Tomhah Skrevet 25. februar 2008 Del Skrevet 25. februar 2008 (endret) Hei, jeg har fått virus. Jeg brukte først SAS og scannet PCn, men så fant jeg ut at ikke alt var borte, fordi den vil bytte til en annen hjemmeside for hver gang jeg trykker refresh, eller går inn på en annen side. Men jeg bruker den hjemmeside blokkereren fra SAS, så jeg ser når den vil bytte ( ja, den vil bytte hele tiden! ). Men ja, jeg tenkte jeg skulle gjøre det "ordentlig". Derfor kjørte jeg først CCleaner, og deretter SAS igjen, derfor legger jeg ut den siste SAS loggen, men dere kan også få den første viss dere vil, der har den jo slettet mest. Videre kjørte jeg combofix, og så HJT til slutt. SAS-logg: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/25/2008 at 05:27 PM Application Version : 3.9.1008 Core Rules Database Version : 3398 Trace Rules Database Version: 1390 Scan type : Complete Scan Total Scan Time : 00:37:26 Memory items scanned : 532 Memory threats detected : 0 Registry items scanned : 4980 Registry threats detected : 0 File items scanned : 40294 File threats detected : 1 Adware.E404 Helper/Variant-A C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A7EFCC1-6743-4D53-A83B-74FFE4790F08}\RP92\A0017420.DLL Combofix-logg: ComboFix 08-02-25.3 - Tommy 2008-02-25 17:45:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1305 [GMT 1:00] Running from: C:\Documents and Settings\Tommy\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Helper C:\Program Files\VirusHeat 4.3 C:\Program Files\VirusHeat 4.3\vht.dat C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe C:\setup.exe . ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))) . 2008-02-25 16:10 . 2008-02-25 16:10 <DIR> d-------- C:\Program Files\CCleaner 2008-02-25 15:19 . 2008-02-25 16:06 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\AVG7 2008-02-25 15:18 . 2008-02-25 15:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-02-25 15:18 . 2008-02-25 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-25 15:18 . 2008-02-25 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-02-25 14:59 . 2008-02-25 16:08 <DIR> d-------- C:\Program Files\NetProject 2008-02-24 19:01 . 2008-02-24 19:02 <DIR> d-------- C:\netkar 2008-02-23 14:39 . 2008-02-23 14:39 <DIR> d-------- C:\DAEMON Tools 2008-02-22 22:40 . 2008-02-22 22:40 <DIR> d-------- C:\Program Files\Oxygen Interactive 2008-02-22 11:24 . 2008-02-22 11:24 <DIR> d-------- C:\Program Files\Codemasters 2008-02-22 10:39 . 2008-02-22 10:39 35,742 --a------ C:\ToCA Race Driver 3[1].rar [mininova].torrent 2008-02-21 18:55 . 2008-02-21 19:18 <DIR> d-------- C:\Program Files\Rigs of Rods 0.34 2008-02-21 16:43 . 2008-02-21 16:43 <DIR> d-------- C:\Program Files\MVM 2005 - Toca Race Driver 2008-02-20 02:08 . 2008-02-20 02:08 14,381 --a------ C:\[pc-full-ita]-Toca Race driver [mininova].torrent 2008-02-20 02:01 . 2008-02-21 16:42 <DIR> d--h----- C:\Program Files\FX Uninstall Information 2008-02-19 19:23 . 2008-02-19 19:23 788 --a------ C:\ExperienceViewer.error 2008-02-19 19:15 . 2008-02-19 19:25 18,465 --a------ C:\2008-02-19.hrf 2008-02-19 19:08 . 2008-02-19 19:23 <DIR> d-------- C:\logs 2008-02-19 19:08 . 2008-02-19 19:08 <DIR> d-------- C:\Lineups 2008-02-19 19:08 . 2008-02-19 19:08 <DIR> d-------- C:\Info 2008-02-19 19:08 . 2008-02-19 19:25 <DIR> d-------- C:\db 2008-02-19 19:08 . 2008-02-19 19:24 489 --a------ C:\user.xml 2008-02-19 15:59 . 2008-02-19 15:59 16,286,197 --a------ C:\dynamic text tutorial.wmv 2008-02-19 14:35 . 2008-02-19 14:35 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Publish Providers 2008-02-19 14:35 . 2008-02-21 17:34 156 --a------ C:\WINDOWS\Twunk001.MTX 2008-02-19 14:35 . 2008-02-21 17:34 3 --a------ C:\WINDOWS\Twain001.Mtx 2008-02-19 14:35 . 2008-02-19 14:35 0 --a------ C:\WINDOWS\Twunk002.MTX 2008-02-19 14:34 . 2008-02-19 14:34 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Sony 2008-02-19 14:28 . 2008-02-19 14:28 <DIR> d-------- C:\Program Files\Vstplugins 2008-02-19 14:28 . 2008-02-19 14:28 <DIR> d-------- C:\Program Files\Sony 2008-02-19 14:28 . 2008-02-19 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-02-19 14:27 . 2008-02-19 14:27 <DIR> d-------- C:\Program Files\Sony Setup 2008-02-19 00:10 . 2008-02-22 13:02 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp 2008-02-19 00:09 . 2008-02-19 00:09 5,760,054 --a------ C:\WINDOWS\AW_1600x1200.bmp 2008-02-19 00:09 . 2008-02-19 00:09 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp 2008-02-19 00:08 . 2005-02-01 14:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp 2008-02-19 00:06 . 2008-02-19 00:06 <DIR> d-------- C:\Program Files\Common Files\Stardock 2008-02-19 00:06 . 2008-02-19 00:10 <DIR> d-------- C:\Program Files\AlienGUIse 2008-02-19 00:06 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll 2008-02-19 00:06 . 2008-02-19 00:06 56 --a------ C:\WINDOWS\wb.ini 2008-02-17 18:07 . 2008-02-17 18:09 562,044,991 --a------ C:\BF2_Patch_1.41.exe 2008-02-16 17:24 . 2008-02-16 17:24 <DIR> d-------- C:\Program Files\Pivot Stickfigure Animator 2008-02-15 22:57 . 2008-02-15 22:57 41,627,910 --a------ C:\slrr_2_0_0-to-2_2_1.exe 2008-02-11 21:37 . 2008-02-11 21:37 <DIR> d-------- C:\nb002 2008-02-11 16:10 . 2008-02-11 18:03 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\flightgear.org 2008-02-11 16:09 . 2008-02-11 16:10 <DIR> d-------- C:\Program Files\FlightGear 2008-02-10 20:32 . 2008-02-10 20:32 <DIR> d-------- C:\Program Files\Acclaim 2008-02-10 20:32 . 1997-07-14 17:42 314,880 --a------ C:\WINDOWS\IsUninst.exe 2008-02-08 22:33 . 2008-02-08 22:33 101,376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys 2008-02-08 22:32 . 2008-02-08 22:38 <DIR> d-------- C:\Program Files\Ski Alpin Racing 2007 2008-02-06 18:46 . 2008-02-06 18:48 <DIR> d-------- C:\setupgreie 2008-02-06 18:46 . 2008-02-06 18:46 <DIR> d-------- C:\Program Files\VHPA 2008-02-05 19:15 . 2008-02-17 12:56 <DIR> d-------- C:\Program Files\mIRC 2008-02-05 19:15 . 2008-02-17 16:06 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\mIRC 2008-02-02 01:37 . 2008-02-02 01:37 <DIR> d-------- C:\Program Files\KONAMI 2008-01-30 17:44 . 2008-01-30 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008 2008-01-30 17:14 . 2008-01-30 17:15 <DIR> d-------- C:\Program Files\RTL Winter Sports 2008 2008-01-29 23:19 . 2006-06-24 19:39 41,627,910 --a------ C:\retail to 2.2.1.exe 2008-01-29 22:27 . 2006-06-24 12:02 10,110,575 --a------ C:\2.1.8 to 2.2.1 patch.exe 2008-01-29 21:59 . 2008-01-29 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-01-29 21:58 . 2008-02-25 16:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-01-29 21:58 . 2008-01-29 21:58 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\SUPERAntiSpyware.com 2008-01-29 19:08 . 2008-02-17 16:22 <DIR> d-------- C:\Program Files\Activision Value 2008-01-29 17:32 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-01-29 17:32 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-01-29 16:01 . 2008-01-29 16:01 <DIR> d-------- C:\Program Files\AeriaGames 2008-01-29 15:15 . 2008-01-29 15:15 <DIR> d-------- C:\Program Files\MagicISO 2008-01-29 15:12 . 2008-01-29 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-01-29 15:11 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-01-29 15:11 . 2008-01-29 15:11 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-01-29 15:11 . 2008-01-29 15:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-01-29 15:10 . 2008-01-29 15:11 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2008-01-28 17:19 . 2008-01-29 15:51 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\temp 2008-01-28 17:10 . 2008-02-02 01:21 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-01-28 15:25 . 2008-02-09 19:07 21,052 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2008-01-28 15:25 . 2008-02-09 19:07 15,144 --a----t- C:\WINDOWS\system32\SIntf32.dll 2008-01-28 15:25 . 2008-02-09 19:07 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2008-01-27 22:45 . 2008-01-27 22:45 <DIR> d-------- C:\Program Files\VentriloMIX 2008-01-27 22:45 . 2008-01-27 22:51 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Ventrilo 2008-01-27 22:09 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-01-27 22:09 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-01-27 20:47 . 2008-01-29 14:47 <DIR> d-------- C:\Program Files\Supreme Snowboarding 2008-01-27 19:45 . 2008-01-27 19:46 <DIR> d-------- C:\data 2008-01-27 19:45 . 2008-01-27 19:45 <DIR> d-------- C:\CRACK 2008-01-27 19:45 . 1999-10-18 23:49 167,456 --a------ C:\bgr.bmp 2008-01-27 19:45 . 1999-10-24 19:27 40,960 --a------ C:\Autorun.exe 2008-01-27 19:45 . 1999-10-24 20:03 29 --a------ C:\AUTORUN.INF 2008-01-27 19:16 . 2008-01-27 19:16 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-01-27 19:15 . 2008-02-23 11:42 <DIR> d-------- C:\Program Files\EA SPORTS 2008-01-27 15:13 . 2008-01-27 15:13 1,594,541 --a------ C:\WINDOWS\WANEUninstaller.exe 2008-01-27 15:12 . 2008-02-09 18:49 <DIR> d-------- C:\Games 2008-01-25 18:33 . 2008-01-25 18:33 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-01-25 18:33 . 2008-01-25 18:33 <DIR> d-------- C:\Program Files\Elektrogames 2008-01-25 14:29 . 2007-04-19 08:27 <DIR> d-------- C:\Photoshop CS3 10.0 (20070321) [k] (Universal).app 2008-01-25 14:29 . 2007-04-19 15:56 <DIR> d-------- C:\__MACOSX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-25 15:55 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Skype 2008-02-25 14:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 21:56 --------- d-----w C:\Documents and Settings\Tommy\Application Data\LimeWire 2008-02-24 21:04 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-02-24 21:02 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-02-22 21:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-17 16:40 --------- d-----w C:\Program Files\GameSpy Arcade 2008-02-17 16:35 --------- d-----w C:\Program Files\EA GAMES 2008-02-13 16:42 --------- d-----w C:\Program Files\LimeWire 2008-01-29 20:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-29 14:11 --------- d-----w C:\Program Files\Common Files\Logitech 2008-01-29 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2008-01-27 21:09 --------- d-----w C:\Program Files\Logitech 2008-01-23 21:06 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2008-01-23 21:06 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys 2008-01-23 21:06 --------- d-----w C:\Program Files\Atari 2008-01-19 18:47 --------- d-----w C:\Program Files\issc 2008-01-17 17:49 --------- d-----w C:\Program Files\thriXXX 2008-01-16 23:23 --------- d-----w C:\Program Files\MagicDVDRipper 2008-01-16 23:16 --------- d-----w C:\Program Files\YASA3GPVideoConverter 2008-01-16 23:11 160,758 ----a-w C:\WINDOWS\3GP Booster Pack Uninstaller.exe 2008-01-16 23:11 --------- d-----w C:\Program Files\River Past 2008-01-16 23:11 --------- d-----w C:\Program Files\Common Files\River Past 2008-01-16 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5 2008-01-16 15:26 --------- d-----w C:\Program Files\Common Files\PocketSoft 2008-01-15 20:44 --------- d-----w C:\Program Files\Axis Communications 2008-01-15 19:20 --------- d-----w C:\Program Files\Opera 2008-01-15 15:00 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Hamachi 2008-01-15 14:41 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-01-15 14:25 --------- d-----w C:\Program Files\Hamachi 2008-01-13 19:15 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-01-13 19:15 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-01-13 19:13 --------- d-----w C:\Program Files\Futuremark 2008-01-13 19:11 --------- d-----w C:\Documents and Settings\Tommy\Application Data\DAEMON Tools 2008-01-12 21:23 --------- d-----w C:\Program Files\Aspyr 2008-01-11 18:05 --------- d-----w C:\Program Files\FM Modifier 2.2 2008-01-11 17:30 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-01-11 17:27 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-09 18:03 --------- d-----w C:\Documents and Settings\Tommy\Application Data\InstallShield Installation Information 2008-01-09 18:02 --------- d-----w C:\Program Files\Unreal Tournament 3 Demo 2008-01-09 18:01 --------- d-----w C:\Program Files\AGEIA Technologies 2008-01-09 14:03 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe 2008-01-08 20:04 --------- d-----w C:\Program Files\Foolish Entertainment 2008-01-05 19:03 --------- d-----w C:\Program Files\F1 Challenge 2007 Olimpus F1CRC 2008-01-04 14:46 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Sports Interactive 2007-12-31 01:39 --------- d-----w C:\Program Files\MSBuild 2007-12-31 01:38 --------- d-----w C:\Program Files\Reference Assemblies 2007-12-31 01:36 --------- d-----w C:\Program Files\MSXML 6.0 2007-12-30 18:14 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2007-12-30 13:31 --------- d-----w C:\Program Files\BitLord 2007-12-30 12:44 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Apple Computer 2007-12-29 13:43 --------- d-----w C:\Program Files\Yahoo! 2007-12-29 13:43 --------- d-----w C:\Program Files\DivX 2007-12-29 13:43 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Yahoo! 2007-12-29 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-12-29 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-12-29 02:13 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-29 02:13 --------- d-----w C:\Program Files\Bonjour 2007-12-29 02:07 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-12-29 00:40 --------- d-----w C:\Program Files\QuickTime 2007-12-29 00:39 --------- d-----w C:\Program Files\Apple Software Update 2007-12-29 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-29 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-12-28 20:54 --------- d-----w C:\Program Files\ZD Soft 2007-12-28 12:55 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Logitech 2007-12-28 12:53 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2007-12-27 22:04 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Creative 2007-12-27 22:03 --------- d-----w C:\Program Files\Creative 2007-12-27 19:49 --------- d-----w C:\Program Files\Java 2007-12-27 19:48 --------- d-----w C:\Program Files\Common Files\Java 2007-12-27 19:00 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-12-27 16:07 --------- d-----w C:\Program Files\Windows Live 2007-12-27 15:19 --------- d-----w C:\Documents and Settings\Tommy\Application Data\vlc 2007-12-27 15:18 --------- d-----w C:\Program Files\VideoLAN 2007-12-27 14:07 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-12-27 14:07 --------- d-----w C:\Program Files\Jensen 2007-12-27 14:06 --------- d-----w C:\Documents and Settings\Tommy\Application Data\InstallShield 2007-12-26 20:34 --------- d-----w C:\Documents and Settings\Tommy\Application Data\teamspeak2 2007-12-26 20:22 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-26 20:12 --------- d-----w C:\Program Files\ASUS 2007-12-26 20:11 --------- d-----w C:\Program Files\AMD 2007-12-26 19:27 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-26 19:22 --------- d-----w C:\Program Files\Windows Plus 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll . ------- Sigcheck ------- 32cc6d444728812f7c57f4800f779396 C:\WINDOWS\system32\winlogon.exe ----a-w 502,272 2008-01-09 14:03:29 C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}] 2008-02-25 14:59 9728 --a------ C:\Program Files\NetProject\sbmdl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} {81705D67-3F73-4983-859B-97D0922E5ABE} [HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{81705D67-3F73-4983-859B-97D0922E5ABE}"= C:\Program Files\NetProject\wamdl.dll [ ] [HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "MsnMsgr"="E:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34 3739672] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-28 13:53 32768] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 14:54 486856] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "Steam"="e:\programfiler\valve\steam\steam.exe" [2008-01-31 23:28 1266936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392] "ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 16:07 617984] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 09:35 7110656] "nwiz"="nwiz.exe" [2005-08-02 09:35 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 09:35 86016] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-29 01:35 286720] "Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-25 15:22 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-25 15:18 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Jensen AirLink Utility.lnk - C:\Program Files\Jensen\Common\JensenUI.exe [2007-12-27 15:07:12 684032] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-28 13:53:24 450560] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-28 13:52:46 784912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "E:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\j_stafsberg\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Documents and Settings\\Tommy\\Desktop\\Live For Speed\\LFS.exe"= "C:\\Documents and Settings\\Tommy\\Desktop\\Live For Speed\\data\\TVdirector.exe"= "C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"= "E:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Games\\Worms Armageddon - New Edition\\WA.exe"= "C:\\Program Files\\BitLord\\Downloads\\[PC] Novalogic Comanche4 [RIP] [dopeman]\\Comanche 4\\update.exe"= "C:\\Program Files\\BitLord\\Downloads\\[PC] Novalogic Comanche4 [RIP] [dopeman]\\Comanche 4\\C4LAN.EXE"= "C:\\Program Files\\AeriaGames\\ProjectTorque\\ProjectTorque.bin"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\tomhahsrevenge\\team fortress 2\\hl2.exe"= "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "E:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\tomhahsrevenge\\race07 demo\\RaceDemo_Steam.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "E:\\Programfiler\\Skype\\Phone\\Skype.exe"= R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 00:53] R3 rt2870;Jensen 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-04-25 13:47] R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-12-27 15:47] S3 ta1100;ta1100.sys S110 USB Infrared Controller;C:\WINDOWS\system32\DRIVERS\ta1100.sys [2004-12-01 08:43] . Contents of the 'Scheduled Tasks' folder "2008-02-18 18:12:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-25 17:49:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-25 17:50:03 ComboFix-quarantined-files.txt 2008-02-25 16:49:54 . 2008-02-13 22:53:40 --- E O F --- HJT-logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:01:49, on 25.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AlienGUIse\wbload.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ASUS\Asus Probe\AsusProb.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe E:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe E:\programfiler\valve\steam\steam.exe C:\Program Files\Jensen\Common\JensenUI.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Tommy\Desktop\Testing\Test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.k9-devils.org/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: 75.67.92.226 paypal.com O1 - Hosts: 75.67.92.226 www.paypal.com O1 - Hosts: 75.67.92.226 http://paypal.com O1 - Hosts: 75.67.92.226 http://www.paypal.com O1 - Hosts: 75.67.92.226 paypal.co.uk O1 - Hosts: 75.67.92.226 www.paypal.co.uk O1 - Hosts: 75.67.92.226 http://paypal.co.uk O1 - Hosts: 75.67.92.226 http://www.paypal.co.uk O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [steam] "e:\programfiler\valve\steam\steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe O4 - Global Startup: Jensen AirLink Utility.lnk = C:\Program Files\Jensen\Common\JensenUI.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://72.236.138.36/activex/AMC.cab O18 - Protocol: bw+0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 19519 bytes EDIT: glemte å si at det ikke går ann å ta system restore! =/ Har ikke sjekket at dette har gått tidligere, men regner med at det er viruset som blokkerer det? -Mvh Tommy Endret 25. februar 2008 av Tomhah Lenke til kommentar
norbat Skrevet 25. februar 2008 Del Skrevet 25. februar 2008 Start hjt, velg "Do a system scan only", sett merke framofr følgende linjer og klikk Fix checked: O1 - Hosts: 75.67.92.226 paypal.com O1 - Hosts: 75.67.92.226 www.paypal.com O1 - Hosts: 75.67.92.226 http://paypal.com O1 - Hosts: 75.67.92.226 http://www.paypal.com O1 - Hosts: 75.67.92.226 paypal.co.uk O1 - Hosts: 75.67.92.226 www.paypal.co.uk O1 - Hosts: 75.67.92.226 http://paypal.co.uk O1 - Hosts: 75.67.92.226 http://www.paypal.co.uk O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing) O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Folder:: C:\Program Files\NetProject Post combofix-loggen + ny hjt-logg. Lenke til kommentar
Tomhah Skrevet 25. februar 2008 Forfatter Del Skrevet 25. februar 2008 Takk for svar. Du er rask og flink som alltid. Combofix-logg: ComboFix 08-02-25.3 - Tommy 2008-02-25 18:55:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1286 [GMT 1:00] Running from: C:\Documents and Settings\Tommy\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Tommy\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\Program Files\NetProject C:\Program Files\NetProject\ot.ico C:\Program Files\NetProject\sbsm.exe C:\Program Files\NetProject\sbun.exe C:\Program Files\NetProject\scit.exe C:\Program Files\NetProject\scm.exe C:\Program Files\NetProject\scu.exe C:\Program Files\NetProject\ts.ico C:\Program Files\NetProject\uninst.exe C:\Program Files\NetProject\waun.exe E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))) . 2008-02-25 18:00 . 2008-02-25 18:00 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-25 16:10 . 2008-02-25 16:10 <DIR> d-------- C:\Program Files\CCleaner 2008-02-25 15:19 . 2008-02-25 16:06 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\AVG7 2008-02-25 15:18 . 2008-02-25 15:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-02-25 15:18 . 2008-02-25 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-25 15:18 . 2008-02-25 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-02-24 19:01 . 2008-02-24 19:02 <DIR> d-------- C:\netkar 2008-02-23 14:39 . 2008-02-23 14:39 <DIR> d-------- C:\DAEMON Tools 2008-02-22 22:40 . 2008-02-22 22:40 <DIR> d-------- C:\Program Files\Oxygen Interactive 2008-02-22 11:24 . 2008-02-22 11:24 <DIR> d-------- C:\Program Files\Codemasters 2008-02-22 10:39 . 2008-02-22 10:39 35,742 --a------ C:\ToCA Race Driver 3[1].rar [mininova].torrent 2008-02-21 18:55 . 2008-02-21 19:18 <DIR> d-------- C:\Program Files\Rigs of Rods 0.34 2008-02-21 16:43 . 2008-02-21 16:43 <DIR> d-------- C:\Program Files\MVM 2005 - Toca Race Driver 2008-02-20 02:08 . 2008-02-20 02:08 14,381 --a------ C:\[pc-full-ita]-Toca Race driver [mininova].torrent 2008-02-20 02:01 . 2008-02-21 16:42 <DIR> d--h----- C:\Program Files\FX Uninstall Information 2008-02-19 19:23 . 2008-02-19 19:23 788 --a------ C:\ExperienceViewer.error 2008-02-19 19:15 . 2008-02-19 19:25 18,465 --a------ C:\2008-02-19.hrf 2008-02-19 19:08 . 2008-02-19 19:23 <DIR> d-------- C:\logs 2008-02-19 19:08 . 2008-02-19 19:08 <DIR> d-------- C:\Lineups 2008-02-19 19:08 . 2008-02-19 19:08 <DIR> d-------- C:\Info 2008-02-19 19:08 . 2008-02-19 19:25 <DIR> d-------- C:\db 2008-02-19 19:08 . 2008-02-19 19:24 489 --a------ C:\user.xml 2008-02-19 15:59 . 2008-02-19 15:59 16,286,197 --a------ C:\dynamic text tutorial.wmv 2008-02-19 14:35 . 2008-02-19 14:35 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Publish Providers 2008-02-19 14:35 . 2008-02-21 17:34 156 --a------ C:\WINDOWS\Twunk001.MTX 2008-02-19 14:35 . 2008-02-21 17:34 3 --a------ C:\WINDOWS\Twain001.Mtx 2008-02-19 14:35 . 2008-02-19 14:35 0 --a------ C:\WINDOWS\Twunk002.MTX 2008-02-19 14:34 . 2008-02-19 14:34 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Sony 2008-02-19 14:28 . 2008-02-19 14:28 <DIR> d-------- C:\Program Files\Vstplugins 2008-02-19 14:28 . 2008-02-19 14:28 <DIR> d-------- C:\Program Files\Sony 2008-02-19 14:28 . 2008-02-19 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony 2008-02-19 14:27 . 2008-02-19 14:27 <DIR> d-------- C:\Program Files\Sony Setup 2008-02-19 00:10 . 2008-02-22 13:02 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp 2008-02-19 00:09 . 2008-02-19 00:09 5,760,054 --a------ C:\WINDOWS\AW_1600x1200.bmp 2008-02-19 00:09 . 2008-02-19 00:09 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp 2008-02-19 00:08 . 2005-02-01 14:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp 2008-02-19 00:06 . 2008-02-19 00:06 <DIR> d-------- C:\Program Files\Common Files\Stardock 2008-02-19 00:06 . 2008-02-19 00:10 <DIR> d-------- C:\Program Files\AlienGUIse 2008-02-19 00:06 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll 2008-02-19 00:06 . 2008-02-19 00:06 56 --a------ C:\WINDOWS\wb.ini 2008-02-17 18:07 . 2008-02-17 18:09 562,044,991 --a------ C:\BF2_Patch_1.41.exe 2008-02-16 17:24 . 2008-02-16 17:24 <DIR> d-------- C:\Program Files\Pivot Stickfigure Animator 2008-02-15 22:57 . 2008-02-15 22:57 41,627,910 --a------ C:\slrr_2_0_0-to-2_2_1.exe 2008-02-11 21:37 . 2008-02-11 21:37 <DIR> d-------- C:\nb002 2008-02-11 16:10 . 2008-02-11 18:03 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\flightgear.org 2008-02-11 16:09 . 2008-02-11 16:10 <DIR> d-------- C:\Program Files\FlightGear 2008-02-10 20:32 . 2008-02-10 20:32 <DIR> d-------- C:\Program Files\Acclaim 2008-02-10 20:32 . 1997-07-14 17:42 314,880 --a------ C:\WINDOWS\IsUninst.exe 2008-02-08 22:33 . 2008-02-08 22:33 101,376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys 2008-02-08 22:32 . 2008-02-08 22:38 <DIR> d-------- C:\Program Files\Ski Alpin Racing 2007 2008-02-06 18:46 . 2008-02-06 18:48 <DIR> d-------- C:\setupgreie 2008-02-06 18:46 . 2008-02-06 18:46 <DIR> d-------- C:\Program Files\VHPA 2008-02-05 19:15 . 2008-02-17 12:56 <DIR> d-------- C:\Program Files\mIRC 2008-02-05 19:15 . 2008-02-17 16:06 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\mIRC 2008-02-02 01:37 . 2008-02-02 01:37 <DIR> d-------- C:\Program Files\KONAMI 2008-01-30 17:44 . 2008-01-30 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008 2008-01-30 17:14 . 2008-01-30 17:15 <DIR> d-------- C:\Program Files\RTL Winter Sports 2008 2008-01-29 23:19 . 2006-06-24 19:39 41,627,910 --a------ C:\retail to 2.2.1.exe 2008-01-29 22:27 . 2006-06-24 12:02 10,110,575 --a------ C:\2.1.8 to 2.2.1 patch.exe 2008-01-29 21:59 . 2008-01-29 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-01-29 21:58 . 2008-02-25 16:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-01-29 21:58 . 2008-01-29 21:58 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\SUPERAntiSpyware.com 2008-01-29 19:08 . 2008-02-17 16:22 <DIR> d-------- C:\Program Files\Activision Value 2008-01-29 17:32 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-01-29 17:32 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-01-29 16:01 . 2008-01-29 16:01 <DIR> d-------- C:\Program Files\AeriaGames 2008-01-29 15:15 . 2008-01-29 15:15 <DIR> d-------- C:\Program Files\MagicISO 2008-01-29 15:12 . 2008-01-29 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-01-29 15:11 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-01-29 15:11 . 2008-01-29 15:11 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-01-29 15:11 . 2008-01-29 15:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-01-29 15:10 . 2008-01-29 15:11 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2008-01-28 17:19 . 2008-01-29 15:51 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\temp 2008-01-28 17:10 . 2008-02-02 01:21 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-01-28 15:25 . 2008-02-09 19:07 21,052 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2008-01-28 15:25 . 2008-02-09 19:07 15,144 --a----t- C:\WINDOWS\system32\SIntf32.dll 2008-01-28 15:25 . 2008-02-09 19:07 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2008-01-27 22:45 . 2008-01-27 22:45 <DIR> d-------- C:\Program Files\VentriloMIX 2008-01-27 22:45 . 2008-01-27 22:51 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Ventrilo 2008-01-27 22:09 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-01-27 22:09 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-01-27 20:47 . 2008-01-29 14:47 <DIR> d-------- C:\Program Files\Supreme Snowboarding 2008-01-27 19:45 . 2008-01-27 19:46 <DIR> d-------- C:\data 2008-01-27 19:45 . 2008-01-27 19:45 <DIR> d-------- C:\CRACK 2008-01-27 19:45 . 1999-10-18 23:49 167,456 --a------ C:\bgr.bmp 2008-01-27 19:45 . 1999-10-24 19:27 40,960 --a------ C:\Autorun.exe 2008-01-27 19:16 . 2008-01-27 19:16 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-01-27 19:15 . 2008-02-23 11:42 <DIR> d-------- C:\Program Files\EA SPORTS 2008-01-27 15:13 . 2008-01-27 15:13 1,594,541 --a------ C:\WINDOWS\WANEUninstaller.exe 2008-01-27 15:12 . 2008-02-09 18:49 <DIR> d-------- C:\Games 2008-01-25 18:33 . 2008-01-25 18:33 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-01-25 18:33 . 2008-01-25 18:33 <DIR> d-------- C:\Program Files\Elektrogames 2008-01-25 14:29 . 2007-04-19 08:27 <DIR> d-------- C:\Photoshop CS3 10.0 (20070321) [k] (Universal).app 2008-01-25 14:29 . 2007-04-19 15:56 <DIR> d-------- C:\__MACOSX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-25 17:54 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Skype 2008-02-25 14:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 21:56 --------- d-----w C:\Documents and Settings\Tommy\Application Data\LimeWire 2008-02-24 21:04 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-02-24 21:02 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-02-22 21:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-17 16:40 --------- d-----w C:\Program Files\GameSpy Arcade 2008-02-17 16:35 --------- d-----w C:\Program Files\EA GAMES 2008-02-13 16:42 --------- d-----w C:\Program Files\LimeWire 2008-01-29 20:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-29 14:11 --------- d-----w C:\Program Files\Common Files\Logitech 2008-01-29 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2008-01-27 21:09 --------- d-----w C:\Program Files\Logitech 2008-01-23 21:06 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2008-01-23 21:06 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys 2008-01-23 21:06 --------- d-----w C:\Program Files\Atari 2008-01-19 18:47 --------- d-----w C:\Program Files\issc 2008-01-17 17:49 --------- d-----w C:\Program Files\thriXXX 2008-01-16 23:23 --------- d-----w C:\Program Files\MagicDVDRipper 2008-01-16 23:16 --------- d-----w C:\Program Files\YASA3GPVideoConverter 2008-01-16 23:11 160,758 ----a-w C:\WINDOWS\3GP Booster Pack Uninstaller.exe 2008-01-16 23:11 --------- d-----w C:\Program Files\River Past 2008-01-16 23:11 --------- d-----w C:\Program Files\Common Files\River Past 2008-01-16 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5 2008-01-16 15:26 --------- d-----w C:\Program Files\Common Files\PocketSoft 2008-01-15 20:44 --------- d-----w C:\Program Files\Axis Communications 2008-01-15 19:20 --------- d-----w C:\Program Files\Opera 2008-01-15 15:00 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Hamachi 2008-01-15 14:41 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-01-15 14:25 --------- d-----w C:\Program Files\Hamachi 2008-01-13 19:15 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-01-13 19:15 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-01-13 19:13 --------- d-----w C:\Program Files\Futuremark 2008-01-13 19:11 --------- d-----w C:\Documents and Settings\Tommy\Application Data\DAEMON Tools 2008-01-12 21:23 --------- d-----w C:\Program Files\Aspyr 2008-01-11 18:05 --------- d-----w C:\Program Files\FM Modifier 2.2 2008-01-11 17:30 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-01-11 17:27 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-09 18:03 --------- d-----w C:\Documents and Settings\Tommy\Application Data\InstallShield Installation Information 2008-01-09 18:02 --------- d-----w C:\Program Files\Unreal Tournament 3 Demo 2008-01-09 18:01 --------- d-----w C:\Program Files\AGEIA Technologies 2008-01-09 14:03 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe 2008-01-08 20:04 --------- d-----w C:\Program Files\Foolish Entertainment 2008-01-05 19:03 --------- d-----w C:\Program Files\F1 Challenge 2007 Olimpus F1CRC 2008-01-04 14:46 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Sports Interactive 2007-12-31 01:39 --------- d-----w C:\Program Files\MSBuild 2007-12-31 01:38 --------- d-----w C:\Program Files\Reference Assemblies 2007-12-31 01:36 --------- d-----w C:\Program Files\MSXML 6.0 2007-12-30 18:14 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2007-12-30 13:31 --------- d-----w C:\Program Files\BitLord 2007-12-30 12:44 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Apple Computer 2007-12-29 13:43 --------- d-----w C:\Program Files\Yahoo! 2007-12-29 13:43 --------- d-----w C:\Program Files\DivX 2007-12-29 13:43 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Yahoo! 2007-12-29 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-12-29 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-12-29 02:13 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-29 02:13 --------- d-----w C:\Program Files\Bonjour 2007-12-29 02:07 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-12-29 00:40 --------- d-----w C:\Program Files\QuickTime 2007-12-29 00:39 --------- d-----w C:\Program Files\Apple Software Update 2007-12-29 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-29 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-12-28 20:54 --------- d-----w C:\Program Files\ZD Soft 2007-12-28 12:55 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Logitech 2007-12-28 12:53 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2007-12-27 22:04 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Creative 2007-12-27 22:03 --------- d-----w C:\Program Files\Creative 2007-12-27 19:49 --------- d-----w C:\Program Files\Java 2007-12-27 19:48 --------- d-----w C:\Program Files\Common Files\Java 2007-12-27 19:00 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-12-27 16:07 --------- d-----w C:\Program Files\Windows Live 2007-12-27 15:19 --------- d-----w C:\Documents and Settings\Tommy\Application Data\vlc 2007-12-27 15:18 --------- d-----w C:\Program Files\VideoLAN 2007-12-27 14:07 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-12-27 14:07 --------- d-----w C:\Program Files\Jensen 2007-12-27 14:06 --------- d-----w C:\Documents and Settings\Tommy\Application Data\InstallShield 2007-12-26 20:34 --------- d-----w C:\Documents and Settings\Tommy\Application Data\teamspeak2 2007-12-26 20:22 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-26 20:12 --------- d-----w C:\Program Files\ASUS 2007-12-26 20:11 --------- d-----w C:\Program Files\AMD 2007-12-26 19:27 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-26 19:22 --------- d-----w C:\Program Files\Windows Plus 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll . ------- Sigcheck ------- 32cc6d444728812f7c57f4800f779396 C:\WINDOWS\system32\winlogon.exe ----a-w 502,272 2008-01-09 14:03:29 C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{81705D67-3F73-4983-859B-97D0922E5ABE}"= C:\Program Files\NetProject\wamdl.dll [ ] [HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "MsnMsgr"="E:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34 3739672] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 14:54 486856] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "Steam"="e:\programfiler\valve\steam\steam.exe" [2008-01-31 23:28 1266936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392] "ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 16:07 617984] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 09:35 7110656] "nwiz"="nwiz.exe" [2005-08-02 09:35 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 09:35 86016] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-29 01:35 286720] "Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-25 15:22 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-25 15:18 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Jensen AirLink Utility.lnk - C:\Program Files\Jensen\Common\JensenUI.exe [2007-12-27 15:07:12 684032] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-28 13:52:46 784912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "E:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\j_stafsberg\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Documents and Settings\\Tommy\\Desktop\\Live For Speed\\LFS.exe"= "C:\\Documents and Settings\\Tommy\\Desktop\\Live For Speed\\data\\TVdirector.exe"= "C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"= "E:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Games\\Worms Armageddon - New Edition\\WA.exe"= "C:\\Program Files\\BitLord\\Downloads\\[PC] Novalogic Comanche4 [RIP] [dopeman]\\Comanche 4\\update.exe"= "C:\\Program Files\\BitLord\\Downloads\\[PC] Novalogic Comanche4 [RIP] [dopeman]\\Comanche 4\\C4LAN.EXE"= "C:\\Program Files\\AeriaGames\\ProjectTorque\\ProjectTorque.bin"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\tomhahsrevenge\\team fortress 2\\hl2.exe"= "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "E:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "E:\\Programfiler\\Valve\\Steam\\SteamApps\\tomhahsrevenge\\race07 demo\\RaceDemo_Steam.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "E:\\Programfiler\\Skype\\Phone\\Skype.exe"= R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 00:53] R3 rt2870;Jensen 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-04-25 13:47] R3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-12-27 15:47] S3 ta1100;ta1100.sys S110 USB Infrared Controller;C:\WINDOWS\system32\DRIVERS\ta1100.sys [2004-12-01 08:43] . Contents of the 'Scheduled Tasks' folder "2008-02-18 18:12:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-25 18:56:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-25 18:57:10 ComboFix-quarantined-files.txt 2008-02-25 17:57:03 ComboFix2.txt 2008-02-25 16:50:03 . 2008-02-13 22:53:40 --- E O F --- HJT-logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:59:50, on 25.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AlienGUIse\wbload.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ASUS\Asus Probe\AsusProb.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe E:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe E:\programfiler\valve\steam\steam.exe C:\Program Files\Jensen\Common\JensenUI.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE E:\Programfiler\Skype\Phone\Skype.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Tommy\Desktop\Testing\Test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.k9-devils.org/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [steam] "e:\programfiler\valve\steam\steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe O4 - Global Startup: Jensen AirLink Utility.lnk = C:\Program Files\Jensen\Common\JensenUI.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://72.236.138.36/activex/AMC.cab O18 - Protocol: bw+0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {122B495C-C88F-476B-BED0-D2F42FE1D35D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 18485 bytes Nå popper det ikke opp at den vil bytte hjemmeside mer, så det er helt klart bedre! =) -Tommy Lenke til kommentar
norbat Skrevet 25. februar 2008 Del Skrevet 25. februar 2008 (endret) Vi tar en liten runde til: Avinstaller fra legg til / fjern programmer: Logitech Desktop Messenger Lag en ny CFScript-fil med følgende innhold (i fet): Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{81705D67-3F73-4983-859B-97D0922E5ABE}"=- [-HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}] Trenger ikke å se noen nye logger. Kjører PC-en greit forøvrig? Dersom, avinstaller combofix ved å skrive combofix /u fra kjør-vinduet (start->kjør). Dette fjerner combofix, backups samt nullstiller systemgjenopprettingen. (Kunne godt tenkt meg og sett SAS-loggen fra første scanning. Du kan bytte ut den du har lagt i 1.post) Endret 25. februar 2008 av norbat Lenke til kommentar
Tomhah Skrevet 25. februar 2008 Forfatter Del Skrevet 25. februar 2008 Takk for svar Norbat! Du er min reddende engel (IGJEN!) Tusen takk! PCn kjører helt fint nå, ingen ting som dukker opp lenger! Her er den første SAS loggen: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/25/2008 at 03:55 PM Application Version : 3.9.1008 Core Rules Database Version : 3398 Trace Rules Database Version: 1390 Scan type : Complete Scan Total Scan Time : 00:53:51 Memory items scanned : 518 Memory threats detected : 1 Registry items scanned : 4908 Registry threats detected : 41 File items scanned : 44622 File threats detected : 115 Adware.E404 Helper/Variant-A C:\PROGRAM FILES\HELPER\1203947996.DLL C:\PROGRAM FILES\HELPER\1203947996.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29} HKCR\CLSID\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29} HKCR\CLSID\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29} HKCR\CLSID\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}\InprocServer32 HKCR\CLSID\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}\InprocServer32#ThreadingModel HKCR\CLSID\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}\ProgID HKCR\CLSID\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}\Programmable HKCR\CLSID\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}\TypeLib HKCR\CLSID\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}\VersionIndependentProgID Trojan.Smitfraud Variant/IE Anti-Spyware HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} Adware.Tracking Cookie C:\Documents and Settings\Tommy\Cookies\tommy@advertising[2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@click24[1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@atdmt[2].txt C:\Documents and Settings\Tommy\Cookies\tommy@cgi-bin[2].txt C:\Documents and Settings\Tommy\Cookies\tommy@fastclick[1].txt C:\Documents and Settings\Tommy\Cookies\tommy@questionmarket[2].txt C:\Documents and Settings\Tommy\Cookies\tommy@6[2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@zedo[1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@youporn[1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][2].txt C:\Documents and Settings\Tommy\Cookies\tommy@serving-sys[2].txt C:\Documents and Settings\Tommy\Cookies\tommy@tradedoubler[1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@statcounter[2].txt C:\Documents and Settings\Tommy\Cookies\tommy@adtech[1].txt C:\Documents and Settings\Tommy\Cookies\tommy@casalemedia[2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@zanox[2].txt C:\Documents and Settings\Tommy\Cookies\tommy@mediaplex[1].txt C:\Documents and Settings\Tommy\Cookies\tommy@pro-market[1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@adbrite[1].txt C:\Documents and Settings\Tommy\Cookies\tommy@2o7[1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][2].txt C:\Documents and Settings\Tommy\Cookies\tommy@apmebf[1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@S152628[2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@partypoker[1].txt C:\Documents and Settings\Tommy\Cookies\tommy@Street_Legal_Racing___Redline[2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@mediafire[2].txt C:\Documents and Settings\Tommy\Cookies\tommy@doubleclick[2].txt C:\Documents and Settings\Tommy\Cookies\tommy@clicktorrent[1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@clicksor[2].txt C:\Documents and Settings\Tommy\Cookies\tommy@adultadworld[2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@estat[1].txt C:\Documents and Settings\Tommy\Cookies\tommy@tribalfusion[2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@tacoda[1].txt C:\Documents and Settings\Tommy\Cookies\tommy@watch[1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@youporngay[1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@xiti[1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@specificclick[2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@digitalmedianet[1].txt C:\Documents and Settings\Tommy\Cookies\tommy@hot-sextube[1].txt C:\Documents and Settings\Tommy\Cookies\tommy@hitbox[1].txt C:\Documents and Settings\Tommy\Cookies\tommy@weborama[2].txt C:\Documents and Settings\Tommy\Cookies\tommy@revsci[1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt C:\Documents and Settings\Tommy\Cookies\tommy@atwola[1].txt C:\Documents and Settings\Tommy\Cookies\tommy@st[2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][2].txt C:\Documents and Settings\Tommy\Cookies\tommy@yadro[2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][2].txt C:\Documents and Settings\Tommy\Cookies\[email protected][2].txt C:\Documents and Settings\Tommy\Cookies\tommy@stats[1].txt C:\Documents and Settings\Tommy\Cookies\[email protected][1].txt Trojan.Security Toolbar C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url C:\Documents and Settings\All Users\Desktop\Online Security Guide.url Trojan.DNSChanger-Codec HKCR\CLSID\E404.e404mgr HKCR\CLSID\E404.e404mgr#UserId Malware.SpyLocked HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString Trojan.Media-Codec/V4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Program Files\NetProject\scit.exe ] HKCR\videoPl.chl HKCR\videoPl.chl\CLSID HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#ProductionEnvironment HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayIcon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#Publisher Adware.E404 Helper/Hij HKCR\E404.e404mgr HKCR\E404.e404mgr\CLSID HKCR\E404.e404mgr\CurVer HKCR\E404.e404mgr.1 HKCR\E404.e404mgr.1\CLSID HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB} HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\win32 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836} HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version Browser Hijacker.Favorites C:\DOCUMENTS AND SETTINGS\TOMMY\FAVORITES\ONLINE SECURITY TEST.URL C:\RECYCLER\S-1-5-21-117609710-1801674531-839522115-1003\DC1312.URL Trojan.Unclassifed/LAF-Variant C:\DOCUMENTS AND SETTINGS\TOMMY\LOCAL SETTINGS\TEMP\LAF4.EXE Trace.Known Threat Sources C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\EF8XUH2L\btn_down2[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\KT049G6B\box[2].jpg C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\501LDXK8\btn_home[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\KT049G6B\btn_try[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\I5T2RY10\btn_down[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\EF8XUH2L\text[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\HTU763BU\bot02[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\win[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\bg06[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\shield2[1].jpg C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\J02NRSGP\btn_scan2[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\7YCBF9OP\btn_buy[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\QX0XGN8N\shield1[1].jpg C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\9BBB1HOE\btn_contact[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\M9CNM10D\bg04[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\M9CNM10D\bot01[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\7YCBF9OP\antispyshield[1].htm C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\8JPRQQN5\btn_help[1].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\QX0XGN8N\logo[2].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\bg0[2].gif C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\M9CNM10D\bg02[1].jpg C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\bg01[1].gif Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå