Kimelimm Skrevet 24. november 2007 Del Skrevet 24. november 2007 (endret) Hei! Har fått et merklig virus jeg tror kommer fra en araber jeg har på MSN, han sendte en setup fil på 28kb, og sa det var noen små spill, jeg scanna den, og den så fin ut. Jeg var da dum nok til å åpne, og ingenting skjedde, så fikk jeg plutselig "Explorer.exe feilmelding" og tok sikkerhets modus og tok virus scan. Det fjerna seg, så spurte jeg om han sendte meg et virus, han sa han ikke viste det, men sa jeg skulle prøve og åpne filen "DER". Jeg så i Alle Programmer og det lå en fil som heter "DER" der. Jeg åpna den, som han sa ville fjerne viruset, men det skjedde ingenting der heller, så jeg tok og sletta den. Nå så hvis jeg sitter i WInamp eller WMP og trykker på BARE, og da sier jeg, BARE på en av volum knappene på tastaturet, så henger PC-en seg, alt annet funker. Han sa viruset ligger i C/DaS(Documents and settings)/applications, og nå fant jeg en "MGS2" i applications som var register feil eller noe, skal prøve og fjerne det med Ccleaner. EDIT: FAEN! Det er der enda! Hva kan dette være? *hinte til og hente Norbat!* EDIT2: Etter jeg starter PC-en så klikker den barej eg trykker på de 2 volumknappene og, hva kan dette være?! Endret 24. november 2007 av Kimelimm Lenke til kommentar
norbat Skrevet 24. november 2007 Del Skrevet 24. november 2007 Hva med å prøve en systemgjenopretting til før dette oppstod? (Tilbehør->systemverktøy->systemgjenoppretting) Ellers så en hjt-logg ønskelig og evt. en logg fra Combofix Lenke til kommentar
Kimelimm Skrevet 24. november 2007 Forfatter Del Skrevet 24. november 2007 Jeg har slått av systemgjennoprettning fra Min Datmaskin? Lenke til kommentar
norbat Skrevet 24. november 2007 Del Skrevet 24. november 2007 Javel, det var kanskje ikke så lurt? Post gjerne de nevnte logger så tar vi et liten titt på hva dette kan være. Lenke til kommentar
Kimelimm Skrevet 24. november 2007 Forfatter Del Skrevet 24. november 2007 her er HJT loggen. Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:18:44, on 24.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\winsock32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Purrint\Purrint.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MessengerDiscovery\MessengerDiscovery Live.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Kim\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programfiler\TextAloud\TAForIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [] winsock32.exe O4 - HKLM\..\RunServices: [] winsock32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Purrint.lnk = C:\Programfiler\Purrint\Purrint.exe O4 - Global Startup: sd.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5441 bytes Skal komme med den andre inatt ok? Jeg lar den stå over natta for den tar litt tid ok? Vel du kan jo se igjennom HJT imens Jeg er glad jeg kjenner deg altså! Lenke til kommentar
norbat Skrevet 24. november 2007 Del Skrevet 24. november 2007 (endret) Combofix tar ikke så lang tid (vanligvis 15-20 min) Om du ikke har kjørt combofix ennå så gjør følgende: Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKLM\..\Run: [] winsock32.exe O4 - HKLM\..\RunServices: [] winsock32.exe Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\winsock32.exe Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den om slettingen gikk ok. Kjør tidligere nevnte combofix og legg ut loggen Endret 24. november 2007 av norbat Lenke til kommentar
Kimelimm Skrevet 24. november 2007 Forfatter Del Skrevet 24. november 2007 Ok gjort det, men fortsatt ikke fikset... Jeg vet ikke hvor Combofix er heller Lenke til kommentar
norbat Skrevet 25. november 2007 Del Skrevet 25. november 2007 ............. Combofix Lenke til kommentar
Kimelimm Skrevet 25. november 2007 Forfatter Del Skrevet 25. november 2007 Jeg vet det, men jeg mente at jeg ikke vet hvor LOGGEN til combofix er Lenke til kommentar
norbat Skrevet 25. november 2007 Del Skrevet 25. november 2007 (endret) c:\combofix.txt er den vanlige plasseringen (noe du får info om når du kjører programmet ) Endret 25. november 2007 av norbat Lenke til kommentar
Kimelimm Skrevet 25. november 2007 Forfatter Del Skrevet 25. november 2007 jeg fant den ikke, jeg fant inni C:/combofix og der stod det bare ComboFix 07-11-19.3 - Administrator 2007-11-24 23:28:38.1 - NTFSx86 MINIMAL Running from: C:\Documents and Settings\Kim\Skrivebord\ComboFix.exe ... Lenke til kommentar
Kimelimm Skrevet 26. november 2007 Forfatter Del Skrevet 26. november 2007 Må jeg kjøre Combofix en gang til eller? Lenke til kommentar
norbat Skrevet 26. november 2007 Del Skrevet 26. november 2007 Det kan du godt prøve. Uansett, post ny hjt-logg. Lenke til kommentar
Kimelimm Skrevet 26. november 2007 Forfatter Del Skrevet 26. november 2007 Ok dette er problemet, jeg får en error på oppstart av Combofix. Men sjekk dette, jeg scanna med SAS og fjerna 3-6 trojaner greier, men det er ikke fiksa Her er HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:23:46, on 26.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\services.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Purrint\Purrint.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\MessengerDiscovery\MessengerDiscovery Live.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Winamp\winamp.exe C:\Documents and Settings\Kim\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programfiler\TextAloud\TAForIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Purrint.lnk = C:\Programfiler\Purrint\Purrint.exe O4 - Global Startup: sd.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5524 bytes Lenke til kommentar
norbat Skrevet 26. november 2007 Del Skrevet 26. november 2007 (endret) Kjør HJT og fix følgende linje: F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe Last ned SDFix til skrivebordet. Dobbeltklikk på SDFix.exe og det vil pakke seg ut til ei mappe i C:\SDFix Restart PC-en i sikker modus (tapp F8 under oppstart, velg sikker modus) Åpne SDFix-mappa og dobbeltklikk på 'RunThis.bat' for å starte programmet Velg Y for å starte rensingen PC-en vil restarte, og SDFix vil fortsette. Post ny HJT-logg + loggen fra SDFix (vil ligge som Report.txt i SDFix-mappa) I loggen så har du en O4 - Global Startup: sd.exe. Vet du hva dette er? Du kunne ha sjekket fila sd.exe på følgende nettside: http://virusscan.jotti.org/. Hvor denne sd.exe ligger vet jeg ikke. Du kan søke evt. sjekk i system eller system32 Endret 26. november 2007 av norbat Lenke til kommentar
Kimelimm Skrevet 26. november 2007 Forfatter Del Skrevet 26. november 2007 (endret) Nei nå er jeg forbanna, Windows er sikkert ødelagt, fikk error der og, på 75% check eller noe, kan vise deg bildet jeg tok fra mobilen. Jeg har ingen Reparerings cd heller... Hva skal jeg gjøre?! Her er loggen vertfall. Klikk for å se/fjerne innholdet nedenfor SDFix: Version 1.115 Run by Administrator on 2007-11-26 at 16:00 Microsoft Windows XP [Versjon 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Endret 26. november 2007 av Kimelimm Lenke til kommentar
norbat Skrevet 26. november 2007 Del Skrevet 26. november 2007 (endret) Fix nevnte linjer med HJT Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\fservice.exe Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den, men si om fila ble slette. Prøv deretter å kjøre combofix igjen. Om dette ikke går, prøv å kjøre den fra sikker modus (tapp F8 under oppstart, velg sikker modus) Endret 26. november 2007 av norbat Lenke til kommentar
Kimelimm Skrevet 26. november 2007 Forfatter Del Skrevet 26. november 2007 ComboFix 07-11-19.3 - Kim 2007-11-26 21:50:28.3 - NTFSx86 Running from: C:\Documents and Settings\Kim\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\ktd32.atm C:\WINDOWS\system\sservice.exe C:\WINDOWS\system32\awtqq.dll C:\WINDOWS\system32\awtsp.dll C:\WINDOWS\system32\awtsr.dll C:\WINDOWS\system32\awvtq.dll C:\WINDOWS\system32\awvts.dll C:\WINDOWS\system32\awvtu.dll C:\WINDOWS\system32\awvvw.dll C:\WINDOWS\system32\ddaya.dll C:\WINDOWS\system32\ddayv.dll C:\WINDOWS\system32\ddayw.dll C:\WINDOWS\system32\ddcca.dll C:\WINDOWS\system32\ddcyw.dll C:\WINDOWS\system32\ddcyx.dll C:\WINDOWS\system32\ddcyy.dll C:\WINDOWS\system32\dgjlm.bak1 C:\WINDOWS\system32\dgjlm.bak2 C:\WINDOWS\system32\dgjlm.ini C:\WINDOWS\system32\gebca.dll C:\WINDOWS\system32\gebcc.dll C:\WINDOWS\system32\gebya.dll C:\WINDOWS\system32\gebyw.dll C:\WINDOWS\system32\gebyx.dll C:\WINDOWS\system32\geeba.dll C:\WINDOWS\system32\geebb.dll C:\WINDOWS\system32\geebx.dll C:\WINDOWS\system32\geedb.dll C:\WINDOWS\system32\jkhfc.dll C:\WINDOWS\system32\jkhfe.dll C:\WINDOWS\system32\jkhhh.dll C:\WINDOWS\system32\jkkjg.dll C:\WINDOWS\system32\jkkji.dll C:\WINDOWS\system32\jkkjj.dll C:\WINDOWS\system32\jkkjk.dll C:\WINDOWS\system32\jkkli.dll C:\WINDOWS\system32\jkklk.dll C:\WINDOWS\system32\jkkll.dll C:\WINDOWS\system32\mljgf.dll C:\WINDOWS\system32\mljgg.dll C:\WINDOWS\system32\mljjk.dll C:\WINDOWS\system32\mlljh.dll C:\WINDOWS\system32\mllji.dll C:\WINDOWS\system32\mlljk.dll C:\WINDOWS\system32\mllmk.dll C:\WINDOWS\system32\mllmn.dll C:\WINDOWS\system32\pmkhe.dll C:\WINDOWS\system32\pmkhf.dll C:\WINDOWS\system32\pmkhg.dll C:\WINDOWS\system32\pmkhh.dll C:\WINDOWS\system32\pmkhi.dll C:\WINDOWS\system32\pmnlk.dll C:\WINDOWS\system32\pmnll.dll C:\WINDOWS\system32\pmnlm.dll C:\WINDOWS\system32\pmnnk.dll C:\WINDOWS\system32\pmnnl.dll C:\WINDOWS\system32\pmnnm.dll C:\WINDOWS\system32\pmnnn.dll C:\WINDOWS\system32\pmnno.dll C:\WINDOWS\system32\reginv.dll C:\WINDOWS\system32\ssqpm.dll C:\WINDOWS\system32\ssqpn.dll C:\WINDOWS\system32\ssqpq.dll C:\WINDOWS\system32\ssqrs.dll C:\WINDOWS\system32\sstqn.dll C:\WINDOWS\system32\sstqp.dll C:\WINDOWS\system32\ssttt.dll C:\WINDOWS\system32\vtsqn.dll C:\WINDOWS\system32\vtsqo.dll C:\WINDOWS\system32\vtsqp.dll C:\WINDOWS\system32\vtsqr.dll C:\WINDOWS\system32\vtstq.dll C:\WINDOWS\system32\vtstr.dll C:\WINDOWS\system32\vtsts.dll C:\WINDOWS\system32\vtstt.dll C:\WINDOWS\system32\vtstu.dll C:\WINDOWS\system32\vturo.dll C:\WINDOWS\system32\vturp.dll C:\WINDOWS\system32\vturq.dll C:\WINDOWS\system32\vturr.dll C:\WINDOWS\system32\vtutq.dll C:\WINDOWS\system32\winkey.dll C:\WINDOWS\system32\winsys.exe . ((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 ))))))))))))))))))))))))))))))) . 2007-11-26 19:04 <DIR> d-------- C:\Programfiler\mIRC 2007-11-26 18:37 <DIR> d-------- C:\Programfiler\Frets on Fire 2007-11-26 15:58 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-24 20:46 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste 2007-11-24 18:22 <DIR> d-------- C:\Programfiler\Teamspeak2_RC2 2007-11-24 18:22 <DIR> d-------- C:\Documents and Settings\Kim\Programdata\teamspeak2 2007-11-24 18:22 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2007-11-24 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SimCity Societies 2007-11-24 17:40 <DIR> dr-h----- C:\Documents and Settings\Kim\Programdata\SecuROM 2007-11-24 16:52 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2007-11-24 16:51 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2007-11-24 16:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2007-11-24 16:51 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2007-11-24 16:51 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2007-11-24 16:51 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2007-11-24 16:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2007-11-24 16:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2007-11-24 16:51 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2007-11-24 16:51 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2007-11-24 16:34 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-11-24 16:27 <DIR> d-------- C:\WINDOWS\system32\Messenger 2007-11-24 01:41 25,896 --a------ C:\WINDOWS\system32\drivers\scramby.sys 2007-11-23 22:30 <DIR> d-------- C:\Programfiler\Windows Script Control 2007-11-23 22:30 <DIR> d-------- C:\Programfiler\Fellesfiler\e.World 2007-11-23 22:30 <DIR> d-------- C:\PHPMaker 2007-11-23 22:30 153,088 --a------ C:\WINDOWS\system32\UNWISE.EXE 2007-11-23 22:30 9,972 --a------ C:\WINDOWS\system32\phpmkr40is.log 2007-11-23 22:30 0 --a------ C:\WINDOWS\system32\UNWISE.INI 2007-11-23 20:36 <DIR> d-------- C:\Documents and Settings\Kim\Programdata\SecondLife 2007-11-23 20:33 <DIR> d-------- C:\Programfiler\SecondLife 2007-11-23 07:32 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-11-23 07:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-11-23 07:32 <DIR> d-------- C:\Documents and Settings\Kim\Programdata\SUPERAntiSpyware.com 2007-11-23 07:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2007-11-23 05:38 369 --a------ C:\WINDOWS\system32\eudsibh.exe 2007-11-22 19:52 359,040 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL 2007-11-22 19:23 <DIR> d-------- C:\Programfiler\Maxis 2007-11-22 19:04 486 --a------ C:\WINDOWS\eReg.dat 2007-11-22 18:02 <DIR> d-------- C:\Programfiler\OpenTTD 2007-11-18 18:28 <DIR> d-------- C:\vcs5BGEffects 2007-11-18 18:27 <DIR> d-------- C:\Programfiler\AV Vcs 6.0 DIAMOND 2007-11-15 15:00 <DIR> d-------- C:\Documents and Settings\Kim\Programdata\12Voip 2007-11-15 14:59 <DIR> d-------- C:\Programfiler\12Voip.com 2007-11-12 20:36 <DIR> d-------- C:\Programfiler\Windows Journal Viewer 2007-11-12 15:39 <DIR> d-------- C:\Documents and Settings\Kim\.DownloadManager 2007-11-12 14:33 <DIR> d-------- C:\Bilder 2007-11-12 13:32 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2007-11-11 15:43 4 --a------ C:\WINDOWS\system32\ulfconfig0103.ulf 2007-11-11 15:42 <DIR> d-------- C:\Programfiler\Pixologic 2007-11-11 01:35 <DIR> d-------- C:\Programfiler\Blender Foundation 2007-11-10 01:07 <DIR> d-------- C:\Programfiler\Pro-53 2007-11-09 13:48 <DIR> d-------- C:\Programfiler\Bethesda Softworks 2007-11-08 20:57 <DIR> d-------- C:\Programfiler\Fellesfiler\Bcgsoft 2007-11-08 20:56 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-11-08 19:24 <DIR> d-------- C:\Programfiler\The Game Creators 2007-11-08 17:45 <DIR> d-------- C:\Programfiler\Dark Basic Software 2007-11-08 17:43 <DIR> d-------- C:\DarkBasic Professional 2007-11-08 15:47 <DIR> d-------- C:\Programfiler\GameBiz2 2007-11-03 11:46 <DIR> d-------- C:\Programfiler\PowerISO 2007-11-02 07:17 <DIR> d-------- C:\Programfiler\GTR 2 2007-11-01 13:29 <DIR> d-------- C:\Documents and Settings\Kim\Programdata\FileZilla 2007-11-01 13:23 <DIR> d-------- C:\Programfiler\FileZilla Client 2007-10-31 21:20 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2007-10-31 21:20 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll 2007-10-31 21:19 <DIR> d-------- C:\Programfiler\TechSmith 2007-10-31 21:19 <DIR> d-------- C:\Programfiler\Fellesfiler\TechSmith Shared 2007-10-31 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TechSmith 2007-10-31 17:21 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-10-31 17:21 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-10-31 17:20 <DIR> d-------- C:\Programfiler\Logitech 2007-10-31 17:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Logitech 2007-10-31 17:20 159,744 --a------ C:\WINDOWS\system32\WmJoyFrc.dll 2007-10-31 17:20 45,504 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2007-10-31 17:20 22,240 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2007-10-31 17:20 17,632 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys 2007-10-31 17:20 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys 2007-10-31 17:20 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys 2007-10-31 15:11 <DIR> d-------- C:\Programfiler\FDRLab 2007-10-28 20:23 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-10-28 20:23 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-10-28 20:19 <DIR> d-------- C:\Programfiler\Electronic Arts 2007-10-28 20:11 <DIR> d-------- C:\MayaTestInstallationFolder; 2007-10-28 19:49 <DIR> d-------- C:\Incomplete 2007-10-28 18:35 <DIR> d-------- C:\Programfiler\NaturalMotion 2007-10-28 01:52 <DIR> d-------- C:\WINDOWS\Lhsp 2007-10-28 01:06 <DIR> d-------- C:\WINDOWS\speech 2007-10-28 01:06 <DIR> d-------- C:\Programfiler\TextAloud 2007-10-27 11:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-10-27 10:58 <DIR> d-------- C:\Programfiler\clue-by-4.org 2007-10-26 23:32 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-10-26 23:32 <DIR> d-------- C:\Programfiler\Effective Studios 2007-10-26 21:16 <DIR> d-------- C:\Documents and Settings\Kim\Programdata\MixMeister Technology 2007-10-26 21:14 <DIR> d-------- C:\Programfiler\MixMeister Studio 7.1.1 2007-10-26 19:55 <DIR> d-------- C:\Programfiler\Evil Msn 2007-10-26 19:37 <DIR> d-------- C:\CS 2007-10-26 15:03 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2007-10-26 15:03 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-26 20:31 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-11-26 16:29 --------- d-----w C:\Programfiler\Steam 2007-11-25 19:09 --------- d-----w C:\Documents and Settings\Kim\Programdata\uTorrent 2007-11-23 23:05 --------- d-----w C:\Documents and Settings\Kim\Programdata\Skype 2007-11-22 18:52 359,040 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2007-11-21 17:13 --------- d-----w C:\Programfiler\Next Limit 2007-11-19 17:29 --------- d-----w C:\Documents and Settings\Kim\Programdata\LimeWire 2007-11-12 18:12 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2007-11-12 15:21 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-11-10 17:02 --------- d-----w C:\Programfiler\VstPlugins 2007-11-08 16:52 29,392 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 15:54 --------- d-----w C:\Programfiler\LimeWire 2007-10-25 14:21 --------- d-----w C:\Programfiler\MessengerDiscovery 2007-10-24 20:15 --------- d-----w C:\Programfiler\MSN Messenger 2007-10-23 15:25 --------- d-----w C:\Programfiler\uTorrent 2007-10-23 15:06 --------- d-----w C:\Programfiler\CCleaner 2007-10-23 14:29 --------- d-----w C:\Programfiler\Web Publish 2007-10-21 14:40 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment 2007-10-18 15:51 --------- d-----w C:\Programfiler\K-Lite Codec Pack 2007-10-18 15:50 --------- d-----w C:\Programfiler\DivX 2007-10-18 15:47 --------- d-----w C:\Programfiler\VideoLAN 2007-10-18 15:46 --------- d-----w C:\Documents and Settings\Kim\Programdata\vlc 2007-10-18 15:27 --------- d-----w C:\Documents and Settings\Kim\Programdata\Ahead 2007-10-17 17:06 --------- d-----w C:\Programfiler\Sony Ericsson 2007-10-17 16:08 --------- d-----w C:\Programfiler\Purrint 2007-10-17 15:30 --------- d-----w C:\Documents and Settings\Kim\Programdata\Apple Computer 2007-10-16 18:45 --------- d-----w C:\Documents and Settings\Kim\Programdata\Hamachi 2007-10-16 17:49 --------- d-----w C:\Programfiler\Hamachi 2007-10-16 17:48 15,440 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-10-16 14:22 --------- d-----w C:\Programfiler\Fellesfiler\Ahead 2007-10-16 14:18 --------- d-----w C:\Programfiler\Nero 2007-10-16 14:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nero 2007-10-14 14:46 --------- d-----w C:\Programfiler\JFK Reloaded 2007-10-12 21:22 --------- d-----w C:\Programfiler\QuickTime 2007-10-12 21:21 --------- d-----w C:\Programfiler\Apple Software Update 2007-10-12 21:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2007-10-12 21:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2007-10-12 12:33 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet 2007-10-12 12:29 --------- d-----w C:\Programfiler\Bonjour 2007-10-12 12:19 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared 2007-10-12 08:37 --------- d-----w C:\Programfiler\SystemRequirementsLab 2007-10-11 13:00 --------- d-----w C:\Documents and Settings\Kim\Programdata\Media Player Classic 2007-10-10 20:28 --------- d-----w C:\Documents and Settings\Kim\Programdata\Sony 2007-10-10 20:28 --------- d-----w C:\Documents and Settings\Kim\Programdata\Publish Providers 2007-10-10 20:23 --------- d-----w C:\Programfiler\Microsoft SQL Server 2007-10-10 20:22 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony 2007-10-10 20:21 --------- d-----w C:\Programfiler\Sony Setup 2007-10-10 20:21 --------- d-----w C:\Programfiler\Sony 2007-10-10 18:36 --------- d-----w C:\Programfiler\Skype 2007-10-10 18:36 --------- d-----w C:\Programfiler\Fellesfiler\Skype 2007-10-10 18:36 --------- d-----w C:\Documents and Settings\All Users\Programdata\Skype 2007-10-10 14:35 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-10-10 14:05 --------- d-----w C:\Programfiler\Autodesk 2007-10-09 20:18 --------- d-----w C:\Programfiler\DAEMON Tools 2007-10-09 20:16 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-09 20:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-09 20:02 --------- d-----w C:\Programfiler\Rockstar Games 2007-10-09 17:09 --------- d-----w C:\Programfiler\TrackerChecker 2007-10-09 15:32 --------- d-----w C:\Programfiler\Winamp 2007-10-09 14:10 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll 2007-10-09 14:10 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys 2007-10-09 14:09 --------- d-----w C:\Programfiler\GLOBEtrotter Software Inc 2007-10-09 14:04 --------- d-----w C:\Programfiler\Fellesfiler\Autodesk Shared 2007-10-09 14:04 --------- d-----w C:\Programfiler\Fellesfiler\Alias Shared 2007-10-09 11:16 --------- d-----w C:\Programfiler\Java 2007-10-09 11:15 --------- d-----w C:\Programfiler\Fellesfiler\Java 2007-10-09 10:11 --------- d-----w C:\Documents and Settings\Kim\Programdata\fretsonfire 2007-10-09 08:51 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-10-09 08:51 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2007-10-09 08:51 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2007-10-09 08:47 --------- d-----w C:\Programfiler\MagicISO 2007-10-08 19:47 --------- d-----w C:\Programfiler\PowerStrip 2007-10-08 19:46 --------- d-----w C:\Programfiler\Realtek 2007-10-08 19:18 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines 2007-10-08 19:18 --------- d-----w C:\Programfiler\Fellesfiler\ODBC 2007-10-08 18:46 --------- d-----w C:\Programfiler\Image-Line 2007-10-08 18:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\Eset 2007-10-08 17:35 --------- d-----w C:\Programfiler\microsoft frontpage 2007-10-08 17:33 --------- d-----w C:\Programfiler\Elektroniske tjenester 2007-10-08 17:32 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2007-10-08 17:32 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap 2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-09-28 16:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll 2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-09-17 00:10 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-09-17 00:10 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-09-18 15:16] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-08-04 00:15] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe] "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15] "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 14:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Snarvei til egenskapsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15:23 C:\WINDOWS\RTHDCPL.EXE] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06] "UnlockerAssistant"="C:\Programfiler\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19] "PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 --a------ C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] C:\Programfiler\Eset\nod32kui.exe /WAITSERVICE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programfiler\QuickTime\QTTask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Programfiler\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Programfiler\Steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D1A5D75-53BD-DEE3-769B-9D7AC2A758A5}] C:\WINDOWS\system32\Messenger\msn.exe s . Contents of the 'Scheduled Tasks' folder "2007-11-23 21:58:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-26 21:54:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\erdnt ************************************************************************** . Completion time: 2007-11-26 21:55:43 . --- E O F --- Lenke til kommentar
norbat Skrevet 26. november 2007 Del Skrevet 26. november 2007 Ikke rart at PC-en har vært litt kranglete, nei Sjekk følgnede fil (i fet) på dette nettstedet: http://www.virustotal.com/ C:\WINDOWS\system32\eudsibh.exe Kjører PC-en bedre nå? Lenke til kommentar
Kimelimm Skrevet 27. november 2007 Forfatter Del Skrevet 27. november 2007 (endret) Ehm... File eudsibh.exe received on 11.27.2007 07:12:09 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) EDIT: OJ! Nå funker de 2 knappene JEG ELSKER DEG NORBAT TAKK! Endret 27. november 2007 av Kimelimm Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå