Gå til innhold

Mistet "oppgavebehandling" på oppgavelinjen og maskinen kræsjer

nasse222

Av nasse222
i IKT-drift og sikkerhet

Anbefalte innlegg

nasse222

nasse222

Skrevet
Skrevet (endret)

Ms Vista

 

Mistet "oppgavebehandling" på oppgavelinje, får beskjed om at Admistrator har deaktivert den, men min konto er Administrator, og jeg har ikke gjort det.

Og maskinen kræsjer plutselig.

Dette skjedde helt plutselig, maskinen var på topp, jeg hentet ned siste versjon av "DVD REGION + CC FREE" hvis dette skal ha noe å si, men det var på hjemmesiden deres..

 

Kjørt Spywareblaster, fant 2 spuware ,Er borte nå

Kjørt AdAware 2007 , fant 2 trackere/spioner ,Er borte nå

Kjørt SuperAntiSpyware fant enda 2 spywares ,Er borte nå

Kjørt SpyBootSearchAndDestroy, fant 3 problemer ,Er borte og fixet nå

Kjørt Ccleaner , det den fant Er borte nå

 

Kjører Norton AV 2007

Windows Defender (følger med Vista)

Div beskyttelse som er i Vista, brannmur m.m.

 

Kjørt HiJackThis, i loggfilen der står det: (kan noen hjelpe meg å tyde dette som kommer i loggfilen, hva kan fjernes, eller repareres?)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:44:56, on 15.12.2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\ASUS\AASP\1.00.28\aaCenter.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\SpywareBlaster\spywareblaster.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: The ddxbox - {18D19587-63A8-4D24-B79D-267E8A3AB0BF} - C:\Windows\retnsrp.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Ralink Wireless Utility.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://CD-en.scan.onecare.live.com/resourc...o/wlscctrl2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: leorop - {17A04090-5EC2-41AA-AFA7-A3583733F98D} - C:\Windows\leorop.dll (file missing)

O21 - SSODL: nopzet - {5690F0F3-8BDB-4560-A53D-5129A7C38C3E} - C:\Windows\nopzet.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

--

End of file - 7566 bytes

 

Hva betyr alt dette?

 

Takker for hjelp og svar, håper noen kan hjelpe, da jeg er avhengig av maskinen i jobb sammenheng.

Endret av nasse222
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
nasse222

nasse222

Skrevet
  • Forfatter
Skrevet

Tips til alle: last ned det som er anbefalt av programmer mot Spyware og Adaware her på forumet, jeg løste problemet ved å kjøre disse programmene, og ved å kjøre programmer eg har blitt anbefalt i tidligere poster, + at jeg måtte inn og installere passord på min Administrator konto, for å kunne overkjøre kommandoer som virus har gjort!!

 

Refererer til andre poster av meg ( nasse222 ), hvor dere ser hvilke andre Adaware og AntiSpyware prog jeg har blitt anbefalt!

 

Ha en fin dag.

 

Mvh

Nasse

Lenke til kommentar
nasse222

nasse222

Skrevet
  • Forfatter
Skrevet (endret)

ok

Her er full HiJackThis etter alle problem løst:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:44:56, on 15.12.2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\ASUS\AASP\1.00.28\aaCenter.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\SpywareBlaster\spywareblaster.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: The ddxbox - {18D19587-63A8-4D24-B79D-267E8A3AB0BF} - C:\Windows\retnsrp.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Ralink Wireless Utility.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://CD-en.scan.onecare.live.com/resource/...o/wlscctrl2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: leorop - {17A04090-5EC2-41AA-AFA7-A3583733F98D} - C:\Windows\leorop.dll (file missing)

O21 - SSODL: nopzet - {5690F0F3-8BDB-4560-A53D-5129A7C38C3E} - C:\Windows\nopzet.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

--

End of file - 7566 bytes

Endret av nasse222
Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O3 - Toolbar: The ddxbox - {18D19587-63A8-4D24-B79D-267E8A3AB0BF} - C:\Windows\retnsrp.dll

O21 - SSODL: leorop - {17A04090-5EC2-41AA-AFA7-A3583733F98D} - C:\Windows\leorop.dll (file missing)

O21 - SSODL: nopzet - {5690F0F3-8BDB-4560-A53D-5129A7C38C3E} - C:\Windows\nopzet.dll (file missing)

 

Slett deretter følgende fil:

C:\Windows\retnsrp.dll

 

Mulig du må ta den fra sikker modus og slå på "Hvis skjulte filer og mapper".

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix. (vanligvis c:\combofix.txt) + ny hjt-logg.

Lenke til kommentar
nasse222

nasse222

Skrevet
  • Forfatter
Skrevet

Combofix log:

 

ComboFix 07-12-21.4 - Leif-Rune Fauskanger 2007-12-22 18:06:55.1 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1044.18.1146 [GMT 1:00]

Running from: C:\Users\Leif-Rune Fauskanger\Nytt Programmer\Fra 15Des07\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Users\Leif-Rune Fauskanger\AppData\Roaming\inst.exe

 

.

((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))

.

 

2007-12-22 17:41 . 2007-12-22 17:41 <DIR> d-------- C:\Users\All Users\Lavasoft

2007-12-22 17:41 . 2007-12-22 17:41 <DIR> d-------- C:\ProgramData\Lavasoft

2007-12-22 17:32 . 2007-12-22 17:32 685,816 --a------ C:\Windows\System32\drivers\sptd.sys

2007-12-22 15:52 . 2007-12-22 15:52 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2007-12-22 15:52 . 2007-09-28 17:07 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll

2007-12-22 15:52 . 2006-09-24 16:11 389,120 --a------ C:\Windows\System32\lameACM.acm

2007-12-22 15:52 . 2004-01-25 17:18 217,088 --a------ C:\Windows\System32\yv12vfw.dll

2007-12-22 15:52 . 2007-09-28 17:05 81,920 --a------ C:\Windows\System32\dpl100.dll

2007-12-22 15:52 . 2007-07-29 16:51 7,680 --a------ C:\Windows\System32\ff_vfw.dll

2007-12-22 15:52 . 2007-07-10 17:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest

2007-12-22 15:52 . 2007-10-03 16:03 414 --a------ C:\Windows\System32\lame_acm.xml

2007-12-22 15:16 . 2007-12-22 15:16 <DIR> d-------- C:\Program Files\WinAVI Video Converter

2007-12-20 15:39 . 2007-12-20 15:39 138,752 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys

2007-12-20 13:12 . 2007-12-20 23:17 <DIR> d-------- C:\Users\All Users\Spyware Terminator

2007-12-20 13:12 . 2007-12-20 23:17 <DIR> d-------- C:\ProgramData\Spyware Terminator

2007-12-19 20:06 . 2007-12-19 20:06 <DIR> d-------- C:\Windows\System32\EWS

2007-12-19 16:46 . 2007-12-19 16:46 <DIR> d-------- C:\Users\All Users\ESET

2007-12-19 16:46 . 2007-12-19 16:46 <DIR> d-------- C:\ProgramData\ESET

2007-12-19 12:33 . 2007-12-19 12:33 <DIR> d-------- C:\Users\All Users\Avira

2007-12-19 12:33 . 2007-12-19 12:33 <DIR> d-------- C:\ProgramData\Avira

2007-12-19 12:33 . 2007-12-19 12:33 <DIR> d-------- C:\Program Files\Avira

2007-12-18 23:49 . 2007-12-22 17:46 <DIR> d-------- C:\Program Files\DVD Region+CSS Free

2007-12-18 20:32 . 2007-12-18 21:08 <DIR> d-------- C:\Program Files\NeoSmart Technologies

2007-12-18 20:22 . 2007-12-18 20:22 0 --a------ C:\Windows\System32\tviresource.val

2007-12-18 20:09 . 2007-12-18 20:09 <DIR> d-------- C:\Windows\TweakVI

2007-12-17 22:07 . 2007-12-17 22:09 <DIR> d-------- C:\Program Files\Magic Video Converter

2007-12-17 22:07 . 2004-05-26 21:37 719,872 --a------ C:\Windows\System32\devil.dll

2007-12-17 22:07 . 2006-09-16 19:44 314,368 --a------ C:\Windows\System32\avisynth.dll

2007-12-17 15:12 . 2007-12-17 15:15 <DIR> d-------- C:\Users\Leif-Rune Fauskanger\Humor

2007-12-15 19:30 . 2007-12-22 15:07 <DIR> d-------- C:\Program Files\WinClamAVShield

2007-12-15 19:29 . 2007-12-20 13:12 <DIR> d-------- C:\Users\Leif-Rune Fauskanger\AppData\Roaming\Application Data

2007-12-15 19:29 . 2007-12-22 15:15 <DIR> d-------- C:\Program Files\Spyware Terminator

2007-12-15 15:27 . 2007-12-21 19:41 <DIR> d-------- C:\Users\Leif-Rune Fauskanger\Dc++

2007-12-15 15:19 . 2007-12-15 15:19 <DIR> dr------- C:\Users\Leif-Rune Fauskanger\Videos

2007-12-15 15:03 . 2007-12-15 11:42 77,824 --a------ C:\Windows\jokvip.exe

2007-12-15 14:52 . 2007-12-22 17:06 67 --a------ C:\Windows\DVDRegionFree.INI

2007-12-15 14:51 . 2007-12-15 14:52 35,296 --a------ C:\Windows\System32\drivers\Dvd43.sys

2007-12-14 22:12 . 2007-12-22 03:44 <DIR> d-------- C:\Users\Leif-Rune Fauskanger\AppData\Roaming\Winamp

2007-12-14 22:12 . 2007-12-14 22:13 <DIR> d-------- C:\Program Files\Winamp

2007-12-14 19:06 . 2007-12-19 13:24 <DIR> d-------- C:\Program Files\Windows Live Safety Center

2007-12-14 19:03 . 2007-12-14 19:04 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2007-12-14 17:39 . 2007-12-15 17:39 <DIR> d-------- C:\Program Files\CCleaner

2007-12-14 15:24 . 2007-12-14 15:24 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-14 10:52 . 2007-12-14 10:52 <DIR> d-------- C:\Users\Leif-Rune Fauskanger\AppData\Roaming\SUPERAntiSpyware.com

2007-12-14 10:52 . 2007-12-14 10:52 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2007-12-14 10:52 . 2007-12-14 10:52 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2007-12-14 10:52 . 2007-12-20 15:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2007-12-14 10:51 . 2007-12-22 17:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-12-13 18:16 . 2007-12-13 20:14 <DIR> d-------- C:\Users\Leif-Rune Fauskanger\AppData\Roaming\Azureus

2007-12-13 18:16 . 2007-12-13 18:16 <DIR> d-------- C:\Users\All Users\Azureus

2007-12-13 18:16 . 2007-12-13 18:16 <DIR> d-------- C:\ProgramData\Azureus

2007-12-13 18:16 . 2007-12-13 20:15 <DIR> d-------- C:\Program Files\Azureus

2007-12-13 16:31 . 2007-12-13 16:31 <DIR> d-------- C:\Users\All Users\Nero

2007-12-13 16:31 . 2007-12-13 16:31 <DIR> d-------- C:\ProgramData\Nero

2007-12-13 15:54 . 2006-06-08 10:49 344,064 --a------ C:\Windows\System32\drivers\rt73.sys

2007-12-13 15:54 . 2005-12-15 10:38 315,392 --a------ C:\Windows\System32\AegisI5.exe

2007-12-13 15:54 . 2006-06-17 12:29 295,018 --a------ C:\Windows\System32\Install7x.dll

2007-12-13 15:54 . 2007-12-13 15:54 21,275 --a------ C:\Windows\System32\drivers\AegisP.sys

2007-12-13 15:54 . 2005-11-30 11:33 2,048 --a------ C:\Windows\System32\drivers\rt73.bin

2007-12-13 15:54 . 2006-04-03 11:00 61 --a------ C:\Windows\filespec7x

2007-12-12 23:38 . 2007-12-17 22:07 81,920 --a------ C:\Users\Leif-Rune Fauskanger\AppData\Roaming\ezpinst.exe

2007-12-12 22:59 . 2007-12-12 22:59 26 --a------ C:\Windows\dvdSanta.INI

2007-12-12 22:12 . 2007-12-12 22:12 <DIR> d-------- C:\Users\All Users\Avg7

2007-12-12 22:12 . 2007-12-12 22:12 <DIR> d-------- C:\ProgramData\Avg7

2007-12-12 20:25 . 2007-12-17 14:48 <DIR> d-------- C:\TempDVD

2007-12-12 20:24 . 2007-12-13 11:34 <DIR> d-------- C:\Program Files\dvdSanta

2007-12-12 17:17 . 2007-12-12 17:17 <DIR> d-------- C:\Users\Leif-Rune Fauskanger\AppData\Roaming\AdobeUM

2007-12-12 15:40 . 2007-12-12 15:40 <DIR> d-------- C:\Users\All Users\SlySoft

2007-12-12 15:40 . 2007-12-12 15:40 <DIR> d-------- C:\ProgramData\SlySoft

2007-12-12 15:35 . 2007-12-12 16:02 <DIR> d-------- C:\Program Files\SlySoft

2007-12-12 15:35 . 2007-12-12 15:39 24 ---hs---- C:\Windows\SD09CD0C1.tmp

2007-12-12 14:58 . 2007-12-12 14:59 <DIR> d-------- C:\Program Files\Gspot Codex Program

2007-12-12 14:44 . 2007-12-12 14:44 <DIR> d-------- C:\Users\Leif-Rune Fauskanger\AppData\Roaming\Media Player Classic

2007-12-12 09:41 . 2007-12-12 09:41 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2007-12-12 09:31 . 2007-12-12 09:31 89,150 --a------ C:\Users\Leif-Rune Fauskanger\ffdshow.reg

2007-12-12 09:22 . 2007-12-12 09:26 <DIR> d-------- C:\Users\All Users\Memo save stupid creative

2007-12-12 09:22 . 2007-12-12 09:26 <DIR> d-------- C:\Users\All Users\BendBowsSoft

2007-12-12 09:22 . 2007-12-12 09:26 <DIR> d-------- C:\ProgramData\Memo save stupid creative

2007-12-12 09:22 . 2007-12-12 09:26 <DIR> d-------- C:\ProgramData\BendBowsSoft

2007-12-12 03:25 . 2007-12-12 03:25 1,327,104 --a------ C:\Windows\System32\quartz.dll

2007-12-12 03:25 . 2007-12-12 03:25 223,232 --a------ C:\Windows\System32\WMASF.DLL

2007-12-12 03:25 . 2007-12-12 03:25 9,728 --a------ C:\Windows\System32\LAPRXY.DLL

2007-12-12 03:25 . 2007-12-12 03:25 2,048 --a------ C:\Windows\System32\asferror.dll

2007-12-12 03:24 . 2007-12-12 03:24 130,048 --a------ C:\Windows\System32\drivers\srv2.sys

2007-12-12 03:24 . 2007-12-12 03:24 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys

2007-12-12 03:24 . 2007-12-12 03:24 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

2007-12-12 03:24 . 2007-12-12 03:24 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys

2007-12-12 03:18 . 2007-12-12 03:18 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe

2007-12-12 03:18 . 2007-12-12 03:18 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe

2007-12-12 03:15 . 2007-12-12 03:15 2,048 --a------ C:\Windows\System32\tzres.dll

2007-12-09 21:55 . 2007-12-09 21:55 <DIR> d-------- C:\Users\All Users\vsosdk

2007-12-09 21:55 . 2007-12-09 21:55 <DIR> d-------- C:\ProgramData\vsosdk

2007-12-09 18:01 . 2007-12-22 14:46 <DIR> d-------- C:\Users\Leif-Rune Fauskanger\AppData\Roaming\Vso

2007-12-09 18:01 . 2007-12-09 18:01 <DIR> d-------- C:\Program Files\VSO

2007-12-09 18:01 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll

2007-12-09 18:01 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll

2007-12-09 18:01 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll

2007-12-09 18:01 . 2007-12-09 18:01 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys

2007-12-09 18:01 . 2007-12-18 23:24 47,360 --a------ C:\Users\Leif-Rune Fauskanger\AppData\Roaming\pcouffin.sys

2007-12-09 17:53 . 2003-04-18 15:29 44,544 --a------ C:\Windows\System32\msxml4a.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-12 08:40 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-12-12 08:40 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-12-12 08:40 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-12-06 22:43 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-06 22:42 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-12-05 00:07 174 --sha-w C:\Program Files\desktop.ini

2007-12-05 00:03 --------- d-----w C:\Program Files\Windows Mail

2007-12-05 00:03 --------- d-----w C:\Program Files\Windows Defender

2007-12-05 00:03 --------- d-----w C:\Program Files\Windows Calendar

2007-12-04 23:42 8,192 ----a-w C:\Windows\System32\riched32.dll

2007-12-04 23:42 77,824 ----a-w C:\Windows\System32\rascfg.dll

2007-12-04 23:42 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys

2007-12-04 23:42 694,784 ----a-w C:\Windows\System32\localspl.dll

2007-12-04 23:42 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys

2007-12-04 23:42 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys

2007-12-04 23:42 52,736 ----a-w C:\Windows\System32\rasdiag.dll

2007-12-04 23:42 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys

2007-12-04 23:42 384,000 ----a-w C:\Windows\System32\netcfgx.dll

2007-12-04 23:42 36,864 ----a-w C:\Windows\System32\cdd.dll

2007-12-04 23:42 33,280 ----a-w C:\Windows\System32\traffic.dll

2007-12-04 23:42 32,768 ----a-w C:\Windows\System32\rasmxs.dll

2007-12-04 23:42 286,208 ----a-w C:\Windows\System32\ipnathlp.dll

2007-12-04 23:42 22,016 ----a-w C:\Windows\System32\rasser.dll

2007-12-04 23:42 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys

2007-12-04 23:42 15,360 ----a-w C:\Windows\System32\pacerprf.dll

2007-12-04 23:42 134,656 ----a-w C:\Windows\System32\dps.dll

2007-12-04 23:42 13,824 ----a-w C:\Windows\System32\wshqos.dll

2007-12-04 23:42 13,824 ----a-w C:\Windows\System32\icsunattend.exe

2007-12-04 23:40 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2007-12-04 23:40 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2007-12-04 23:40 542,720 ----a-w C:\Windows\System32\sysmain.dll

2007-12-04 23:40 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2007-12-04 23:40 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2007-12-04 23:40 297,984 ----a-w C:\Windows\System32\wlansec.dll

2007-12-04 23:40 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2007-12-04 23:40 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys

2007-12-04 23:40 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2007-12-04 23:40 2,923,520 ----a-w C:\Windows\explorer.exe

2007-12-04 23:40 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2007-12-04 23:34 86,016 ----a-w C:\Windows\System32\icfupgd.dll

2007-12-04 23:34 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2007-12-04 23:34 7,680 ----a-w C:\Windows\System32\spwmp.dll

2007-12-04 23:34 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys

2007-12-04 23:34 61,952 ----a-w C:\Windows\System32\cmifw.dll

2007-12-04 23:34 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2007-12-04 23:34 396,800 ----a-w C:\Windows\System32\MPSSVC.dll

2007-12-04 23:34 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll

2007-12-04 23:34 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2007-12-04 23:34 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys

2007-12-04 23:34 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll

2007-12-04 23:34 16,896 ----a-w C:\Windows\System32\wfapigp.dll

2007-12-04 23:34 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS

2007-12-04 23:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2007-12-04 23:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2007-12-04 23:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2007-12-04 23:32 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2007-12-04 23:30 57,856 ----a-w C:\Windows\System32\SLUINotify.dll

2007-12-04 23:30 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll

2007-12-04 23:30 39,936 ----a-w C:\Windows\System32\slcinst.dll

2007-12-04 23:30 351,232 ----a-w C:\Windows\System32\SLUI.exe

2007-12-04 23:30 33,280 ----a-w C:\Windows\System32\slwmi.dll

2007-12-04 23:30 268,288 ----a-w C:\Windows\System32\mcbuilder.exe

2007-12-04 23:30 223,232 ----a-w C:\Windows\System32\SLC.dll

2007-12-04 23:30 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe

2007-12-04 23:30 186,368 ----a-w C:\Windows\System32\SLLUA.exe

2007-12-04 23:30 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

2007-12-04 23:29 88,576 ----a-w C:\Windows\System32\avifil32.dll

2007-12-04 23:29 84,480 ----a-w C:\Windows\System32\INETRES.dll

2007-12-04 23:29 82,944 ----a-w C:\Windows\System32\mciavi32.dll

2007-12-04 23:29 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr

2007-12-04 23:29 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2007-12-04 23:29 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll

2007-12-04 23:29 69,632 ----a-w C:\Windows\System32\sendmail.dll

2007-12-04 23:29 65,024 ----a-w C:\Windows\System32\avicap32.dll

2007-12-04 23:29 61,440 ----a-w C:\Windows\System32\ntprint.exe

2007-12-04 23:29 31,232 ----a-w C:\Windows\System32\msvidc32.dll

2007-12-04 23:29 269,824 ----a-w C:\Windows\System32\schannel.dll

2007-12-04 23:29 220,160 ----a-w C:\Windows\System32\ntprint.dll

2007-12-04 23:29 123,904 ----a-w C:\Windows\System32\msvfw32.dll

2007-12-04 23:29 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll

2007-12-04 23:29 12,800 ----a-w C:\Windows\System32\msrle32.dll

2007-12-04 23:29 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll

2007-12-04 23:29 1,984,512 ----a-w C:\Windows\System32\authui.dll

2007-12-04 19:25 319,456 ----a-w C:\Windows\DIFxAPI.dll

2007-12-04 19:25 --------- d-----w C:\Program Files\Realtek

2007-12-04 18:41 --------- d-sh--w C:\ProgramData\Start-meny

2007-12-04 18:41 --------- d-sh--w C:\ProgramData\Skrivebord

2007-12-04 18:41 --------- d-sh--w C:\ProgramData\Programdata

2007-12-04 18:41 --------- d-sh--w C:\ProgramData\Maler

2007-12-04 18:41 --------- d-sh--w C:\ProgramData\Favoritter

2007-12-04 18:41 --------- d-sh--w C:\ProgramData\Dokumenter

2007-12-04 18:41 --------- d-sh--w C:\Program Files\Fellesfiler

2007-10-22 02:37 17,928 ----a-w C:\Windows\System32\X3DAudio1_2.dll

2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll

2007-10-15 07:22 315,392 ----a-w C:\Windows\HideWin.exe

2007-09-28 16:05 739,840 ----a-w C:\Windows\System32\divx.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-05 00:37]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 12:04 C:\Windows\RtHDVCpl.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-19 12:36]

"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-12-20 13:12]

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52]

"DVD43"="C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe" [2006-10-26 15:58]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 15:18 49152]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]

C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch PC Probe II]

C:\Program Files\ASUS\PC Probe II\Probe2.exe 1

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\more link]

2007-12-13 12:26 176144 --a------ C:\ProgramData\corn once once.idhfke9

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 15:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

 

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2007-12-20 15:39]

R3 Dvd43;Dvd43;C:\Windows\system32\DRIVERS\Dvd43.sys [2007-12-15 14:52]

R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-05-11 16:40]

R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 21:09]

R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-01-09 20:11]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient

LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

rsmsvcs REG_MULTI_SZ ntmssvc

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

*Newly Created Service* - SPTD

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {3A4E5ABE-E56F-CF60-9F13-8AB5B29C8960} /qb

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{47E99402-866C-DD60-1A42-7A8BE145489A}]

C:\Program Files\wsftp\o-o-b.exe s

.

Contents of the 'Scheduled Tasks' folder

"2007-12-14 18:04:06 C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2007-12-22 01:00:12 C:\Windows\Tasks\User_Feed_Synchronization-{2F976175-2980-48DB-A5D1-68C0BCA8ECA5}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-22 18:09:01

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-22 18:09:33

.

2007-12-21 10:59:12 --- E O F ---

 

 

Ny HiJackThis log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:12:04, on 22.12.2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

End of file - 6713 bytes

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...