m0g1e Skrevet 25. mai 2007 Del Skrevet 25. mai 2007 Halloen, Finner en rekke med tvilsomme programmer på en HJT-logg her. NOD32 viser også varsel om et og annet SpyWare.tool. HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:23, on 2007-05-25 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Eset\nod32kui.exe D:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe D:\Programfiler\Microsoft IntelliType Pro\type32.exe D:\WINDOWS\system32\ctfmon.exe C:\Programfiler\ObjectDock\ObjectDock.exe c:\Programfiler\Eset\nod32krn.exe D:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\S.T.A.L.K.E.R\bin\XR_3DA.exe D:\WINDOWS\system32\rundll32.exe \roger\source\Utilities\crap\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {35CB514C-B300-49D5-B614-F3FA4EC50EE6} - D:\WINDOWS\system32\geebx.dll (file missing) O2 - BHO: (no name) - {50B8B451-8638-4E85-9F8C-8E9B7485B739} - (no file) O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - D:\WINDOWS\system32\cfkcjbhc.dll O2 - BHO: (no name) - {6EC93FEF-A9B5-41F5-82D3-9C3E6BF0BD19} - D:\WINDOWS\system32\fccdccy.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {B230475E-E2F8-4DF8-AA4D-75437E9AF7A0} - D:\WINDOWS\system32\mllmj.dll O2 - BHO: (no name) - {D27FA8D3-2D84-4750-A881-8928F12A21EF} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nod32kui] "c:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [type32] "D:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [setup] rundll32.exe "D:\WINDOWS\system32\pnqxpwen.dll",realset O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\ObjectDock\ObjectDock.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: fccdccy - D:\WINDOWS\SYSTEM32\fccdccy.dll O20 - Winlogon Notify: geebx - D:\WINDOWS\system32\geebx.dll (file missing) O20 - Winlogon Notify: mllmj - D:\WINDOWS\system32\mllmj.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - c:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe -- End of file - 4622 bytes Lenke til kommentar
norbat Skrevet 25. mai 2007 Del Skrevet 25. mai 2007 (endret) Hei, nollie. Det var da voldsomt med infiserte pc'er du presenterer Hent Combofix og legg det på skrivebordet: Klikk: Start -> Kjør Kopier det som står under og lim det inn i 'kjør-vinduet': "%userprofile%\Skrivebord\ComboFix.exe" /v cfkcjbhc fccdccy mllmj pnqxpwen Klikk OK, og følg anvisningen. Ikke klikk på vinduet mens programmet kjører. Når programmet er ferdig åpnes en loggfil: combofix.txt Den loggfilen kan du poste sammen med en ny HJT-logg Endret 25. mai 2007 av norbat Lenke til kommentar
m0g1e Skrevet 25. mai 2007 Forfatter Del Skrevet 25. mai 2007 hehe. Vet. Har besøkt en kompiss i det siste som jeg sa jeg kunne hjelpe litt + at broren min "gadd ikke" fullføre hele rensen på sin data som jeg fortalte.... sitter derfor her igjen HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 23:59:21, on 25.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Eset\nod32kui.exe D:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe D:\Programfiler\Microsoft IntelliType Pro\type32.exe D:\WINDOWS\system32\ctfmon.exe C:\Programfiler\ObjectDock\ObjectDock.exe c:\Programfiler\Eset\nod32krn.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\wuauclt.exe \roger\source\Utilities\crap\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {35CB514C-B300-49D5-B614-F3FA4EC50EE6} - D:\WINDOWS\system32\geebx.dll (file missing) O2 - BHO: (no name) - {50B8B451-8638-4E85-9F8C-8E9B7485B739} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {D27FA8D3-2D84-4750-A881-8928F12A21EF} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nod32kui] "c:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [type32] "D:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\ObjectDock\ObjectDock.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: geebx - D:\WINDOWS\system32\geebx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - c:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe -- End of file - 4080 bytes ComboFix: Klikk for å se/fjerne innholdet nedenfor "Bruker" - 2007-05-25 23:54:53 Service Pack 2 ComboFix 07-05.26.V - Running from: "D:\Documents and Settings\bruker\Skrivebord\" Command switches used :: "/v cfkcjbhc fccdccy mllmj pnqxpwen" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) D:\WINDOWS\system32\cfkcjbhc.dll D:\WINDOWS\system32\jmllm.bak1 D:\WINDOWS\system32\jmllm.ini D:\WINDOWS\system32\ijllm.bak1 D:\WINDOWS\system32\ijllm.ini2 D:\WINDOWS\system32\ijllm.tmp D:\WINDOWS\system32\jmllm.bak1 D:\WINDOWS\system32\jmllm.ini D:\WINDOWS\system32\utstv.bak1 D:\WINDOWS\system32\utstv.ini2 D:\WINDOWS\system32\utstv.tmp D:\WINDOWS\system32\xbeeg.bak1 D:\WINDOWS\system32\xbeeg.ini2 D:\WINDOWS\system32\xbeeg.tmp D:\WINDOWS\system32\yycdd.bak1 D:\WINDOWS\system32\yycdd.ini D:\WINDOWS\system32\ijkkj.bak2 D:\WINDOWS\system32\ijkkj.ini2 D:\WINDOWS\system32\ijkkj.tmp D:\WINDOWS\system32\ijllm.bak1 D:\WINDOWS\system32\ijllm.ini2 D:\WINDOWS\system32\ijllm.tmp D:\WINDOWS\system32\utstv.bak1 D:\WINDOWS\system32\utstv.ini2 D:\WINDOWS\system32\utstv.tmp D:\WINDOWS\system32\xbeeg.bak1 D:\WINDOWS\system32\xbeeg.ini2 D:\WINDOWS\system32\xbeeg.tmp D:\WINDOWS\system32\fccdccy.dll D:\WINDOWS\system32\mllmj.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-25 )))))))))))))))))))))))))))))))))) 2007-05-24 22:17 672 --a------ D:\WINDOWS\mozver.dat 2007-05-24 22:17 <DIR> d-------- D:\Programfiler\DivX 2007-05-22 20:03 98,304 --a------ D:\WINDOWS\system32\CmdLineExt.dll 2007-05-21 21:53 68,888 --a------ D:\WINDOWS\system32\xinput1_3.dll 2007-05-21 21:53 62,744 --a------ D:\WINDOWS\system32\xinput1_2.dll 2007-05-21 21:53 251,672 --a------ D:\WINDOWS\system32\xactengine2_5.dll 2007-05-21 21:53 237,848 --a------ D:\WINDOWS\system32\xactengine2_4.dll 2007-05-21 21:53 236,824 --a------ D:\WINDOWS\system32\xactengine2_3.dll 2007-05-21 21:53 2,414,360 --a------ D:\WINDOWS\system32\d3dx9_31.dll 2007-05-21 21:53 2,297,552 --a------ D:\WINDOWS\system32\d3dx9_26.dll 2007-05-21 21:53 15,128 --a------ D:\WINDOWS\system32\x3daudio1_1.dll 2007-05-21 20:07 <DIR> d-------- D:\DOCUME~1\bruker\PROGRA~1\My Battle for Middle-earth II Files 2007-05-20 22:23 3,426,072 --a------ D:\WINDOWS\system32\d3dx9_32.dll 2007-05-20 20:41 682,232 --a------ D:\WINDOWS\system32\drivers\sptd.sys 2007-05-20 20:12 <DIR> d-------- D:\Programfiler\MSN Messenger 2007-05-20 17:26 <DIR> d-------- D:\DOCUME~1\bruker\PROGRA~1\vlc 2007-05-20 03:08 <DIR> d-------- D:\DOCUME~1\bruker\PROGRA~1\Help 2007-05-20 01:50 <DIR> d-------- D:\DOCUME~1\bruker\Contacts 2007-05-20 01:29 <DIR> d----c--- D:\WINDOWS\system32\DRVSTORE 2007-05-16 16:01 <DIR> d-------- D:\Programfiler\VideoLAN 2007-05-16 15:18 <DIR> d-------- D:\Programfiler\Microsoft IntelliType Pro 2007-05-16 15:16 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy 2007-05-16 15:00 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\PROGRA~1\Apple Computer 2007-05-16 01:21 49,152 --a------ D:\WINDOWS\nircmd.exe 2007-05-16 01:14 <DIR> d-------- D:\avenger 2007-05-15 23:03 <DIR> d-------- D:\DOCUME~1\bruker\Incomplete 2007-05-15 22:54 <DIR> d-------- D:\DOCUME~1\bruker\PROGRA~1\LimeWire 2007-05-15 22:34 <DIR> d-------- D:\WINDOWS\system32\NtmsData 2007-05-15 20:14 <DIR> d-------- D:\VundoFix Backups 2007-05-15 20:13 <DIR> d-------- D:\backups 2007-05-15 18:45 <DIR> dr-h----- D:\DOCUME~1\bruker\Siste 2007-05-15 18:40 <DIR> d-------- D:\Programfiler\CCleaner 2007-05-15 18:06 <DIR> d-------- D:\DOCUME~1\bruker\PROGRA~1\SUPERAntiSpyware.com 2007-05-15 18:06 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-15 18:05 <DIR> d-------- D:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-05-15 18:00 1,308,216 --a------ D:\HiJackThis_v2.exe 2007-05-15 17:46 4,225,744 --a------ D:\WINDOWS\system32\exec1.exe 2007-05-15 17:46 1,316,864 --a------ D:\WINDOWS\system32\exec2.exe 2007-05-15 17:43 <DIR> d-------- D:\DOCUME~1\bruker\PROGRA~1\uTorrent 2007-05-15 17:16 <DIR> d-------- D:\WINDOWS\system32\LogFiles 2007-05-15 17:16 <DIR> d-------- D:\WINDOWS\system32\drivers\UMDF 2007-05-15 17:16 <DIR> d-------- D:\Programfiler\Windows Media Connect 2 2007-05-15 17:08 <DIR> d-------- D:\Programfiler\Winamp 2007-05-15 16:58 87,424 --a------ D:\WINDOWS\system32\drivers\irda.sys 2007-05-15 16:58 8,192 --a------ D:\WINDOWS\system32\wshirda.dll 2007-05-15 16:58 57,344 --a------ D:\WINDOWS\system32\drivers\redbook.sys 2007-05-15 16:58 3,072 --a------ D:\WINDOWS\system32\drivers\audstub.sys 2007-05-15 16:58 27,136 --a------ D:\WINDOWS\system32\irmon.dll 2007-05-15 16:58 21,504 --a------ D:\WINDOWS\system32\hidserv.dll 2007-05-15 16:58 19,584 --a------ D:\WINDOWS\system32\drivers\rasirda.sys 2007-05-15 16:58 18,688 --a------ D:\WINDOWS\system32\drivers\irsir.sys 2007-05-15 16:58 152,576 --a------ D:\WINDOWS\system32\irftp.exe 2007-05-15 16:57 74,240 --a------ D:\WINDOWS\system32\usbui.dll 2007-05-15 16:57 <DIR> d--hs---- D:\WINDOWS\Installer 2007-05-15 16:57 <DIR> d-------- D:\Programfiler\Fellesfiler\ODBC 2007-05-15 16:56 9,936 --a------ D:\WINDOWS\system\LZEXPAND.DLL 2007-05-15 16:56 9,008 --a------ D:\WINDOWS\system\VER.DLL 2007-05-15 16:56 85,020 --a------ D:\WINDOWS\system32\dgsetup.dll 2007-05-15 16:56 82,944 --a------ D:\WINDOWS\system\OLECLI.DLL 2007-05-15 16:56 8,704 --a------ D:\WINDOWS\system32\batt.dll 2007-05-15 16:56 8,192 -ra------ D:\WINDOWS\system32\kbdhept.dll 2007-05-15 16:56 74,752 --a------ D:\WINDOWS\system32\storprop.dll 2007-05-15 16:56 7,168 -ra------ D:\WINDOWS\system32\kbdcz.dll 2007-05-15 16:56 69,824 --a------ D:\WINDOWS\system\AVICAP.DLL 2007-05-15 16:56 69,120 --a------ D:\WINDOWS\NOTEPAD.EXE 2007-05-15 16:56 68,976 --a------ D:\WINDOWS\system\MMSYSTEM.DLL 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdycl.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdsl1.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdsl.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdpl.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdhu.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdhela3.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdcz2.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdcz1.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdcr.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\KBDAL.DLL 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdtuq.dll 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdtuf.dll 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdlv1.dll 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdlv.dll 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdhela2.dll 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdgkl.dll 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdest.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdro.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdpl1.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdmon.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdlt1.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdlt.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdkyr.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdhu1.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdhe319.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdhe220.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdhe.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdazel.dll 2007-05-15 16:56 5,120 --a------ D:\WINDOWS\system\SHELL.DLL 2007-05-15 16:56 33,072 --a------ D:\WINDOWS\system\COMMDLG.DLL 2007-05-15 16:56 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll 2007-05-15 16:56 24,064 --a------ D:\WINDOWS\system\OLESVR.DLL 2007-05-15 16:56 19,200 --a------ D:\WINDOWS\system\TAPI.DLL 2007-05-15 16:56 176,157 --a------ D:\WINDOWS\system32\dgrpsetu.dll 2007-05-15 16:56 15,360 --a------ D:\WINDOWS\TASKMAN.EXE 2007-05-15 16:56 13,312 --a------ D:\WINDOWS\system32\irclass.dll 2007-05-15 16:56 126,912 --a------ D:\WINDOWS\system\MSVIDEO.DLL 2007-05-15 16:56 11,264 --a------ D:\WINDOWS\system32\drivers\irenum.sys 2007-05-15 16:56 109,488 --a------ D:\WINDOWS\system\AVIFILE.DLL 2007-05-15 16:56 103,424 --a------ D:\WINDOWS\system32\EqnClass.Dll 2007-05-15 16:56 <DIR> dr-h----- D:\DOCUME~1\DEFAUL~1\Programdata 2007-05-15 16:56 <DIR> dr-h----- D:\DOCUME~1\DEFAUL~1\Lokale innstillinger 2007-05-15 16:56 <DIR> dr-h----- D:\DOCUME~1\ALLUSE~1\Programdata 2007-05-15 16:56 <DIR> dr------- D:\Programfiler 2007-05-15 16:56 <DIR> dr------- D:\DOCUME~1\DEFAUL~1\Start-meny 2007-05-15 16:56 <DIR> dr------- D:\DOCUME~1\ALLUSE~1\Start-meny 2007-05-15 16:56 <DIR> dr------- D:\DOCUME~1\ALLUSE~1\Dokumenter 2007-05-15 16:56 <DIR> d--hs---- D:\System Volume Information 2007-05-15 16:56 <DIR> d--h----- D:\DOCUME~1\DEFAUL~1\Skrivere 2007-05-15 16:56 <DIR> d--h----- D:\DOCUME~1\DEFAUL~1\Siste 2007-05-15 16:56 <DIR> d--h----- D:\DOCUME~1\DEFAUL~1\Maler 2007-05-15 16:56 <DIR> d--h----- D:\DOCUME~1\DEFAUL~1\AndrMask 2007-05-15 16:56 <DIR> d--h----- D:\DOCUME~1\ALLUSE~1\Maler 2007-05-15 16:56 <DIR> d-------- D:\WINDOWS\system32\CatRoot2 2007-05-15 16:56 <DIR> d-------- D:\WINDOWS\system32\CatRoot 2007-05-15 16:56 <DIR> d-------- D:\Programfiler\Fellesfiler\SpeechEngines 2007-05-15 16:56 <DIR> d-------- D:\Documents and Settings 2007-05-15 16:56 <DIR> d-------- D:\DOCUME~1\DEFAUL~1\Skrivebord 2007-05-15 16:56 <DIR> d-------- D:\DOCUME~1\DEFAUL~1\Mine dokumenter 2007-05-15 16:56 <DIR> d-------- D:\DOCUME~1\DEFAUL~1\Favoritter 2007-05-15 16:56 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Skrivebord 2007-05-15 16:56 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Favoritter 2007-05-15 16:50 <DIR> dr-hsc--- D:\WINDOWS\system32\dllcache 2007-05-15 16:50 <DIR> dr--s---- D:\WINDOWS\Fonts 2007-05-15 16:50 <DIR> dr------- D:\WINDOWS\Web 2007-05-15 16:50 <DIR> d--h----- D:\WINDOWS\inf 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\WinSxS 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\twain_32 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\wins 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\wbem 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\usmt 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\spool 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\ShellExt 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\Setup 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\ras 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\oobe 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\npp 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\mui 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\inetsrv 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\IME 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\icsxml 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\ias 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\export 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\drivers\etc 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\drivers\disdn 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\drivers 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\dhcp 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\config 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\3com_dmi 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\3076 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\2052 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1054 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1044 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1042 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1041 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1037 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1033 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1031 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1028 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1025 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\security 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Resources 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\repair 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Provisioning 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\PeerNet 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\pchealth 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\mui 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\msapps 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\msagent 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Media 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\ime 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Help 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\ehome 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Driver Cache 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Debug 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Cursors 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Connection Wizard 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Config 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\AppPatch 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\addins 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS 2007-05-15 16:46 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\PROGRA~1\nView_Profiles 2007-05-15 16:44 2,560 --a------ D:\WINDOWS\_MSRSTRT.EXE 2007-05-15 16:38 <DIR> d-------- D:\WINDOWS\system32\nb-no 2007-05-15 16:25 <DIR> d-------- D:\Programfiler\Fellesfiler\Stardock 2007-05-15 16:14 <DIR> d-------- D:\WINDOWS\network diagnostic 2007-05-15 16:06 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys 2007-05-15 16:06 298,104 --a------ D:\WINDOWS\system32\imon.dll 2007-05-15 16:06 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys 2007-05-15 16:02 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\PROGRA~1\Windows Genuine Advantage 2007-05-15 15:59 0 --a------ D:\WINDOWS\nsreg.dat 2007-05-15 15:49 <DIR> d--hs---- D:\RECYCLER 2007-05-15 15:49 <DIR> d--h----- D:\WINDOWS\$hf_mig$ 2007-05-15 15:49 <DIR> d-------- D:\WINDOWS\system32\PreInstall 2007-05-15 15:46 82,944 --a------ D:\WINDOWS\system32\drivers\wdmaud.sys 2007-05-15 15:46 6,400 --a------ D:\WINDOWS\system32\drivers\splitter.sys 2007-05-15 15:46 54,272 --a------ D:\WINDOWS\system32\drivers\swmidi.sys 2007-05-15 15:46 52,864 --a------ D:\WINDOWS\system32\drivers\DMusic.sys 2007-05-15 15:46 142,464 --a------ D:\WINDOWS\system32\drivers\aec.sys 2007-05-15 15:46 <DIR> d-------- D:\WINDOWS\system32\Lang 2007-05-15 15:45 7,552 --a------ D:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-05-15 15:45 60,800 --a------ D:\WINDOWS\system32\drivers\sysaudio.sys 2007-05-15 15:45 60,288 --a------ D:\WINDOWS\system32\drivers\drmk.sys 2007-05-15 15:45 5,376 --a------ D:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-05-15 15:45 40,960 -r------- D:\WINDOWS\system32\ChCfg.exe 2007-05-15 15:45 4,992 --a------ D:\WINDOWS\system32\drivers\MSPQM.sys 2007-05-15 15:45 4,096 --a------ D:\WINDOWS\system32\ksuser.dll 2007-05-15 15:45 2,944 --a------ D:\WINDOWS\system32\drivers\drmkaud.sys 2007-05-15 15:45 172,416 --a------ D:\WINDOWS\system32\drivers\kmixer.sys 2007-05-15 15:45 135,168 -r------- D:\WINDOWS\system32\RtlCPAPI.dll 2007-05-15 15:45 <DIR> d-------- D:\WINDOWS\system32\RTCOM 2007-05-15 15:44 9,711,104 -r------- D:\WINDOWS\RTLCPL.exe 2007-05-15 15:44 86,016 -r------- D:\WINDOWS\SoundMan.exe 2007-05-15 15:44 69,632 -r------- D:\WINDOWS\Alcmtr.exe 2007-05-15 15:44 4,258,816 -r------- D:\WINDOWS\system32\drivers\RtkHDAud.Sys 2007-05-15 15:44 364,544 -r------- D:\WINDOWS\RtlUpd.exe 2007-05-15 15:44 23,856 --a------ D:\WINDOWS\system32\spupdsvc.exe 2007-05-15 15:44 2,809,344 -r------- D:\WINDOWS\alcwzrd.exe 2007-05-15 15:44 2,158,592 -r------- D:\WINDOWS\MicCal.exe 2007-05-15 15:44 16,120,832 -r------- D:\WINDOWS\RTHDCPL.exe 2007-05-15 15:44 <DIR> d--h----- D:\Programfiler\InstallShield Installation Information 2007-05-15 15:44 <DIR> d-------- D:\Programfiler\Realtek 2007-05-15 15:43 487,424 -r------- D:\WINDOWS\RtlExUpd.dll 2007-05-15 15:43 180,224 --a------ D:\WINDOWS\system32\nvudisp.exe 2007-05-15 15:43 <DIR> d-------- D:\WINDOWS\nview 2007-05-15 15:41 99,840 -ra------ D:\WINDOWS\system32\drivers\nvata.sys 2007-05-15 15:41 35,840 -ra------ D:\WINDOWS\system32\NVCOI.DLL 2007-05-15 15:41 290,304 -ra------ D:\WINDOWS\system32\idecoiins.dll 2007-05-15 15:41 290,304 -ra------ D:\WINDOWS\system32\idecoi.dll 2007-05-15 15:41 208,896 --------- D:\WINDOWS\system32\nvuide.exe 2007-05-15 15:41 <DIR> d-------- D:\WINDOWS\system32\SoftwareDistribution 2007-05-15 15:40 52,736 -ra------ D:\WINDOWS\system32\drivers\NVENETFD.sys 2007-05-15 15:40 36,352 -ra------ D:\WINDOWS\system32\drivers\AmdK8.sys 2007-05-15 15:40 35,840 -ra------ D:\WINDOWS\system32\nvconrm.dll 2007-05-15 15:40 261,120 -ra------ D:\WINDOWS\system32\drivers\nvsnpu.sys 2007-05-15 15:40 208,896 -ra------ D:\WINDOWS\system32\nvusmb.exe 2007-05-15 15:40 208,896 --a------ D:\WINDOWS\system32\nvunrm.exe 2007-05-15 15:40 208,896 --a------ D:\WINDOWS\system32\NVUNINST.EXE 2007-05-15 15:40 208,384 -ra------ D:\WINDOWS\system32\fdco1ins.dll 2007-05-15 15:40 208,384 -ra------ D:\WINDOWS\system32\fdco1.dll 2007-05-15 15:40 18,944 -ra------ D:\WINDOWS\system32\drivers\nvnetbus.sys 2007-05-15 15:40 159,232 -ra------ D:\WINDOWS\system32\fdco_l1036.dll 2007-05-15 15:40 159,232 -ra------ D:\WINDOWS\system32\fdco_l1034.dll 2007-05-15 15:40 159,232 -ra------ D:\WINDOWS\system32\fdco_l1031.dll 2007-05-15 15:40 158,720 -ra------ D:\WINDOWS\system32\fdco_l1046.dll 2007-05-15 15:40 158,720 -ra------ D:\WINDOWS\system32\fdco_l1040.dll 2007-05-15 15:40 156,672 -ra------ D:\WINDOWS\system32\fdco_l1042.dll 2007-05-15 15:40 156,672 -ra------ D:\WINDOWS\system32\fdco_l1041.dll 2007-05-15 15:40 155,648 -ra------ D:\WINDOWS\system32\fdco_l1028.dll 2007-05-15 15:40 155,136 -ra------ D:\WINDOWS\system32\fdco_l2052.dll 2007-05-15 15:40 109,568 -ra------ D:\WINDOWS\system32\drivers\nvtcp.sys 2007-05-15 15:40 10,240 -ra------ D:\WINDOWS\system32\bdco1ins.dll 2007-05-15 15:40 10,240 -ra------ D:\WINDOWS\system32\bdco1.dll 2007-05-15 15:40 1,068,800 -ra------ D:\WINDOWS\system32\drivers\nvnrm.sys 2007-05-15 15:40 <DIR> d-------- D:\WINDOWS\system32\ReinstallBackups 2007-05-15 15:40 <DIR> d-------- D:\WINDOWS\NV1572756.TMP 2007-05-15 15:40 <DIR> d-------- D:\Programfiler\Fellesfiler\InstallShield 2007-05-15 15:37 2,097,152 --ah----- D:\DOCUME~1\bruker\NTUSER.DAT 2007-05-15 15:37 <DIR> dr-h----- D:\DOCUME~1\bruker\Programdata 2007-05-15 15:37 <DIR> dr------- D:\DOCUME~1\bruker\Start-meny 2007-05-15 15:37 <DIR> dr------- D:\DOCUME~1\bruker\Mine dokumenter 2007-05-15 15:37 <DIR> dr------- D:\DOCUME~1\bruker\Favoritter 2007-05-15 15:37 <DIR> d--h----- D:\DOCUME~1\bruker\Skrivere 2007-05-15 15:37 <DIR> d--h----- D:\DOCUME~1\bruker\Maler 2007-05-15 15:37 <DIR> d--h----- D:\DOCUME~1\bruker\Lokale innstillinger 2007-05-15 15:37 <DIR> d--h----- D:\DOCUME~1\bruker\AndrMask 2007-05-15 15:37 <DIR> d-------- D:\DOCUME~1\bruker\Skrivebord 2007-05-15 15:21 225,280 --ah----- D:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-05-15 15:21 <DIR> d--h----- D:\DOCUME~1\LOCALS~1\Lokale innstillinger 2007-05-15 15:21 <DIR> d-------- D:\WINDOWS\SoftwareDistribution 2007-05-15 15:21 <DIR> d-------- D:\WINDOWS\Prefetch 2007-05-15 15:21 <DIR> d-------- D:\DOCUME~1\LOCALS~1\Programdata 2007-05-15 15:18 225,280 --ah----- D:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-05-15 15:18 <DIR> d--h----- D:\DOCUME~1\NETWOR~1\Lokale innstillinger 2007-05-15 15:18 <DIR> d-------- D:\DOCUME~1\NETWOR~1\Programdata 2007-05-15 15:14 225,280 ---h----- D:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-05-15 15:14 112,128 --a------ D:\WINDOWS\system32\mapi32.dll 2007-05-15 15:14 <DIR> d-------- D:\WINDOWS\system32\xircom 2007-05-15 15:14 <DIR> d-------- D:\Programfiler\microsoft frontpage 2007-05-15 15:13 11,264 --a------ D:\WINDOWS\system32\atrace.dll 2007-05-15 15:13 <DIR> dr------- D:\WINDOWS\Offline Web Pages 2007-05-15 15:13 <DIR> d--hs---- D:\DOCUME~1\ALLUSE~1\DRM 2007-05-15 15:13 <DIR> d--h----- D:\Programfiler\WindowsUpdate 2007-05-15 15:13 <DIR> d---s---- D:\WINDOWS\Downloaded Program Files 2007-05-15 15:13 <DIR> d-------- D:\WINDOWS\system32\DirectX 2007-05-15 15:13 <DIR> d-------- D:\Programfiler\Elektroniske tjenester 2007-05-15 15:12 81,920 --a------ D:\WINDOWS\system32\isign32.dll 2007-05-15 15:12 81,920 --a------ D:\WINDOWS\system32\ils.dll 2007-05-15 15:12 8,192 --a------ D:\WINDOWS\system32\bitsprx2.dll 2007-05-15 15:12 73,728 --a------ D:\WINDOWS\system32\icwdial.dll 2007-05-15 15:12 73,344 --a------ D:\WINDOWS\system32\drivers\sr.sys 2007-05-15 15:12 7,168 --a------ D:\WINDOWS\system32\bitsprx3.dll 2007-05-15 15:12 69,632 --a------ D:\WINDOWS\system32\msconf.dll 2007-05-15 15:12 679,424 --a------ D:\WINDOWS\system32\inetcomm.dll 2007-05-15 15:12 67,584 --a------ D:\WINDOWS\system32\srclient.dll 2007-05-15 15:12 65,536 --a------ D:\WINDOWS\system32\icwphbk.dll 2007-05-15 15:12 64,512 --a------ D:\WINDOWS\system32\acctres.dll 2007-05-15 15:12 6,656 --a------ D:\WINDOWS\system32\wuauserv.dll 2007-05-15 15:12 47,616 --a------ D:\WINDOWS\system32\inetres.dll 2007-05-15 15:12 465,176 --a------ D:\WINDOWS\system32\wuapi.dll 2007-05-15 15:12 45,568 --a------ D:\WINDOWS\system32\safrslv.dll 2007-05-15 15:12 43,520 --a------ D:\WINDOWS\system32\safrcdlg.dll 2007-05-15 15:12 43,520 --a------ D:\WINDOWS\system32\racpldlg.dll 2007-05-15 15:12 41,240 --a------ D:\WINDOWS\system32\wups.dll 2007-05-15 15:12 382,464 --a------ D:\WINDOWS\system32\qmgr.dll 2007-05-15 15:12 34,560 --a------ D:\WINDOWS\system32\mnmdd.dll 2007-05-15 15:12 32,768 --a------ D:\WINDOWS\system32\mnmsrvc.exe 2007-05-15 15:12 32,768 --a------ D:\WINDOWS\system32\isrdbg32.dll 2007-05-15 15:12 29,696 --a------ D:\WINDOWS\system32\safrdm.dll 2007-05-15 15:12 28,672 --a------ D:\WINDOWS\system32\nmmkcert.dll 2007-05-15 15:12 278,528 --a------ D:\WINDOWS\system32\inetcfg.dll 2007-05-15 15:12 275,968 --a------ D:\WINDOWS\system32\mstask.dll 2007-05-15 15:12 252,928 --a------ D:\WINDOWS\system32\msoeacct.dll 2007-05-15 15:12 240,128 --a------ D:\WINDOWS\system32\srrstr.dll 2007-05-15 15:12 23,040 --a------ D:\WINDOWS\system32\fltmc.exe 2007-05-15 15:12 21,704 --a------ D:\WINDOWS\system32\emptyregdb.dat 2007-05-15 15:12 194,840 --a------ D:\WINDOWS\system32\wuaueng1.dll 2007-05-15 15:12 190,976 --a------ D:\WINDOWS\system32\schedsvc.dll 2007-05-15 15:12 18,944 --a------ D:\WINDOWS\system32\qmgrprxy.dll 2007-05-15 15:12 174,360 --a------ D:\WINDOWS\system32\wuauclt1.exe 2007-05-15 15:12 173,536 --a------ D:\WINDOWS\system32\wuweb.dll 2007-05-15 15:12 170,496 --a------ D:\WINDOWS\system32\srsvc.dll 2007-05-15 15:12 16,896 --a------ D:\WINDOWS\system32\fltlib.dll 2007-05-15 15:12 16,384 --a------ D:\WINDOWS\system32\icfgnt5.dll 2007-05-15 15:12 128,896 --a------ D:\WINDOWS\system32\drivers\fltmgr.sys 2007-05-15 15:12 127,768 --a------ D:\WINDOWS\system32\wucltui.dll 2007-05-15 15:12 124,696 --a------ D:\WINDOWS\system32\wuauclt.exe 2007-05-15 15:12 12,288 --a------ D:\WINDOWS\system32\nmevtmsg.dll 2007-05-15 15:12 12,288 --a------ D:\WINDOWS\system32\mstinit.exe 2007-05-15 15:12 105,984 --a------ D:\WINDOWS\system32\msoert2.dll 2007-05-15 15:12 1,343,768 --a------ D:\WINDOWS\system32\wuaueng.dll 2007-05-15 15:12 <DIR> d---s---- D:\WINDOWS\Tasks 2007-05-15 15:12 <DIR> d-------- D:\WINDOWS\system32\Restore 2007-05-15 15:12 <DIR> d-------- D:\WINDOWS\system32\Macromed 2007-05-15 15:12 <DIR> d-------- D:\WINDOWS\srchasst 2007-05-15 15:12 <DIR> d-------- D:\Programfiler\Movie Maker 2007-05-15 15:12 <DIR> d-------- D:\Programfiler\Fellesfiler\Tjenester 2007-05-15 15:12 <DIR> d-------- D:\Programfiler\Fellesfiler\MSSoap 2007-05-15 15:11 97,792 --a------ D:\WINDOWS\system32\comrepl.dll 2007-05-15 15:11 956,416 --a------ D:\WINDOWS\system32\msdtctm.dll 2007-05-15 15:11 93,696 --a------ D:\WINDOWS\system32\tscfgwmi.dll 2007-05-15 15:11 91,136 --a------ D:\WINDOWS\system32\mtxoci.dll 2007-05-15 15:11 9,728 --a------ D:\WINDOWS\system32\reset.exe 2007-05-15 15:11 87,176 --a------ D:\WINDOWS\system32\rdpwsx.dll 2007-05-15 15:11 85,504 --a------ D:\WINDOWS\system32\catsrvps.dll 2007-05-15 15:11 80,384 --a------ D:\WINDOWS\system32\charmap.exe 2007-05-15 15:11 73,216 --a------ D:\WINDOWS\system32\avwav.dll 2007-05-15 15:11 67,072 --a------ D:\WINDOWS\system32\rdshost.exe 2007-05-15 15:11 655,360 --a------ D:\WINDOWS\system32\mstscax.dll 2007-05-15 15:11 625,152 --a------ D:\WINDOWS\system32\catsrvut.dll 2007-05-15 15:11 62,464 --a------ D:\WINDOWS\system32\rdpclip.exe 2007-05-15 15:11 605,696 --a------ D:\WINDOWS\system32\getuname.dll 2007-05-15 15:11 60,928 --a------ D:\WINDOWS\system32\remotepg.dll 2007-05-15 15:11 60,416 --a------ D:\WINDOWS\system32\colbact.dll 2007-05-15 15:11 6,144 --a------ D:\WINDOWS\system32\msdtc.exe 2007-05-15 15:11 58,880 --a------ D:\WINDOWS\system32\msdtclog.dll 2007-05-15 15:11 58,880 --a------ D:\WINDOWS\system32\licwmi.dll 2007-05-15 15:11 56,832 --a------ D:\WINDOWS\system32\sol.exe 2007-05-15 15:11 56,320 --a------ D:\WINDOWS\system32\servdeps.dll 2007-05-15 15:11 55,296 --a------ D:\WINDOWS\system32\freecell.exe 2007-05-15 15:11 540,160 --a------ D:\WINDOWS\system32\comuid.dll 2007-05-15 15:11 54,272 --a------ D:\WINDOWS\system32\stclient.dll 2007-05-15 15:11 538,624 --a------ D:\WINDOWS\system32\spider.exe 2007-05-15 15:11 5,632 --a------ D:\WINDOWS\system32\write.exe 2007-05-15 15:11 5,120 --a------ D:\WINDOWS\system32\dcomcnfg.exe 2007-05-15 15:11 498,688 --a------ D:\WINDOWS\system32\clbcatq.dll 2007-05-15 15:11 44,544 --a------ D:\WINDOWS\system32\tscupgrd.exe 2007-05-15 15:11 44,544 --a------ D:\WINDOWS\system32\hticons.dll 2007-05-15 15:11 426,496 --a------ D:\WINDOWS\system32\msdtcprx.dll 2007-05-15 15:11 408,064 --a------ D:\WINDOWS\system32\mstsc.exe 2007-05-15 15:11 4,096 --a------ D:\WINDOWS\system32\rdpcfgex.dll 2007-05-15 15:11 4,096 --a------ D:\WINDOWS\system32\mtxex.dll 2007-05-15 15:11 38,912 --a------ D:\WINDOWS\system32\cfgbkend.dll 2007-05-15 15:11 35,328 --a------ D:\WINDOWS\system32\winchat.exe 2007-05-15 15:11 348,672 --a------ D:\WINDOWS\system32\hypertrm.dll 2007-05-15 15:11 344,064 --a------ D:\WINDOWS\system32\mspaint.exe 2007-05-15 15:11 33,792 --a------ D:\WINDOWS\system32\regini.exe 2007-05-15 15:11 294,912 --a------ D:\WINDOWS\system32\termsrv.dll 2007-05-15 15:11 25,600 --a------ D:\WINDOWS\system32\comaddin.dll 2007-05-15 15:11 25,088 --a------ D:\WINDOWS\system32\mtxlegih.dll 2007-05-15 15:11 228,864 --a------ D:\WINDOWS\system32\avtapi.dll 2007-05-15 15:11 225,792 --a------ D:\WINDOWS\system32\catsrv.dll 2007-05-15 15:11 22,528 --a------ D:\WINDOWS\system32\qwinsta.exe 2007-05-15 15:11 21,896 --a------ D:\WINDOWS\system32\drivers\tdtcp.sys 2007-05-15 15:11 20,992 --a------ D:\WINDOWS\system32\msg.exe 2007-05-15 15:11 20,480 --a------ D:\WINDOWS\system32\qprocess.exe 2007-05-15 15:11 20,480 --a------ D:\WINDOWS\system32\mtxdm.dll 2007-05-15 15:11 19,968 --a------ D:\WINDOWS\system32\rdpsnd.dll 2007-05-15 15:11 186,368 --a------ D:\WINDOWS\system32\cmprops.dll 2007-05-15 15:11 185,344 --a------ D:\WINDOWS\system32\accwiz.exe 2007-05-15 15:11 17,408 --a------ D:\WINDOWS\system32\qappsrv.exe 2007-05-15 15:11 17,408 --a------ D:\WINDOWS\system32\mmfutil.dll 2007-05-15 15:11 161,280 --a------ D:\WINDOWS\system32\msdtcuiu.dll 2007-05-15 15:11 16,896 --a------ D:\WINDOWS\system32\tsshutdn.exe 2007-05-15 15:11 16,384 --a------ D:\WINDOWS\system32\tskill.exe 2007-05-15 15:11 16,384 --a------ D:\WINDOWS\system32\avmeter.dll 2007-05-15 15:11 15,872 --a------ D:\WINDOWS\system32\rwinsta.exe 2007-05-15 15:11 15,872 --a------ D:\WINDOWS\system32\cdmodem.dll 2007-05-15 15:11 15,360 --a------ D:\WINDOWS\system32\logoff.exe 2007-05-15 15:11 147,968 --a------ D:\WINDOWS\system32\rdchost.dll 2007-05-15 15:11 147,456 --a------ D:\WINDOWS\system32\comsnap.dll 2007-05-15 15:11 140,288 --a------ D:\WINDOWS\system32\sessmgr.exe 2007-05-15 15:11 14,848 --a------ D:\WINDOWS\system32\tsdiscon.exe 2007-05-15 15:11 14,848 --a------ D:\WINDOWS\system32\tscon.exe 2007-05-15 15:11 14,848 --a------ D:\WINDOWS\system32\shadow.exe 2007-05-15 15:11 139,528 --a------ D:\WINDOWS\system32\drivers\rdpwd.sys 2007-05-15 15:11 139,264 --a------ D:\WINDOWS\system32\sndvol32.exe 2007-05-15 15:11 131,584 --a------ D:\WINDOWS\system32\sndrec32.exe 2007-05-15 15:11 13,824 --a------ D:\WINDOWS\system32\rdsaddin.exe 2007-05-15 15:11 127,488 --a------ D:\WINDOWS\system32\mshearts.exe 2007-05-15 15:11 123,392 --a------ D:\WINDOWS\system32\mplay32.exe 2007-05-15 15:11 12,040 --a------ D:\WINDOWS\system32\drivers\tdpipe.sys 2007-05-15 15:11 119,808 --a------ D:\WINDOWS\system32\winmine.exe 2007-05-15 15:11 114,688 --a------ D:\WINDOWS\system32\calc.exe 2007-05-15 15:11 110,080 --a------ D:\WINDOWS\system32\clbcatex.dll 2007-05-15 15:11 11,776 --a------ D:\WINDOWS\system32\xolehlp.dll 2007-05-15 15:11 11,264 --a------ D:\WINDOWS\system32\icaapi.dll 2007-05-15 15:11 102,912 --a------ D:\WINDOWS\system32\clipbrd.exe 2007-05-15 15:11 1,267,200 --a------ D:\WINDOWS\system32\comsvcs.dll 2007-05-15 15:11 1,161 --a------ D:\WINDOWS\system32\usrlogon.cmd 2007-05-15 15:11 <DIR> d-------- D:\WINDOWS\system32\MsDtc 2007-05-15 15:11 <DIR> d-------- D:\WINDOWS\system32\Com 2007-05-15 15:11 <DIR> d-------- D:\WINDOWS\Registration 2007-05-15 15:11 <DIR> d-------- D:\Programfiler\Windows NT 2007-05-15 15:11 <DIR> d-------- D:\Programfiler\MSN Gaming Zone 2007-05-15 15:11 <DIR> d-------- D:\Programfiler\Messenger 2007-05-15 15:10 40,840 --a------ D:\WINDOWS\system32\drivers\termdd.sys 2007-05-15 15:10 196,864 --a------ D:\WINDOWS\system32\drivers\rdpdr.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-15 14:44:59 2,560 ----a-w D:\WINDOWS\_MSRSTRT.EXE 2007-05-15 14:08:56 46,134 ----a-w D:\WINDOWS\system32\perfc014.dat 2007-05-15 14:08:56 318,652 ----a-w D:\WINDOWS\system32\perfh014.dat 2007-03-17 13:45:38 292,864 ----a-w D:\WINDOWS\system32\winsrv.dll 2007-03-08 15:39:11 577,536 ----a-w D:\WINDOWS\system32\user32.dll 2007-03-08 15:39:11 40,960 ----a-w D:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:11 281,600 ----a-w D:\WINDOWS\system32\gdi32.dll 2007-03-08 15:38:06 1,843,584 ----a-w D:\WINDOWS\system32\win32k.sys 2007-02-05 20:19:38 185,344 ----a-w D:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {35CB514C-B300-49D5-B614-F3FA4EC50EE6}=D:\WINDOWS\system32\geebx.dll [] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-03-09 15:29] "nwiz"="nwiz.exe" [2006-03-09 15:29 D:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 15:29] "RTHDCPL"="RTHDCPL.EXE" [] "nod32kui"="c:\Programfiler\Eset\nod32kui.exe" [2007-05-15 16:05] "SunJavaUpdateSched"="D:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-04-27 09:41] "type32"="D:\Programfiler\Microsoft IntelliType Pro\type32.exe" [2005-03-15 11:46] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="" [] "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebx] D:\WINDOWS\system32\geebx.dll ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-25 23:56:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-25 23:57:18 - machine was rebooted D:\ComboFix-quarantined-files.txt ... 2007-05-25 23:57 --- E O F --- Tusen virkelig takk for at du hjelper folk med dette! Som jeg har sagt setter jeg virkelig stor pris på det Lenke til kommentar
norbat Skrevet 25. mai 2007 Del Skrevet 25. mai 2007 Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: (no name) - {35CB514C-B300-49D5-B614-F3FA4EC50EE6} - D:\WINDOWS\system32\geebx.dll (file missing) O2 - BHO: (no name) - {50B8B451-8638-4E85-9F8C-8E9B7485B739} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {D27FA8D3-2D84-4750-A881-8928F12A21EF} - (no file) O20 - Winlogon Notify: geebx - D:\WINDOWS\system32\geebx.dll (file missing) Hent CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker' til det ikke finner flere feil. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Ut over dette er HJT-loggen ren Hvordan kjører pc? (Kjør gjerne en full scan både med SAS og NOD32 ) Lenke til kommentar
m0g1e Skrevet 28. mai 2007 Forfatter Del Skrevet 28. mai 2007 Skal teste PC-en senere ikveld. Tror den skal være ganske så ren nå Derimot er min laptop infisert igjen... En ganske enkel og klar årsak: Nettopp installert LimeWire PRO og startet det. Det stod da i Wizarden du får opp første gang du starter det hvor du definerer hva du vil dele, båndbredde du har, osv... Jeg hadde etterlatt min PC stående på slik i første bildet og får derfor 3 advarsler fra NOD32 ang spyware/adware og ukjente trusler i systemet. Må jo virkelig si at det er en sikkerhetsbrist i programmet som jeg ikke har kjent til før... Det er vel mulig at programmet oppdaterer seg mot siste versjon først når det ferdig konfigurert? Vet for øverig at nettverket LimeWire benytter seg av er strappet med piss... Har likevel brukt denne PRO versjonen uten at vi har opplevd lignende. Mulig det er et hull som blir benyttet nå i senere tid for verken jeg eller broren min har ikke hatt adware/spyware på våres PC-er på over 2 år nå, og vi har brukt LimeWire en god del... Tenker også på alternative og tryggere program for Gnuella nettverket som FrostWire som jeg også sikkert kan bruke... Det går i samme typer infiseringer som før, bare litt forskjellige filer med andre navn osv. Pop-ups i IE som blir tilbakestilt til versjon 6.0 og lign. Har ikke sett så mye ennå. Kjørt en SAS nå og skal restarte. Legger en HJT logg ut også... Lenke til kommentar
norbat Skrevet 28. mai 2007 Del Skrevet 28. mai 2007 Vel, noen burde ta fra deg 'internett-sertifikatet' Det ER en risiko å ha pc'n infisert med spyware. Noen kan skaffe seg info om dine konti (brukernavn/passord) + at pc'n din kan brukes i mer alvorlige saker. Du bør vurdere om behovet for fildelingsprogram er så stort at du er villig til å leve med den risikoen. Jeg skal ikke fortelle deg hva du bør gjøre. Lenke til kommentar
m0g1e Skrevet 28. mai 2007 Forfatter Del Skrevet 28. mai 2007 (endret) HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 18:05, on 2007-05-28 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\keyhook.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe P:\Programfiler\Eset\nod32kui.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\sistray.exe P:\Dock\yz_dck0083\YzDock.exe P:\Programfiler\Eset\nod32krn.exe P:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe P:\Programfiler\Opera\Opera.exe L:\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {072D0E05-5319-4155-A8AF-49CAAD12DAF8} - (no file) O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - P:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\gihuthnh.dll O2 - BHO: (no name) - {6EC93FEF-A9B5-41F5-82D3-9C3E6BF0BD19} - C:\WINDOWS\system32\rqrstuv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {B17C9F94-6757-4983-B8E0-48622B43D43A} - C:\WINDOWS\system32\pmkhf.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - P:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [\\printsrv\rx425] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P16 "\\printsrv\rx425" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "P:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [\\kontor\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "\\kontor\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Snarvei til YzDock.lnk = P:\Dock\yz_dck0083\YzDock.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://P:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{BA4BAEBB-1E04-4778-8CC2-D92FDD2E1D31}: NameServer = 10.0.0.138 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: pmkhf - C:\WINDOWS\system32\pmkhf.dll O20 - Winlogon Notify: rqrstuv - C:\WINDOWS\SYSTEM32\rqrstuv.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Imapi Helper - Alex Feinman - P:\Programfiler\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - P:\Programfiler\Eset\nod32krn.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - P:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe -- End of file - 6584 bytes SAS fra tidligere: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/28/2007 at 05:39 PM Application Version : 3.7.1018 Core Rules Database Version : 3241 Trace Rules Database Version: 1252 Scan type : Complete Scan Total Scan Time : 00:21:54 Memory items scanned : 345 Memory threats detected : 1 Registry items scanned : 4244 Registry threats detected : 6 File items scanned : 23124 File threats detected : 11 Unclassified.Unknown Origin/System C:\WINDOWS\SYSTEM32\DDCYW.DLL C:\WINDOWS\SYSTEM32\DDCYW.DLL Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddcyw Adware.Vundo Variant HKLM\Software\Classes\CLSID\{072D0E05-5319-4155-A8AF-49CAAD12DAF8} HKCR\CLSID\{072D0E05-5319-4155-A8AF-49CAAD12DAF8} HKCR\CLSID\{072D0E05-5319-4155-A8AF-49CAAD12DAF8}\InprocServer32 HKCR\CLSID\{072D0E05-5319-4155-A8AF-49CAAD12DAF8}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{072D0E05-5319-4155-A8AF-49CAAD12DAF8} Adware.Tracking Cookie C:\Documents and Settings\bruker\Cookies\bruker@imrworldwide[1].txt C:\Documents and Settings\bruker\Cookies\[email protected][2].txt C:\Documents and Settings\bruker\Cookies\[email protected][1].txt C:\Documents and Settings\bruker\Cookies\bruker@tradedoubler[1].txt C:\Documents and Settings\bruker\Cookies\[email protected][1].txt C:\Documents and Settings\bruker\Cookies\[email protected][2].txt C:\Documents and Settings\bruker\Cookies\bruker@doubleclick[2].txt C:\Documents and Settings\bruker\Cookies\[email protected][1].txt C:\Documents and Settings\bruker\Cookies\bruker@mediaplex[1].txt Trojan.Downloader-SpyTool C:\DOCUMENTS AND SETTINGS\bruker\LOKALE INNSTILLINGER\TEMP\OPIKCODO.DLL Er faktisk fullstendig klar over hvilken risiko det er med slike program, men fra erfaringer på andre PC-er jeg har brukt LimeWire på i en lang stund nå, og at det har fungert prikkfritt i så lang tid har jeg likevel prøvd meg med LimeWire på både desktopen og laptopen... Har aldri opplevd slike tilfeller av infiseringer før på noen av PC-ene, så jeg er jo ganske ny og nyskjerrig på hva mye her er forårsaket av... Endret 28. mai 2007 av nollie Lenke til kommentar
norbat Skrevet 28. mai 2007 Del Skrevet 28. mai 2007 Hent Combofix og legg det på skrivebordet: Klikk: Start -> Kjør Kopier det som står under og lim det inn i 'kjør-vinduet': "%userprofile%\Skrivebord\ComboFix.exe" /v gihuthnh rqrstuv pmkhf Klikk OK, og følg anvisningen. Ikke klikk på vinduet mens programmet kjører. Når programmet er ferdig åpnes en loggfil: combofix.txt Den loggfilen kan du godt poste sammen med en ny HJT-logg Lenke til kommentar
m0g1e Skrevet 28. mai 2007 Forfatter Del Skrevet 28. mai 2007 (endret) CombiFix: Klikk for å se/fjerne innholdet nedenfor "bruker" - 2007-05-28 21:25:04 Service Pack 2 ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\bruker\Skrivebord\" Command switches used :: "/v gihuthnh rqrstuv pmkhf" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\gihuthnh.dll C:\WINDOWS\system32\awtstur.dll C:\WINDOWS\system32\ddcbcay.dll C:\WINDOWS\system32\fhkmp.bak1 C:\WINDOWS\system32\fhkmp.ini C:\WINDOWS\system32\fhkmp.bak1 C:\WINDOWS\system32\fhkmp.ini C:\WINDOWS\system32\wycdd.bak1 C:\WINDOWS\system32\wycdd.ini2 C:\WINDOWS\system32\wycdd.tmp C:\WINDOWS\system32\wycdd.bak1 C:\WINDOWS\system32\wycdd.ini2 C:\WINDOWS\system32\wycdd.tmp C:\WINDOWS\system32\rqrstuv.dll C:\WINDOWS\system32\pmkhf.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 )))))))))))))))))))))))))))))))))) 2007-05-28 17:16 <DIR> d-------- C:\Documents and Settings\bruker\Incomplete 2007-05-28 17:16 <DIR> d-------- C:\DOCUME~1\bruker\Incomplete 2007-05-28 14:18 <DIR> d-------- C:\DOCUME~1\bruker\PROGRA~1\LimeWire 2007-05-21 17:03 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-05-21 17:03 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-05-20 21:59 <DIR> d-------- C:\DOCUME~1\bruker\PROGRA~1\.purple 2007-05-18 17:35 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-05-18 13:37 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-05-14 19:46 <DIR> d-------- C:\DOCUME~1\bruker\PROGRA~1\uTorrent 2007-05-13 19:39 <DIR> d-------- C:\WINDOWS\system32\nb-no 2007-05-11 20:24 <DIR> d-------- C:\Programfiler\Microsoft Works 2007-05-11 20:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Microsoft Help 2007-05-08 21:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-08 21:49 <DIR> d-------- C:\DOCUME~1\bruker\PROGRA~1\SUPERAntiSpyware.com 2007-04-30 13:28 <DIR> d-------- C:\public_html 2007-04-29 12:57 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-04-29 12:57 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-04-29 12:41 298,104 --a------ C:\WINDOWS\system32\imon.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-28 19:08:17 -------- d-----w C:\DOCUME~1\bruker\PROGRA~1\SolidDocuments 2007-05-28 00:24:07 -------- d-----w C:\DOCUME~1\bruker\PROGRA~1\.purple 2007-05-08 20:38:09 46,522 ----a-w C:\WINDOWS\system32\perfc014.dat 2007-05-08 20:38:09 319,198 ----a-w C:\WINDOWS\system32\perfh014.dat 2007-04-27 13:20:47 -------- d-----w C:\DOCUME~1\bruker\PROGRA~1\Opera 2007-04-26 07:21:39 -------- d-----w C:\DOCUME~1\bruker\PROGRA~1\VMware 2007-04-24 10:41:42 -------- d-----w C:\Programfiler\VMware 2007-04-22 14:31:58 -------- d-----w C:\DOCUME~1\bruker\PROGRA~1\AdobeUM 2007-04-18 16:15:14 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-08 18:19:00 -------- d-----w C:\Programfiler\Age of Empires II 2007-04-02 22:46:19 -------- d-----w C:\DOCUME~1\bruker\PROGRA~1\vlc 2007-03-25 16:41:08 1,285 ----a-w C:\WINDOWS\mozver.dat 2007-03-18 22:38:45 31 ----a-w C:\ftp_xplorer.bat 2007-03-18 22:12:49 0 ----a-w C:\WINDOWS\nsreg.dat 2007-03-18 19:23:39 0 --sha-r C:\MSDOS.SYS 2007-03-18 19:23:39 0 --sha-r C:\IO.SYS 2007-03-18 19:23:39 0 ----a-w C:\CONFIG.SYS 2007-03-18 19:23:39 0 ----a-w C:\AUTOEXEC.BAT 2007-03-18 19:20:24 21,704 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-03-17 13:45:38 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:39:11 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:39:11 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:11 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:38:06 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 01:47] {259F616C-A300-44F5-B04A-ED001A26C85C}=P:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2006-11-02 15:09] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "SiSPower"="SiSPower.dll" [2005-04-12 21:31 C:\WINDOWS\system32\SiSPower.dll] "SoundMan"="SOUNDMAN.EXE" [] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-18 04:53] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-18 04:53] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23] "nod32kui"="P:\Programfiler\Eset\nod32kui.exe" [2007-04-29 12:56] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-28 18:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-28 21:27:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-28 21:28:45 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-28 21:28 --- E O F --- HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21:49:55, on 28.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe P:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe P:\Programfiler\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\sistray.exe P:\Dock\yz_dck0083\YzDock.exe P:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\WINDOWS\system32\notepad.exe P:\Programfiler\Opera\Opera.exe P:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE \roger\source\Utilities\crap\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {072D0E05-5319-4155-A8AF-49CAAD12DAF8} - (no file) O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - P:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - P:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "P:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Snarvei til YzDock.lnk = P:\Dock\yz_dck0083\YzDock.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://P:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{BA4BAEBB-1E04-4778-8CC2-D92FDD2E1D31}: NameServer = 10.0.0.138 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Imapi Helper - Alex Feinman - P:\Programfiler\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - P:\Programfiler\Eset\nod32krn.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - P:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe -- End of file - 5728 bytes Takk så mye for hjelpen Endret 28. mai 2007 av nollie Lenke til kommentar
norbat Skrevet 28. mai 2007 Del Skrevet 28. mai 2007 Loggen ser grei ut, men kjør allikevel en full scan med SAS. Har pc'n fortsatt de samme problemene? Lenke til kommentar
m0g1e Skrevet 29. mai 2007 Forfatter Del Skrevet 29. mai 2007 (endret) Ikke ennå.. men finner en "Vundo Variant" i SAS SAS logg: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/29/2007 at 07:40 PM Application Version : 3.8.1002 Core Rules Database Version : 3241 Trace Rules Database Version: 1252 Scan type : Complete Scan Total Scan Time : 00:17:11 Memory items scanned : 323 Memory threats detected : 0 Registry items scanned : 4239 Registry threats detected : 4 File items scanned : 22772 File threats detected : 1 Adware.Vundo Variant HKLM\Software\Classes\CLSID\{1A0036B7-1E6B-493D-9DC1-ACF586E05335} HKCR\CLSID\{1A0036B7-1E6B-493D-9DC1-ACF586E05335} HKCR\CLSID\{1A0036B7-1E6B-493D-9DC1-ACF586E05335}\InprocServer32 HKCR\CLSID\{1A0036B7-1E6B-493D-9DC1-ACF586E05335}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\GEEDA.DLL HJT logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 20:05:28, on 29.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe P:\Programfiler\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\sistray.exe P:\Programfiler\Eset\nod32krn.exe P:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe P:\Dock\yz_dck0083\YzDock.exe C:\WINDOWS\system32\notepad.exe P:\Programfiler\Opera\Opera.exe \roger\source\Utilities\crap\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {072D0E05-5319-4155-A8AF-49CAAD12DAF8} - (no file) O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - P:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - P:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "P:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Snarvei til YzDock.lnk = P:\Dock\yz_dck0083\YzDock.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://P:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{BA4BAEBB-1E04-4778-8CC2-D92FDD2E1D31}: NameServer = 10.0.0.138 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Imapi Helper - Alex Feinman - P:\Programfiler\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - P:\Programfiler\Eset\nod32krn.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - P:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe -- End of file - 5673 bytes Endret 29. mai 2007 av nollie Lenke til kommentar
norbat Skrevet 29. mai 2007 Del Skrevet 29. mai 2007 (endret) Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: (no name) - {072D0E05-5319-4155-A8AF-49CAAD12DAF8} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Ut over dette er loggen fin Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Endret 29. mai 2007 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå