norbat Skrevet 15. november 2007 Del Skrevet 15. november 2007 Vi prøver følgende: Forandre programnavnet til hijackthis til noe annet, f.eks. til jijiji.exe. Opprett egen mappe på skriveborder der du legger programmer. Kjør deretter programmet og post loggen. Legg loggen i en SPOILER. Lenke til kommentar
jijiji Skrevet 15. november 2007 Forfatter Del Skrevet 15. november 2007 OK. Da var det gjort. worldinpink starter forøvrig Explorer på egenhånd nå. Det trenger ikke være åpent fra før av. C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\firefox.exe C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\Jon\Skrivebord\jijiji\jijiji.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.no/hws/sb/dell-row/no/side.html?channel=no R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.no/hws/sb/dell-row/no/side.html?channel=no R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.no/hws/sb/dell-row/no/side.html?channel=no R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=2070618 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programfiler\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll (file missing) O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [iAAnotif] "C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [DMXLauncher] "C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [CTDVDDET] "C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Firefox] C:\WINDOWS\system32\firefox.exe O4 - HKLM\..\Run: [spySweeper] C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-21-3488923816-2975803588-2091536550-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ellen') O4 - HKUS\S-1-5-21-3488923816-2975803588-2091536550-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Dina') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google-søk - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Koblinger bakover - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Lignende sider - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185913263687 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 11802 bytes Lenke til kommentar
norbat Skrevet 16. november 2007 Del Skrevet 16. november 2007 (endret) Vi kan forsøke følgende: Nullstill gjenopprettingsmappa: Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", Vent med å restarte PC-en Lukk nettleseren og kjør deretter HJT, sett merke framfor følgende linjer og klikk Fix checked: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.no/hws/sb/dell-row/no/side.html?channel=no R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.no/hws/sb/dell-row/no/side.html?channel=no R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.no/hws/sb/dell-row/no/side.html?channel=no R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=2070618 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programfiler\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll (file missing) Bruk utforsker til å slette mappa C:\Programfiler\BAE Restart pc, fjern merket framfor 'Slå av systemgjenopprettingen......" igjen for å aktivere funksjonen. Ut fra det jeg ser er det nå ingen ting i loggen som viser noen form for infeksjoner. Plages du fortsatt, kan du prøve en annen rootkit-scanner, Rootkitbuster fra Trend Micro. Hva forteller den? Hvis ingen ting av dette hjelper, så kan vi legge til en 'blokkering' av www.worldinpink.com i hosts-filen. Endret 16. november 2007 av norbat Lenke til kommentar
jijiji Skrevet 16. november 2007 Forfatter Del Skrevet 16. november 2007 OK. Da var det gjort. Måtte ut i sikkermodus for å få slettet C:\Programfiler\BAE... Vet ikke om det er et godt eller dårlig tegn. Problemer var der fremdeles før jeg gjorde de siste tingene. La oss vente og se. Har jeg rett i å gjette på at dette er et snedig program som har gjemt seg på et sted hvor det er vanskelig å oppdage det? Er det Spyware vi snakker om her? Eller noe annet? Jeg har aldri vært borti lignende og har surfet mye på nettet de siste årene, og har folk i huset som bruker både MSN og Facebook ofte. Lenke til kommentar
norbat Skrevet 16. november 2007 Del Skrevet 16. november 2007 (endret) Mulig dette kan kalles adware og det ligger nok en eller annen henvisning til denne siden på PC-en som forårsaker dette. Hvis det er flere brukerkontoer på PC-en så kan det være at 'problemet' i utg.pkt. ligger på en av de andre. Hvis problemet kommer tilbake, kan muligens en blokkering av siden være en løsning Det du da kan forsøke er følgende: Klikk: Start->Kjør Skriv/kopier inn: notepad %systemroot%\system32\drivers\etc\hosts Skriv/kopier inn følgende, legg det under linja 127.0.0.1 localhost: 127.0.0.1 worldinpink.com www.worldinpink.com Lagre fila Restart Last ned og installer IE7 igjen. Edit: En annen ting som kan være en løsning er å stille PC-en tilbake til før dette begynte (hvis dette da ikke har eksister for lenge). Programmer som du har installert i mellomtiden vil forsvinne, ingen personlig data (dokumenter, mail etc.). Endret 16. november 2007 av norbat Lenke til kommentar
jijiji Skrevet 16. november 2007 Forfatter Del Skrevet 16. november 2007 (endret) Jeg plages fortsatt ja. skal prøve rootkitbuster nå. Der var rootkitBuster: +---------------------------------------------------- | Trend Micro RootkitBuster 1.6 Beta. | Module version: 1.6.0.1052 +---------------------------------------------------- --== Dump Hidden File on C:\ ==-- No hidden files found. --== Dump Hidden Registry Value on HKLM ==-- No hidden registry entries found. --== Dump Hidden Process ==-- No hidden processes found. --== Dump Hidden Driver ==-- No hidden drivers found. Kanskje stille PC-en tilbake er det beste? Hva har jeg å tape på det, hvis vi vet at det fungerer? Endret 16. november 2007 av jijiji Lenke til kommentar
norbat Skrevet 16. november 2007 Del Skrevet 16. november 2007 (endret) Ok, Hvis det ikke finner noe av betydning så kan du bare se på det som står ang. hosts-filen (hvis du da ikke allerede har prøvd det). Hvis dette heller ikke gir noen bedring, så kan som nevnt en systemgjenoppretting til før dette styret begynte, muligens løse problemt. Du har ingen ting å tape på å kjøre en systemgjenoppretting. Du vil miste de programmene du evt. har installert i mellomtiden, men ikke noen personlig data. Systemgjenoppretting: Tilbehør->systemverktøy->systemgjenoppretting. Endret 16. november 2007 av norbat Lenke til kommentar
jijiji Skrevet 16. november 2007 Forfatter Del Skrevet 16. november 2007 Det virker ikke som jeg har noen Systemgjenopprettingspunkter. Jeg tror disse ble slettet da ja haket av for "slå av systemgjenoppretting" tidligere i prosessen... Kalenderen over mulige datoer er ihvertfall tom... Og worldinpink fortsetter og dukke opp. Minst hver halvtime endrer det vinduet jeg jobber i Explorer seg til worldinpink.com og hvis jeg ikke har explorer oppe, åpnes den av seg selv... Lenke til kommentar
norbat Skrevet 17. november 2007 Del Skrevet 17. november 2007 Ja, seff. Det burde jeg husket Her og nå er jeg usikker på hva som trigger dette. At det er irriterende kan jeg godt skjønne. Orker du å kjøre combofix igjen og legge ut loggen... Lenke til kommentar
johome Skrevet 17. november 2007 Del Skrevet 17. november 2007 Hvis det ikke nytter , hvorfor ikke prøve noe annet. Den innebygde firewallen i NIS er ikke noe særlig bra. Prøv å deaktiver den , deretter installerer du Kerio Firewall Jeg har selv vært plaget med pop ups av diverse slag før jeg oppdaget hvor viktig det er å ha en god firewall. Lenke til kommentar
norbat Skrevet 17. november 2007 Del Skrevet 17. november 2007 Et annet alt. kan være å legge til www.worldinpink.com i Restricted sites Fra Internet Explorer: Verktøy->Alternativer for internett. Velg arkfanen Sikkerhet Klikk Begrensede områder og klikk på 'Område'-knappen Skriv inn aktuelle nettadresse® Klikk OK og restart nettleseren. Hva skjer....? Lenke til kommentar
jijiji Skrevet 17. november 2007 Forfatter Del Skrevet 17. november 2007 Her er Combofixloggen: ComboFix 07-11-08.1 - Jon 2007-11-17 12:15:24.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1531 [GMT 1:00] Running from: C:\Documents and Settings\Jon\Skrivebord\Spywareverktøy\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))) . 2007-11-16 16:11 <DIR> d-------- C:\Documents and Settings\Aksel\Programdata\Webroot 2007-11-16 15:26 102,800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-11-15 21:53 <DIR> d-------- C:\Documents and Settings\Jon\Programdata\Sonic 2007-11-15 21:53 <DIR> d-------- C:\Documents and Settings\Jon\Programdata\Leadertech 2007-11-15 15:15 <DIR> d-------- C:\Documents and Settings\Dina\Programdata\Webroot 2007-11-15 14:51 <DIR> d-------- C:\Documents and Settings\Hanna\Programdata\Apple Computer 2007-11-15 14:48 <DIR> d-------- C:\Documents and Settings\Hanna\Programdata\Webroot 2007-11-15 00:48 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-15 00:11 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-11-15 00:11 <DIR> d-------- C:\Documents and Settings\Jon\Programdata\SUPERAntiSpyware.com 2007-11-15 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2007-11-15 00:10 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-11-14 21:33 <DIR> dr-h----- C:\Documents and Settings\Jon\Siste 2007-11-14 21:30 <DIR> d-------- C:\Programfiler\CCleaner 2007-11-14 17:50 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-14 17:33 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata\Webroot 2007-11-14 11:48 <DIR> d-------- C:\Documents and Settings\Ellen\Programdata\Webroot 2007-11-13 23:44 <DIR> d-------- C:\Programfiler\Webroot 2007-11-13 23:44 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\Webroot 2007-11-13 23:44 <DIR> d-------- C:\Documents and Settings\Jon\Programdata\Webroot 2007-11-13 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Webroot 2007-11-13 23:44 1,526,072 --a------ C:\WINDOWS\WRSetup.dll 2007-11-13 23:44 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-11-13 23:44 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-11-13 23:44 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-11-13 23:44 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys 2007-11-13 23:42 164 --a------ C:\install.dat 2007-11-13 19:07 <DIR> d-------- C:\WINDOWS\pss 2007-11-13 11:49 13,824 --a------ C:\WINDOWS\system32\firefox.exe 2007-11-08 11:11 <DIR> d-------- C:\Programfiler\iTunes 2007-11-08 11:11 <DIR> d-------- C:\Programfiler\iPod 2007-11-08 07:45 <DIR> d-------- C:\Documents and Settings\Dina\Programdata\Apple Computer 2007-11-06 21:45 <DIR> d-------- C:\Documents and Settings\Hanna\Programdata\Corel 2007-10-30 19:55 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll 2007-10-30 19:55 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll 2007-10-30 19:55 191,536 --a------ C:\WINDOWS\system32\drivers\symtdi.sys 2007-10-30 19:55 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys 2007-10-30 19:55 39,856 --a------ C:\WINDOWS\system32\drivers\symids.sys 2007-10-30 19:55 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys 2007-10-30 19:55 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys 2007-10-30 19:55 27,696 --a------ C:\WINDOWS\system32\drivers\symredrv.sys 2007-10-30 19:55 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys 2007-10-23 16:43 <DIR> d-------- C:\Documents and Settings\Ellen\Programdata\Apple Computer 2007-10-21 15:11 <DIR> d-------- C:\Documents and Settings\Dina\Programdata\AdobeUM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-17 11:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2007-11-16 21:02 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2007-11-13 18:04 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-13 18:04 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-11-13 18:04 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-11-13 18:04 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-13 18:04 --------- d-----w C:\Programfiler\Symantec 2007-11-13 17:50 --------- d-----w C:\Documents and Settings\Jon\Programdata\Corel 2007-11-08 10:11 --------- d-----w C:\Programfiler\QuickTime 2007-10-31 13:09 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2007-10-30 18:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat 2007-10-30 18:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf 2007-10-25 20:22 --------- d-----w C:\Programfiler\Java 2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-24 18:38 --------- d-----w C:\Documents and Settings\Ellen\Programdata\Corel 2007-10-02 19:13 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2007-10-02 19:13 --------- d-----w C:\Documents and Settings\Jon\Programdata\Apple Computer 2007-10-02 19:13 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2007-10-02 19:10 --------- d-----w C:\Programfiler\Apple Software Update 2007-10-02 19:10 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2007-09-23 22:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\Creative 2007-09-23 18:51 --------- d-----w C:\Documents and Settings\Jon\Programdata\Creative 2007-09-20 20:52 --------- d-----w C:\Programfiler\Norton Internet Security 2007-09-20 00:14 --------- d-----w C:\Programfiler\Windows Media Connect 2 2007-09-19 23:21 --------- d-----w C:\Programfiler\Ellusionist TROUBL_MAKER 2007-09-19 23:20 724,992 ----a-w C:\WINDOWS\iun6002.exe 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-08-31 18:10 3,666,293 ----a-w C:\WINDOWS\LEGO Star Wars.SCR 2007-08-22 12:58 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll 2007-08-22 12:58 665,088 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-22 12:58 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-22 12:58 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-22 12:58 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-22 12:58 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-08-22 12:58 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-22 12:58 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-08-22 12:58 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-08-22 12:58 3,085,824 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-22 12:58 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-08-22 12:58 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-22 12:58 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-22 12:58 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-08-22 12:58 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-22 12:58 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-08-22 12:58 1,054,720 ------w C:\WINDOWS\system32\dllcache\danim.dll 2007-08-22 12:58 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:18 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-20 10:03 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:03 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:03 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:03 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:03 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:03 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-17 10:24 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe . ((((((((((((((((((((((((((((( snapshot@2007-11-14_17.53.35,51 ))))))))))))))))))))))))))))))))))))))))) . + 2007-06-26 14:47:25 851,968 ----a-w C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll + 2005-10-12 23:20:56 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll + 2005-10-12 23:20:56 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe + 2005-10-12 23:20:56 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll + 2005-10-12 23:20:58 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe + 2005-10-12 23:21:02 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll + 2007-11-13 22:40:48 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2007-11-14 23:48:31 3,280,896 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2007-11-14 23:48:31 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2007-11-13 22:40:48 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2007-11-14 23:48:30 3,280,896 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2007-11-14 23:48:30 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2007-11-14 14:13:33 102,400 ----a-r C:\WINDOWS\Installer\{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}\iTunesIco.exe + 2007-11-15 13:51:42 102,400 ----a-r C:\WINDOWS\Installer\{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}\iTunesIco.exe - 2006-11-07 01:26:44 71,680 ----a-w C:\WINDOWS\system32\admparse.dll + 2004-08-04 11:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll - 2007-08-20 10:03:29 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2004-08-04 11:00:00 100,352 ----a-w C:\WINDOWS\system32\advpack.dll - 2007-04-18 12:46:37 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll + 2007-08-22 12:58:13 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll - 2007-04-18 12:46:37 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll + 2007-08-22 12:58:13 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll - 2006-10-17 10:03:56 17,408 ----a-w C:\WINDOWS\system32\corpol.dll + 2004-08-04 11:00:00 35,328 ----a-w C:\WINDOWS\system32\corpol.dll - 2007-04-18 12:46:37 1,054,720 ----a-w C:\WINDOWS\system32\danim.dll + 2007-08-22 12:58:13 1,054,720 ----a-w C:\WINDOWS\system32\danim.dll - 2006-11-07 19:03:36 33,792 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll + 2006-06-02 19:34:07 33,792 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll - 2006-10-17 10:00:00 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll + 2006-05-18 05:45:05 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll - 2007-07-12 23:32:20 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll + 2007-06-26 13:57:31 851,968 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll - 2006-10-17 09:58:06 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2007-08-22 12:58:13 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2007-08-20 10:03:29 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2007-08-22 12:58:13 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2007-08-20 10:03:29 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll + 2007-08-22 12:58:13 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll - 2007-08-17 10:24:08 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2004-08-04 11:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2007-08-20 10:03:30 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2004-08-04 11:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2007-08-20 10:03:30 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2004-08-04 11:00:00 218,624 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2004-08-04 11:00:00 225,280 ----a-w C:\WINDOWS\system32\ieakui.dll - 2007-08-20 10:03:30 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2004-08-04 11:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2006-10-17 10:06:00 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll + 2004-08-04 11:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll - 2006-11-07 19:03:36 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll + 2007-08-22 12:58:13 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll - 2007-08-20 10:03:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2004-08-04 11:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll - 2006-11-07 01:26:42 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll + 2004-08-04 11:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll - 2006-10-17 09:57:58 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll + 2004-08-04 11:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll - 2006-11-07 01:26:24 92,672 ----a-w C:\WINDOWS\system32\inseng.dll + 2007-08-22 12:58:13 96,768 ----a-w C:\WINDOWS\system32\inseng.dll - 2006-10-17 10:00:00 491,520 ----a-w C:\WINDOWS\system32\jscript.dll + 2006-05-18 05:45:05 450,560 ----a-w C:\WINDOWS\system32\jscript.dll - 2007-08-20 10:03:34 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2007-08-22 12:58:13 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2006-10-17 10:05:10 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll + 2004-08-04 11:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll - 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe + 2007-11-01 23:12:58 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe - 2006-10-17 09:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe + 2004-08-04 11:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe - 2007-08-20 10:03:36 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll + 2007-08-22 12:58:14 3,085,824 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-08-20 10:03:36 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2007-08-22 12:58:14 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2006-10-17 09:28:56 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll + 2004-08-04 11:00:00 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll - 2006-11-07 19:03:36 156,160 ----a-w C:\WINDOWS\system32\msls31.dll + 2004-08-04 11:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll - 2007-08-20 10:03:36 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2007-08-22 12:58:14 146,432 ----a-w C:\WINDOWS\system32\msrating.dll - 2007-08-20 10:03:36 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2007-08-22 12:58:14 532,480 ----a-w C:\WINDOWS\system32\mstime.dll - 2007-08-20 10:03:36 102,400 ----a-w C:\WINDOWS\system32\occache.dll + 2004-08-04 11:00:00 96,768 ----a-w C:\WINDOWS\system32\occache.dll - 2006-10-17 09:58:08 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2007-08-22 12:58:14 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2007-04-18 12:46:38 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2007-08-22 12:58:14 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2007-04-18 12:46:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll + 2007-08-22 12:58:14 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll - 2007-08-20 10:03:37 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2004-08-04 11:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll - 2007-08-20 10:03:37 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll + 2007-08-22 12:58:14 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll - 2006-11-07 19:03:36 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll + 2004-08-04 11:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll - 2007-08-20 10:03:37 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll + 2004-08-04 11:00:00 278,016 ----a-w C:\WINDOWS\system32\webcheck.dll - 2007-08-20 10:03:38 824,832 ----a-w C:\WINDOWS\system32\wininet.dll + 2007-08-22 12:58:14 665,088 ----a-w C:\WINDOWS\system32\wininet.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [2005-11-08 05:30 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-03-01 21:00 C:\WINDOWS\system32\CTXFIHLP.EXE] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12] "CTDVDDET"="C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00] "VolPanel"="C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01] "AudioDrvEmulator"="C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-20 13:17] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-02-20 13:16] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22] "Corel Photo Downloader"="C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 14:20] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-10-19 20:16] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-11-02 18:36] "Firefox"="C:\WINDOWS\system32\firefox.exe" [2007-11-13 11:49] "SpySweeper"="C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" R2 IAANTMON;Intel® Matrix Storage Event Monitor;C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaantmon.exe R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-11-15 09:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-11-12 21:50:36 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - Jon.job" - C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-17 12:17:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? CTxfiHlp = CTXFIHLP.EXE? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="\"C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\"" . Completion time: 2007-11-17 12:18:16 C:\ComboFix2.txt ... 2007-11-14 17:54 . --- E O F --- Lenke til kommentar
norbat Skrevet 17. november 2007 Del Skrevet 17. november 2007 Sjekk følgende fil (i fet) på denne nettsiden: http://virusscan.jotti.org/: C:\WINDOWS\iun6002.exe Øverst på nettsiden så kan du laste opp filen for en sjekk. Hvis det blir noen treff, så si i fra. Ut over dette er det som nevnt ingen ting i de loggene du har postet som tilsier at du er infisert av noe. Det er gitt noen ideer til å legge inn aktuelle nettadresse i restricted sites samt bytte av brannmur. Verd et forsøk. Lenke til kommentar
jijiji Skrevet 17. november 2007 Forfatter Del Skrevet 17. november 2007 Da var den filen scannet: Service load: 0% 100% File: iun6002.exe Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: 9433d5ac20edcf7d39c454fe2f67b43d Packers detected: - Bit9 reports: No threat detected (more info) Scanner results Scan taken on 17 Nov 2007 19:58:38 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Selv om vi hittil ikke har funnet noe, er det vel ikk etvil om at det er noe der? Spørsmålet er bare hvor? Å legge inn siden på restricted sites er vel egentlig bare en halvgod løsning, spør du meg. Det må da finnes en måte å bli kvitt viruset på? Det er forøvrig rart at et googlesøk på worldinpink kun gir 3 treff. Jeg kan vel ikke være den eneste som er plaget av dette? Det å innstallere ny brannmur, feks den nevnt over her, vil det muligens løse problemet, eller er det bare for å hindre at siden dukker opp? Eller er det for å beskytte meg mot lignende i fremtiden? SYns egentlig det er irriterende at dette ender med at vi ikke får has på dette problemet. Lenke til kommentar
jijiji Skrevet 17. november 2007 Forfatter Del Skrevet 17. november 2007 Kan loggen til Symantec være til hjelp? Jeg ser at 12/11 står det at "autoprotect har oppdaget Downloader" Risikonivå "Høy" Status "blokkert." Dette gjentar seg deretter 6 ganger den 12/11 7 ganger den 13/11 og 2 ganger den 14/11 I tillegg er det flere tilfeller av "oppdagelse av tracking cookie" go Prøve av Bloodhound.SONAR.1 Men det er bare den første jeg nevnte her som har risiko høy. Før 12/11 er det ingen elementer i loggen. Lenke til kommentar
norbat Skrevet 17. november 2007 Del Skrevet 17. november 2007 (endret) At du har virus, tror jeg ikke. Hvis det er så at denne popuppen kommer med 30 minutters mellomrom, så er det mer at det kanskje er brannmuren som er litt lekk selv om jeg er enig i at noe må trigge dette, fra PC-en. worldinpink.com er også en side som jeg ikke har hørt noe om i antispywarekretser, så noe 'farlig' er det ikke. Irriterende, ja. (Jeg selv får antakelig ikke fred før dette får en løsning....) Norton IS har brannmur (antar du kjører den). Se om ikke det er noen innstillinger der som kan hjelpe. (Innstilllinger->Personlig brannmur->konfigurer). Skal gå litt i tenkeboksen... .... Du har hatt spor av 'msn-virus' i de tidligere loggene, men at dette skal føre det til aktuelle nettside, har jeg aldri hørt om før, men hvem vet. Du kunne kjørt denne msnfix: MSNFix.exe og sett om den finner noe av interesse. Det kunne også vært en ide og prøvd et annet 'rense' program, ATF Cleaner. Lukk alle andre programmer og kjør atf. Velg hva du ønsker å rense. Det du sier om loggen, forteller at brannmuren din gjør jobben sin. Endret 17. november 2007 av norbat Lenke til kommentar
jijiji Skrevet 18. november 2007 Forfatter Del Skrevet 18. november 2007 Da har jeg kjørt msnfix. Underveis fikk jeg beskjed ab Spy Sweeper at filen cmd.exe prøver å få kontakt med internet og endre hosts filen, eller noe slikt. Jeg trykket gjentatte ganger på "block" men da dette ikke virket, trykke tjeg til slutt på "allow" Det sto at dette var en Microsoft fil, så jeg regnet den ikke som veldig farlig. her er msnfix loggen: ------------- BENDEBOYS MSNFIX RAPORT ------------- - Version: 3.6.0.8 - Last Update: 09/11/07 - Scan performed on: 18.11.2007 - 14:32:54,71 By Jon - Bootmode: Normal Mode It is possible to complain about messenger virusses. Visit MalwareComplaints.com for more information! Het is mogelijk om uw beklag te doen tegen messenger virussen. Bezoek MalwareComplaints.com voor meer informatie. ((((((((((((((( CREATED FILES LAST MONTH ))))))))))))))) t:Äu€>˜™ tþÖ˜2Àë4"ÄÐè ˜™¢†–ÐàÐ࢑™€>“™ u$¢—™ Éu Àt‹”– - 1252, 2007-11-13 -23:42:16 - A.... "C:\install.dat" 2007-11-18 -14:15:58 - A.S.. "C:\WINDOWS\bootstat.dat" 2007-10-29 -18:56:20 - A.... "C:\WINDOWS\catchme.exe" 2007-09-20 - 0:20:34 - A.... "C:\WINDOWS\iun6002.exe" 2007-10-01 -16:40:42 - A.... "C:\WINDOWS\WRSetup.dll" 2007-11-13 -11:49:38 - A.... "C:\WINDOWS\system32\firefox.exe" 2007-11-14 - 1:34:40 - A.... "C:\WINDOWS\system32\FNTCACHE.DAT" 2007-09-24 -21:30:28 - A.... "C:\WINDOWS\system32\java.exe" 2007-09-24 -21:30:30 - A.... "C:\WINDOWS\system32\javaw.exe" 2007-11-02 - 0:12:58 - A.... "C:\WINDOWS\system32\MRT.exe" 2007-11-14 - 1:51:50 - A.... "C:\WINDOWS\system32\perfc009.dat" 2007-11-14 - 1:51:50 - A.... "C:\WINDOWS\system32\perfc014.dat" 2007-11-14 - 1:51:50 - A.... "C:\WINDOWS\system32\perfh009.dat" 2007-11-14 - 1:51:50 - A.... "C:\WINDOWS\system32\perfh014.dat" 2007-11-13 -19:04:34 - A.... "C:\WINDOWS\system32\S32EVNT1.DLL" 2007-10-25 -17:44:36 - A.... "C:\WINDOWS\system32\shell32.dll" 2007-10-01 -16:24:34 - A.... "C:\WINDOWS\system32\ssiefr.EXE" 2007-10-30 -19:55:50 - A.... "C:\WINDOWS\system32\SymNeti.dll" 2007-10-30 -19:55:48 - A.... "C:\WINDOWS\system32\SymRedir.dll" 2007-10-01 -16:24:36 - A.... "C:\WINDOWS\system32\WRLogonNtf.dll" 2007-10-01 -16:24:36 - A.... "C:\WINDOWS\system32\wrlzma.dll" 2007-10-29 -16:07:26 - A.... "C:\WINDOWS\system32\xpsp3res.dll" 2007-11-18 - 7:36:22 - A..H. "C:\Documents and Settings\Jon\NTUSER.DAT" 2007-11-13 -23:42:16 - A.... "C:\install.dat" ((((((((((((((( FOUND FILES ))))))))))))))) !! BEFORE FIX !! C:\WINDOWS\System32\javaws.exe !! AFTER FIX !! ((((((((((((((( ShellServiceObjectDelayLoad ))))))))))))))) "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" ---------- END OF LOG ---------- Lenke til kommentar
norbat Skrevet 18. november 2007 Del Skrevet 18. november 2007 Ja, disse fixene kommer noen ganger i søkelyset av noen av-prog. Det er bare å tillate dem. Deretter tar vi og resetter noen innstillinger i IE. Hent følgende fil, pakk den ut og dobbeltklikk på iereg.bat: iereg Etter dette begynner jeg å gå tom for ideer. .. Vi kan sjekke noen logger til for å se om ikke de kan fortelle litt: Fra HJT, velg Misc Tools Velg "Generate Startuplist log. Den loggen poster du sammen med Uninstall-listen som du lager ved å gjøre følgnede fra HJT: Velg Open Uninstall Manager... Velg Save list slik at du kan posten den. I mens noen sjekker disse, kan du samtidig velge "Open AD spy..." fra samme plass i HJT og kjør en scan. Tar få sekunder bare. Lenke til kommentar
jijiji Skrevet 18. november 2007 Forfatter Del Skrevet 18. november 2007 OK. Her er startuplist logg fra HJT: StartupList report, 18.11.2007, 18:15:35 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Jon\Skrivebord\jijiji\jijiji.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\firefox.exe C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\Jon\Skrivebord\jijiji\jijiji.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart] Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE CTxfiHlp = CTXFIHLP.EXE SunJavaUpdateSched = "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" IAAnotif = "C:\Programfiler\Intel\Intel Matrix Storage Manager\Iaanotif.exe" ATICCC = "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay DMXLauncher = "C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" CTDVDDET = "C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" VolPanel = "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r AudioDrvEmulator = "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" UpdReg = C:\WINDOWS\UpdReg.EXE DLA = C:\WINDOWS\System32\DLA\DLACTRLW.EXE ISUSPM Startup = "C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup ISUSScheduler = "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start ccApp = "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" osCheck = "C:\Programfiler\Norton Internet Security\osCheck.exe" Symantec PIF AlertEng = "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" Corel Photo Downloader = "C:\Programfiler\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" QuickTime Task = "C:\Programfiler\QuickTime\qttask.exe" -atboottime iTunesHelper = "C:\Programfiler\iTunes\iTunesHelper.exe" Firefox = C:\WINDOWS\system32\firefox.exe SpySweeper = C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe SUPERAntiSpyware = C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} (no name) - C:\WINDOWS\System32\DLA\DLASHX_W.DLL - {5CA3D70E-1895-11CF-8E15-001234567890} (no name) - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job Norton Internet Security Online - Kjør fullstendig systemsøk - Jon.job -------------------------------------------------- Enumerating Download Program Files: [{31435657-9980-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://www.update.microsoft.com/microsoftu...b?1185913263687 [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 8 067 bytes Report generated in 0,031 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Her er Unistalllist: Adobe Flash Player 9 ActiveX Adobe Reader 7.0.9 Advanced Decoder Patch AppCore Apple Mobile Device Support Apple Software Update ATI Catalyst Control Center ATI Display Driver AV Canon LBP2900 Canon S900 ccCommon CCleaner (remove only) Corel Paint Shop Pro Photo XI Corel Snapfire Plus Creative MediaSource Dell CinePlayer Dell Driver Reset Tool Ellusionist Video Player® Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hurtigreparasjon for Windows Media Player 11 (KB939683) Hurtigreparasjon for Windows XP (KB914440) Intel® Matrix Storage Manager iTunes J2SE Runtime Environment 5.0 Update 6 Java 6 Update 2 Java 6 Update 3 LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 1.1 Norwegian Language Pack Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works MSNFix MSRedist MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Norton AntiVirus Norton Confidential Browser Component Norton Confidential Web Protection Component Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Online (Symantec Corporation) Norton Protection Center Oppdatering for Windows XP (KB894391) Oppdatering for Windows XP (KB898461) Oppdatering for Windows XP (KB900485) Oppdatering for Windows XP (KB904942) Oppdatering for Windows XP (KB910437) Oppdatering for Windows XP (KB911280) Oppdatering for Windows XP (KB916595) Oppdatering for Windows XP (KB920872) Oppdatering for Windows XP (KB922582) Oppdatering for Windows XP (KB927891) Oppdatering for Windows XP (KB930916) Oppdatering for Windows XP (KB933360) Oppdatering for Windows XP (KB936357) Oppdatering for Windows XP (KB938828) QuickTime Roxio DLA Roxio MyDVD LE Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data SearchAssist Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127) Sikkerhetsoppdatering for Windows Media Player 11 (KB936782) Sikkerhetsoppdatering for Windows Media Player 9 (KB917734) Sikkerhetsoppdatering for Windows Media Player 9 (KB936782) Sikkerhetsoppdatering for Windows XP (KB893756) Sikkerhetsoppdatering for Windows XP (KB896428) Sikkerhetsoppdatering for Windows XP (KB899587) Sikkerhetsoppdatering for Windows XP (KB900725) Sikkerhetsoppdatering for Windows XP (KB901017) Sikkerhetsoppdatering for Windows XP (KB902400) Sikkerhetsoppdatering for Windows XP (KB905414) Sikkerhetsoppdatering for Windows XP (KB905749) Sikkerhetsoppdatering for Windows XP (KB911927) Sikkerhetsoppdatering for Windows XP (KB913580) Sikkerhetsoppdatering for Windows XP (KB914389) Sikkerhetsoppdatering for Windows XP (KB917953) Sikkerhetsoppdatering for Windows XP (KB921503) Sikkerhetsoppdatering for Windows XP (KB922819) Sikkerhetsoppdatering for Windows XP (KB923980) Sikkerhetsoppdatering for Windows XP (KB925902) Sikkerhetsoppdatering for Windows XP (KB927779) Sikkerhetsoppdatering for Windows XP (KB928090) Sikkerhetsoppdatering for Windows XP (KB929123) Sikkerhetsoppdatering for Windows XP (KB930178) Sikkerhetsoppdatering for Windows XP (KB931261) Sikkerhetsoppdatering for Windows XP (KB931784) Sikkerhetsoppdatering for Windows XP (KB932168) Sikkerhetsoppdatering for Windows XP (KB933566) Sikkerhetsoppdatering for Windows XP (KB933729) Sikkerhetsoppdatering for Windows XP (KB935839) Sikkerhetsoppdatering for Windows XP (KB935840) Sikkerhetsoppdatering for Windows XP (KB936021) Sikkerhetsoppdatering for Windows XP (KB938127) Sikkerhetsoppdatering for Windows XP (KB938829) Sikkerhetsoppdatering for Windows XP (KB939653) Sikkerhetsoppdatering for Windows XP (KB941202) Sikkerhetsoppdatering for Windows XP (KB943460) Sonic Activation Module Sonic Update Manager Sound Blaster X-Fi SPBBC 32bit Spy Sweeper SUPERAntiSpyware Free Edition URL Assistant Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP hurtigreparasjon - KB885836 Windows XP hurtigreparasjon - KB886185 Windows XP hurtigreparasjon - KB888302 Windows XP hurtigreparasjon - KB890859 En annen ting: Har det noe å si hva slags bruker som gjennomfører disse testene? Burde jeg gjøre dette fra andres brukernavn også? Lenke til kommentar
jijiji Skrevet 18. november 2007 Forfatter Del Skrevet 18. november 2007 I mens noen sjekker disse, kan du samtidig velge "Open AD spy..." fra samme plass i HJT og kjør en scan. Tar få sekunder bare. Denne ene scannen tok et sekund og etterlot ikke engang noen logg. Derfor unchecked jeg "quickscan" og "ignore safe system info streams" og det etterlot en log som inneholder omtrent alle filer og bilder vi har på PC-en. Det er vel ikke meningen jeg skal poste den? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå