ellys Skrevet 21. januar 2008 Del Skrevet 21. januar 2008 Fikk msn viruset igår, det med se her nettby bilde etc ^^ Supert om noen kunne sett over loggen og se om jeg har klart å fjerne det Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:49, on 2008-01-21 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe C:\Program Files\HP\QuickPlay\QPService .exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper .exe C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe C:\Program Files\MSN Messenger\MsnMsgr .Exe C:\Program Files\Synaptics\SynTP\SynTPEnh .exe C:\Windows\system32\rundll32.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Users\Terje\Desktop\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\Windows\system32\ddaaw.exe O1 - Hosts: ::1 localhost O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuspp.dll,#1 O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10517 bytes Lenke til kommentar
norbat Skrevet 21. januar 2008 Del Skrevet 21. januar 2008 Kjør HJT, sett merke framfor følgende linjer og klikk Fix checked:. O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuspp.dll,#1 Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
ellys Skrevet 21. januar 2008 Forfatter Del Skrevet 21. januar 2008 ComboFix 08-01-20.1 - Terje 2008-01-21 15:18:13.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1312 [GMT 1:00] Running from: C:\Users\Terje\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . eneste den poster, men virka ikke som den kjørte helt som den skulle. Gikk vekk fra pcn mens den kjørte når jeg kom tilbake måtte jeg via kommando linja og kjøre explorer.exe. Lenke til kommentar
norbat Skrevet 21. januar 2008 Del Skrevet 21. januar 2008 Ok, Ville ha prøvd og kjørt fra Sikker modus for å se om den kjører bedre derfra. Lenke til kommentar
ellys Skrevet 21. januar 2008 Forfatter Del Skrevet 21. januar 2008 ComboFix 08-01-20.1 - Terje 2008-01-21 15:41:10.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1253 [GMT 1:00] Running from: C:\Users\Terje\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . Overlay aborted ... Please run ComboFix once more ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\QuickPlay\QPService .exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\iTunes\iTunesHelper .exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr .Exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\QTTask .exe C:\Program Files\QuickTime\QTTask .exe C:\Program Files\QuickTime\QTTask .exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Synaptics\SynTP\SynTPEnh .exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\ddaaw.dll C:\Windows\system32\ddaaw.exe C:\Windows\system32\geefc.dll C:\Windows\System32\waadd.ini C:\Windows\System32\waadd.ini2 . ---- Previous Run ------- . C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\QuickPlay\QPService .exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\iTunes\iTunesHelper .exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr .Exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\QTTask .exe C:\Program Files\QuickTime\QTTask .exe C:\Program Files\QuickTime\QTTask .exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Synaptics\SynTP\SynTPEnh .exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\ddaaw.exe C:\Windows\System32\waadd.ini C:\Windows\System32\waadd.ini2 <pre> C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe ---> QooBox C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe ---> QooBox C:\Program Files\HP\QuickPlay\QPService .exe ---> QooBox C:\Program Files\iTunes\iTunesHelper .exe ---> QooBox C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ---> QooBox C:\Program Files\MSN Messenger\MsnMsgr .Exe ---> QooBox C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe ---> QooBox C:\Program Files\Synaptics\SynTP\SynTPEnh .exe ---> QooBox </pre> . . ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))) . 2008-01-21 14:35 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe 2008-01-16 17:08 . 2008-01-21 15:26 <DIR> d-------- C:\Program Files\iTunes 2008-01-16 17:08 . 2008-01-16 17:08 <DIR> d-------- C:\Program Files\iPod 2008-01-16 17:08 . 2008-01-21 15:08 54,156 --ah----- C:\Windows\QTFont.qfn 2008-01-16 17:08 . 2008-01-16 17:08 1,409 --a------ C:\Windows\QTFont.for 2008-01-16 17:06 . 2008-01-21 15:26 <DIR> d-------- C:\Program Files\QuickTime 2008-01-16 09:53 . 2008-01-16 09:53 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-01-16 09:53 . 2008-01-16 09:53 <DIR> d-------- C:\ProgramData\Lavasoft 2008-01-16 09:53 . 2008-01-16 09:53 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-16 09:52 . 2008-01-16 09:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\Windows\System32\QuickTime.qts 2008-01-09 11:15 . 2008-01-09 11:15 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-01-09 11:15 . 2008-01-09 11:15 216,760 --a------ C:\Windows\System32\drivers\netio.sys 2008-01-09 11:15 . 2008-01-09 11:15 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-01-09 11:15 . 2008-01-09 11:15 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-01-09 11:15 . 2008-01-09 11:15 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-01-09 11:14 . 2008-01-09 11:14 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-09 11:14 . 2008-01-09 11:14 1,686,016 --a------ C:\Windows\System32\gameux.dll 2008-01-09 11:13 . 2008-01-09 11:13 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-01-09 11:13 . 2008-01-09 11:13 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-01-09 11:13 . 2008-01-09 11:13 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-01-09 11:13 . 2008-01-09 11:13 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-01-09 11:13 . 2008-01-09 11:13 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-01-09 11:13 . 2008-01-09 11:13 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-01-09 11:13 . 2008-01-09 11:13 15,928 --a------ C:\Windows\System32\drivers\pciide.sys 2008-01-09 11:13 . 2008-01-09 11:13 11,776 --a------ C:\Windows\System32\sbunattend.exe 2007-12-26 00:00 . 2007-12-26 00:47 651,307 --a------ C:\PokerStars.log.0 2007-12-25 17:51 . 2008-01-08 09:02 <DIR> d-------- C:\Users\Terje\AppData\Roaming\Apple Computer 2007-12-25 17:49 . 2007-12-25 17:50 <DIR> d-------- C:\Users\All Users\Apple Computer 2007-12-25 17:49 . 2007-12-25 17:50 <DIR> d-------- C:\ProgramData\Apple Computer 2007-12-25 17:47 . 2007-12-25 17:47 <DIR> d-------- C:\Program Files\Apple Software Update 2007-12-25 17:46 . 2007-12-25 17:46 <DIR> d-------- C:\Program Files\Common Files\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-21 14:26 --------- d-----w C:\Program Files\MSN Messenger 2008-01-21 14:09 27,335 ----a-w C:\Users\Terje\AppData\Roaming\nvModes.dat 2008-01-20 17:33 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-01-20 17:33 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-01-20 17:33 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-01-20 17:33 --------- d-----w C:\Program Files\Symantec 2008-01-16 17:29 --------- d-----w C:\Users\Terje\AppData\Roaming\uTorrent 2008-01-12 22:14 --------- d-----w C:\Users\Terje\AppData\Roaming\mIRC 2008-01-12 15:05 --------- d-----w C:\Program Files\mIRC 2008-01-09 10:28 --------- d-----w C:\Program Files\Windows Mail 2008-01-09 10:14 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-09 10:14 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-01-09 10:14 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-01-09 10:14 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-01-09 10:13 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-06 14:43 --------- d-----w C:\Users\Terje\AppData\Roaming\Nokia 2007-12-30 01:50 --------- d-----w C:\Program Files\PokerStars 2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe 2007-12-13 00:49 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-13 00:49 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-13 00:49 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-12-13 00:48 824,832 ----a-w C:\Windows\System32\wininet.dll 2007-12-13 00:48 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-13 00:48 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-13 00:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-13 00:47 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-13 00:47 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-13 00:47 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-13 00:47 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-13 00:46 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe 2007-12-13 00:46 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe 2007-12-10 23:21 --------- d-----w C:\ProgramData\Symantec 2007-12-10 20:14 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-10 19:44 --------- d-----w C:\Program Files\Firaxis Games 2007-11-30 22:57 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys 2007-11-30 22:57 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys 2007-11-30 22:57 279,088 ----a-w C:\Windows\system32\drivers\srtsp.sys 2007-11-30 22:57 10,549 ----a-w C:\Windows\system32\drivers\srtspx.cat 2007-11-30 22:57 10,549 ----a-w C:\Windows\system32\drivers\srtspl.cat 2007-11-30 22:57 10,545 ----a-w C:\Windows\system32\drivers\srtsp.cat 2007-11-30 22:57 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf 2007-11-30 22:57 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf 2007-11-30 22:57 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf 2007-11-26 13:47 --------- d-----w C:\Users\Terje\AppData\Roaming\Logitech 2007-11-26 13:47 --------- d-----w C:\ProgramData\LogiShrd 2007-11-26 13:46 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2007-11-26 13:46 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2007-11-26 13:44 --------- d-----w C:\Users\Terje\AppData\Roaming\InstallShield 2007-11-26 13:44 --------- d-----w C:\ProgramData\Logitech 2007-11-26 13:44 --------- d-----w C:\Program Files\Logitech 2007-11-26 13:44 --------- d-----w C:\Program Files\Common Files\Logitech 2007-11-25 21:17 --------- d-----w C:\Program Files\Betsson Poker 2007-11-22 07:29 --------- d-----w C:\Program Files\Norton Internet Security 2007-11-14 17:17 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-11-14 17:17 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-11-14 17:17 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-11-14 17:17 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-11-14 17:17 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-11-14 17:17 297,984 ----a-w C:\Windows\System32\wlansec.dll 2007-11-14 17:17 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2007-11-14 17:17 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-11-14 17:17 2,923,520 ----a-w C:\Windows\explorer.exe 2007-11-14 17:17 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-11-14 17:16 8,704 ----a-w C:\Windows\System32\hcrstco.dll 2007-11-14 17:16 8,704 ----a-w C:\Windows\System32\hccoin.dll 2007-11-14 17:15 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2007-08-29 23:56 174 --sha-w C:\Program Files\desktop.ini 2007-08-28 06:47 0 ----a-w C:\Users\Terje\AppData\Roaming\wklnhst.dat 2007-09-02 16:30 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-09-02 16:30 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-09-02 16:30 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-27 19:42 1006264] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 04:59 115816] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 10:38 159744] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-22 21:35 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-22 21:35 8433664] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-22 21:35 81920] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 23:01:50 734872] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 12:11:50 719664] Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 00:48:20 40048] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-26 14:44:40 692224] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}"= C:\Windows\system32\geefc.dll [ ] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\ddaaw R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071020.002\IDSvix86.sys [2007-09-13 15:49] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-19 00:37] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 05:27] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-04-18 09:51] R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-04-18 09:51] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-18 09:51] R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 00:50] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 16:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bthsvcs REG_MULTI_SZ BthServ iissvcs REG_MULTI_SZ w3svc was *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-01-07 19:57:58 C:\Windows\Tasks\Norton Internet Security - Kjør fullstendig systemsøk - Terje.job" Står i loggen at jeg skal kjøre enda en gang til, så kjører vel 3 gangen nuh Tusen takk for hjelpen så langt, gull at noen hjelper medmennesker i trøbbel Lenke til kommentar
ellys Skrevet 21. januar 2008 Forfatter Del Skrevet 21. januar 2008 ComboFix 08-01-20.1 - Terje 2008-01-21 15:55:59.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1323 [GMT 1:00] Running from: C:\Users\Terje\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\QuickPlay\QPService .exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\iTunes\iTunesHelper .exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr .Exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\QuickTime\QTTask .exe C:\Program Files\QuickTime\QTTask .exe C:\Program Files\QuickTime\QTTask .exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Synaptics\SynTP\SynTPEnh .exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\ddaaw.dll C:\Windows\system32\ddaaw.exe C:\Windows\system32\geefc.dll C:\Windows\System32\waadd.ini C:\Windows\System32\waadd.ini2 <pre> C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe ---> QooBox C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe ---> QooBox C:\Program Files\HP\QuickPlay\QPService .exe ---> QooBox C:\Program Files\iTunes\iTunesHelper .exe ---> QooBox C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ---> QooBox C:\Program Files\MSN Messenger\MsnMsgr .Exe ---> QooBox C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe ---> QooBox C:\Program Files\Synaptics\SynTP\SynTPEnh .exe ---> QooBox </pre> . . ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))) . 2008-01-21 14:35 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe 2008-01-16 17:08 . 2008-01-21 15:26 <DIR> d-------- C:\Program Files\iTunes 2008-01-16 17:08 . 2008-01-16 17:08 <DIR> d-------- C:\Program Files\iPod 2008-01-16 17:08 . 2008-01-21 15:08 54,156 --ah----- C:\Windows\QTFont.qfn 2008-01-16 17:08 . 2008-01-16 17:08 1,409 --a------ C:\Windows\QTFont.for 2008-01-16 17:06 . 2008-01-21 15:26 <DIR> d-------- C:\Program Files\QuickTime 2008-01-16 09:53 . 2008-01-16 09:53 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-01-16 09:53 . 2008-01-16 09:53 <DIR> d-------- C:\ProgramData\Lavasoft 2008-01-16 09:53 . 2008-01-16 09:53 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-16 09:52 . 2008-01-16 09:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\Windows\System32\QuickTime.qts 2008-01-09 11:15 . 2008-01-09 11:15 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-01-09 11:15 . 2008-01-09 11:15 216,760 --a------ C:\Windows\System32\drivers\netio.sys 2008-01-09 11:15 . 2008-01-09 11:15 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-01-09 11:15 . 2008-01-09 11:15 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-01-09 11:15 . 2008-01-09 11:15 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-01-09 11:14 . 2008-01-09 11:14 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-09 11:14 . 2008-01-09 11:14 1,686,016 --a------ C:\Windows\System32\gameux.dll 2008-01-09 11:13 . 2008-01-09 11:13 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-01-09 11:13 . 2008-01-09 11:13 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-01-09 11:13 . 2008-01-09 11:13 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-01-09 11:13 . 2008-01-09 11:13 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-01-09 11:13 . 2008-01-09 11:13 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-01-09 11:13 . 2008-01-09 11:13 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-01-09 11:13 . 2008-01-09 11:13 15,928 --a------ C:\Windows\System32\drivers\pciide.sys 2008-01-09 11:13 . 2008-01-09 11:13 11,776 --a------ C:\Windows\System32\sbunattend.exe 2007-12-26 00:00 . 2007-12-26 00:47 651,307 --a------ C:\PokerStars.log.0 2007-12-25 17:51 . 2008-01-08 09:02 <DIR> d-------- C:\Users\Terje\AppData\Roaming\Apple Computer 2007-12-25 17:49 . 2007-12-25 17:50 <DIR> d-------- C:\Users\All Users\Apple Computer 2007-12-25 17:49 . 2007-12-25 17:50 <DIR> d-------- C:\ProgramData\Apple Computer 2007-12-25 17:47 . 2007-12-25 17:47 <DIR> d-------- C:\Program Files\Apple Software Update 2007-12-25 17:46 . 2007-12-25 17:46 <DIR> d-------- C:\Program Files\Common Files\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-21 14:26 --------- d-----w C:\Program Files\MSN Messenger 2008-01-21 14:09 27,335 ----a-w C:\Users\Terje\AppData\Roaming\nvModes.dat 2008-01-20 17:33 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-01-20 17:33 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-01-20 17:33 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-01-20 17:33 --------- d-----w C:\Program Files\Symantec 2008-01-16 17:29 --------- d-----w C:\Users\Terje\AppData\Roaming\uTorrent 2008-01-12 22:14 --------- d-----w C:\Users\Terje\AppData\Roaming\mIRC 2008-01-12 15:05 --------- d-----w C:\Program Files\mIRC 2008-01-09 10:28 --------- d-----w C:\Program Files\Windows Mail 2008-01-09 10:13 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-06 14:43 --------- d-----w C:\Users\Terje\AppData\Roaming\Nokia 2007-12-30 01:50 --------- d-----w C:\Program Files\PokerStars 2007-12-13 00:47 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-13 00:47 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-13 00:47 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-13 00:47 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-10 23:21 --------- d-----w C:\ProgramData\Symantec 2007-12-10 20:14 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-10 19:44 --------- d-----w C:\Program Files\Firaxis Games 2007-11-30 22:57 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys 2007-11-30 22:57 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys 2007-11-30 22:57 279,088 ----a-w C:\Windows\system32\drivers\srtsp.sys 2007-11-30 22:57 10,549 ----a-w C:\Windows\system32\drivers\srtspx.cat 2007-11-30 22:57 10,549 ----a-w C:\Windows\system32\drivers\srtspl.cat 2007-11-30 22:57 10,545 ----a-w C:\Windows\system32\drivers\srtsp.cat 2007-11-30 22:57 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf 2007-11-30 22:57 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf 2007-11-30 22:57 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf 2007-11-26 13:47 --------- d-----w C:\Users\Terje\AppData\Roaming\Logitech 2007-11-26 13:47 --------- d-----w C:\ProgramData\LogiShrd 2007-11-26 13:46 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2007-11-26 13:46 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2007-11-26 13:44 --------- d-----w C:\Users\Terje\AppData\Roaming\InstallShield 2007-11-26 13:44 --------- d-----w C:\ProgramData\Logitech 2007-11-26 13:44 --------- d-----w C:\Program Files\Logitech 2007-11-26 13:44 --------- d-----w C:\Program Files\Common Files\Logitech 2007-11-25 21:17 --------- d-----w C:\Program Files\Betsson Poker 2007-11-22 07:29 --------- d-----w C:\Program Files\Norton Internet Security 2007-08-29 23:56 174 --sha-w C:\Program Files\desktop.ini 2007-08-28 06:47 0 ----a-w C:\Users\Terje\AppData\Roaming\wklnhst.dat 2007-09-02 16:30 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-09-02 16:30 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-09-02 16:30 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-01-21_15.52.23.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-21 14:48:59 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-01-21 15:00:43 67,584 --s-a-w C:\Windows\bootstat.dat + 2000-08-31 07:00:00 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE - 2008-01-21 14:10:12 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-01-21 14:50:42 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-01-21 14:49:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-01-21 15:01:17 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-01-21 14:09:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-01-21 14:52:36 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-01-21 14:49:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-01-21 15:01:17 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-01-21 15:01:17 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-01-21 14:14:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-01-21 14:54:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-01-21 14:14:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-01-21 14:54:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-01-21 14:14:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-01-21 14:54:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-01-21 14:10:55 10,532 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3693837843-809768468-307955974-1000_UserData.bin + 2008-01-21 14:51:47 10,922 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3693837843-809768468-307955974-1000_UserData.bin - 2008-01-21 14:10:54 88,422 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-01-21 14:51:47 88,632 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-27 19:42 1006264] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 04:59 115816] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 10:38 159744] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-22 21:35 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-22 21:35 8433664] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-22 21:35 81920] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 23:01:50 734872] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 12:11:50 719664] Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 00:48:20 40048] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-26 14:44:40 692224] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}"= C:\Windows\system32\geefc.dll [ ] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071020.002\IDSvix86.sys [2007-09-13 15:49] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-19 00:37] R2 NetPipeActivator;Net.Pipe-lytteadapter;"C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [2006-11-02 13:36] R2 NetTcpActivator;Net.Tcp-lytteadapter;"C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [2006-11-02 13:36] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 05:27] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-04-18 09:51] R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-04-18 09:51] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-18 09:51] R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 00:50] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55] S2 NetMsmqActivator;Net.Msmq-lytteadapter;"C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [2006-11-02 13:36] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 16:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bthsvcs REG_MULTI_SZ BthServ iissvcs REG_MULTI_SZ w3svc was *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-01-07 19:57:58 C:\Windows\Tasks\Norton Internet Security - Kjør fullstendig systemsøk - Terje.job" Da var 3 gjennomkjøring ferdig, ingen beskjeder om at jeg bør kjøre enda en til nå. Noe man kan lese ut fra denne nå? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå