "UpdReg"="C:\\WINDOWS\\UpdReg.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "nod32kui"="\"C:\\Programfiler\\Eset\\nod32kui.exe\" /WAITSERVICE" "Flashget"="C:\\Programfiler\\FlashGet\\FlashGet.exe /min" "Adobe Photo Downloader"="\"C:\\Programfiler\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "Microsoft Personal Security"="psys.exe" "InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\nwcbewdv.dll\",realset" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Programfiler\\MSN Messenger\\MsnMsgr.Exe\" /background" "MSMSGS"="\"C:\\Programfiler\\Messenger\\msmsgs.exe\" /background" "SUPERAntiSpyware"="C:\\Programfiler\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Microsoft Personal Security"="psys.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-29 03:29:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-29 3:29:22 C:\ComboFix-quarantined-files.txt ... 07-04-29 03:29 Endret 29. april 2007 av SnoelK Lenke til kommentar
norbat Skrevet 29. april 2007 Del Skrevet 29. april 2007 Hei, vi nærmer oss Avinstaller fra legg til fjern programmer (hvis den finnes): Flashget Hent VirtumunoBeGone.exe Lukk alle andre programmer, dobbeltklikk på VirtumundoBeGone.exe på skrivebordet, klikk på Continue, klikk på Start. Klikk på Yes for at kjøre fixet. Klikk så på 'Save log'. Det kan skje at fixet avslutter med "BSOD"(blå skjerm og frosset PC). Ta bare å restart (bruk evt. av/på-knappen på pc'n). På skrivebordet vil det komme en tekstfil som heter VBG.TXT ------------------------------ Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\psys.exe C:\WINDOWS\system32\ijuyyhfn.dll Folders to delete: C:\Programfiler\FlashGet Klikk på Trafikklyset. Restart pc'n. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked' O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {98DB4937-A030-443A-BAF5-3E81A862EAEb} - C:\WINDOWS\system32\ijuyyhfn.dll (file missing) O2 - BHO: (no name) - {A2B98A1C-4FEF-4736-88A0-5959F6C07E49} - (no file) O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file) O4 - HKLM\..\Run: [Flashget] C:\Programfiler\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [Microsoft Personal Security] psys.exe O4 - HKLM\..\RunServices: [Microsoft Personal Security] psys.exe Restart pc'n og post en ny HJT-logg. Lenke til kommentar
SnoelK Skrevet 29. april 2007 Forfatter Del Skrevet 29. april 2007 Heihei, litt av en prosess dette her VBG.txt: Klikk for å se/fjerne innholdet nedenfor [04/29/2007, 23:08:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Absent\Skrivebord\VirtumundoBeGone.exe" ) [04/29/2007, 23:08:34] - Detected System Information: [04/29/2007, 23:08:34] - Windows Version: 5.1.2600, Service Pack 2 [04/29/2007, 23:08:34] - Current Username: Absent (Admin) [04/29/2007, 23:08:34] - Windows is in NORMAL mode. [04/29/2007, 23:08:34] - Searching for Browser Helper Objects: [04/29/2007, 23:08:34] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [04/29/2007, 23:08:34] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} () [04/29/2007, 23:08:34] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/29/2007, 23:08:34] - Checking for HKLM\...\Winlogon\Notify\SDHelper [04/29/2007, 23:08:34] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [04/29/2007, 23:08:34] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [04/29/2007, 23:08:34] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/29/2007, 23:08:34] - No filename found. Continuing. [04/29/2007, 23:08:34] - BHO 4: {98DB4937-A030-443A-BAF5-3E81A862EAEb} () [04/29/2007, 23:08:34] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/29/2007, 23:08:34] - Checking for HKLM\...\Winlogon\Notify\ijuyyhfn [04/29/2007, 23:08:34] - Key not found: HKLM\...\Winlogon\Notify\ijuyyhfn, continuing. [04/29/2007, 23:08:34] - BHO 5: {A2B98A1C-4FEF-4736-88A0-5959F6C07E49} () [04/29/2007, 23:08:34] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/29/2007, 23:08:34] - No filename found. Continuing. [04/29/2007, 23:08:34] - BHO 6: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} () [04/29/2007, 23:08:34] - WARNING: BHO has no default name. Checking for Winlogon reference. [04/29/2007, 23:08:34] - No filename found. Continuing. [04/29/2007, 23:08:34] - Finished Searching Browser Helper Objects [04/29/2007, 23:08:34] - Finishing up... [04/29/2007, 23:08:34] - Nothing found! Exiting... --- Avenger: Klikk for å se/fjerne innholdet nedenfor Logfile of The Avenger version 1, by Swandog46Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\dxrpeoab ******************* Script file located at: \??\C:\WINDOWS\system32\alucgbhx.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\psys.exe deleted successfully. File C:\WINDOWS\system32\ijuyyhfn.dll not found! Deletion of file C:\WINDOWS\system32\ijuyyhfn.dll failed! Could not process line: C:\WINDOWS\system32\ijuyyhfn.dll Status: 0xc0000034 Folder C:\Programfiler\FlashGet deleted successfully. Completed script processing. ******************* Finished! Terminate. ---- HJThis etter siste restart: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 23:20:41, on 29.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\NetLimiter 2 Pro\NLClient.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\Programfiler\MagicDisc\MagicDisc.exe C:\Documents and Settings\Absent\Skrivebord\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe --Snoelk Lenke til kommentar
norbat Skrevet 29. april 2007 Del Skrevet 29. april 2007 Se så, da skulle vi være i mål. Loggen er ren Du bør gjøre dette: Hent CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker', helt til det ikke finner flere feil. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Fortell hvordan pc'n kjører nå. Lenke til kommentar
SnoelK Skrevet 29. april 2007 Forfatter Del Skrevet 29. april 2007 Fantastisk! Gjorde som du sa med ccleaner og systemgjenoppretting. Pcen kjører som en drøm nå. Ingen pop-ups eller noe. Men hva bør jeg gjøre for å hindre fremtidige infiseringer? Noen Antispy-/adware-, AV- og FWprogrammer du anbefaler for et tryggest mulig system? Vil gjerne fortsette med NOD32 da jeg er meget fornøyd med det. Og så til tusenkronerspørsmålet, hva er taskmgr1.exe? Hva gjør den? Mvh. Snoelk Lenke til kommentar
norbat Skrevet 30. april 2007 Del Skrevet 30. april 2007 NOD32 er et bra program, så det synes jeg du bør fortsette med. Hva man bør ha i tillegg er vanskelig å gi noen fasit på. Det kommer litt an på brukeren. SAS (gratisversjonen) anbefaler jeg gjerne i tillegg til at man kan kjøre CCleaner ved jevne mellomrom. Taskmgr1.exe er en trojaner. Hva den eksakt gjør vet jeg ikke, men trojanere generelt har gjerne som funksjon å gi tilgang til systemet ditt - samle informasjon om systemet ditt og hva du foretar deg på pc'n etc. I tillegg kan det senke sikkerheten drastisk på pc som igjen kan åpne opp for mye annet rusk. Lenke til kommentar
Kjetil Lura Skrevet 30. april 2007 Del Skrevet 30. april 2007 Ville også installer Spywareblaster og Advanced WindowsCare V2 Personal. Har ikke problemer med spyware og annet dritt. Eg tar også å blokkere alle cookiene som kommer inn via IE 7.0 eller firefox. De fleste sidene funker om du blokkerer cookiene. Lenke til kommentar
SnoelK Skrevet 30. april 2007 Forfatter Del Skrevet 30. april 2007 Det høres bra ut. Tusen takk for kjempegod hjelp. Skal skjerpe meg i fremtiden Moralen er vel egentlig at man skal ikke laste ned hva som helst hvor som helst. Man bør alltid vite hva man laster ned Igjen Norbat, tusen takk! --Snoelk Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå