matskjorum Skrevet 9. mars 2008 Del Skrevet 9. mars 2008 SAS LOGG: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/09/2008 at 05:44 PM Application Version : 4.0.1154 Core Rules Database Version : 3416 Trace Rules Database Version: 1408 Scan type : Complete Scan Total Scan Time : 00:24:10 Memory items scanned : 842 Memory threats detected : 0 Registry items scanned : 6868 Registry threats detected : 0 File items scanned : 20122 File threats detected : 20 Adware.Tracking Cookie C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@tribalfusion[1].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@adtech[1].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@atdmt[1].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@doubleclick[1].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@hitbox[1].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@imrworldwide[2].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@mediaplex[1].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@tradedoubler[2].txt C:\Users\mats\AppData\Roaming\Microsoft\Windows\Cookies\Low\mats@xiti[1].txt HJT LOGG: Logfile of HijackThis v1.99.1 Scan saved at 17:22:39, on 09.03.2008 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Windows\OEM02Mon.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Windows\System32\rundll32.exe C:\Program Files\McAfee\MSK\mskagent.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\DellTPad\HidFind.exe C:\Windows\system32\taskeng.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Users\mats\Desktop\hjt\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.no/ig/dell?hl=no&cli...amp;ibd=5080218 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer levert av Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [coalmfcd] "C:\ProgramData\license seek seek.2d31mc" O4 - HKCU\..\Run: [Ford mpeg road draw] "C:\ProgramData\Seek Style Pure.8le1p" O4 - HKCU\..\Run: [bitDownload] "C:\Program Files\BitDownload\BitDownload.exe" /minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: McAfee Application Installer Cleanup (0139851205060757) (0139851205060757mcinstcleanup) - Unknown owner - C:\Windows\TEMP13985~1.EXE (file missing) O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe Lenke til kommentar
norbat Skrevet 9. mars 2008 Del Skrevet 9. mars 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKCU\..\Run: [coalmfcd] "C:\ProgramData\license seek seek.2d31mc" O4 - HKCU\..\Run: [Ford mpeg road draw] "C:\ProgramData\Seek Style Pure.8le1p" Bruk utforsker til å slette følgende to filer (i fet): C:\ProgramData\license seek seek.2d31mc C:\ProgramData\Seek Style Pure.8le1p (Mulig du må fjerne filene fra sikker modus evt. se om prosessene fortsatt kjører i prosesslista, hvis så stopper du dem før du prøver å slette filene) Gjør deretter følgende: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt), så ser vi om det ligger noe mer igjen som bør fjernes. Lenke til kommentar
matskjorum Skrevet 9. mars 2008 Forfatter Del Skrevet 9. mars 2008 takk for svar.. men nå trur jeg jeg har fått det til. har ikke kommi opp noen pop-ups på leenge nå Lenke til kommentar
matskjorum Skrevet 9. mars 2008 Forfatter Del Skrevet 9. mars 2008 - og hva gjorde du? gjorde egentlig ikkeno. bare sluttet å poppe opp. Helt til nå. for godt til å være sant... heh her er combofix logg: ComboFix 08-03-09.1 - mats 2008-03-09 23:39:39.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.824 [GMT 1:00] Running from: C:\Users\mats\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1URX5G88\ComboFix[1].exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))) . 2008-03-09 16:38 . 2008-03-09 16:38 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-03-09 16:38 . 2008-03-09 16:38 <DIR> d-------- C:\ProgramData\Apple Computer 2008-03-09 16:37 . 2008-03-09 16:37 <DIR> d-------- C:\Users\All Users\Apple 2008-03-09 16:37 . 2008-03-09 16:37 <DIR> d-------- C:\ProgramData\Apple 2008-03-09 16:37 . 2008-03-09 16:37 <DIR> d-------- C:\Program Files\Apple Software Update 2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\Users\mats\AppData\Roaming\SUPERAntiSpyware.com 2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-03-09 16:12 . 2008-03-09 16:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-08 23:39 . 2008-03-08 23:43 <DIR> d-------- C:\Users\mats\AppData\Roaming\BitDownload 2008-03-08 23:39 . 2008-03-08 23:39 <DIR> d-------- C:\Users\All Users\way rdr ford mpeg 2008-03-08 23:39 . 2008-03-08 23:39 <DIR> d-------- C:\Users\All Users\Flawsizecomp 2008-03-08 23:39 . 2008-03-08 23:39 <DIR> d-------- C:\ProgramData\way rdr ford mpeg 2008-03-08 23:39 . 2008-03-08 23:39 <DIR> d-------- C:\ProgramData\Flawsizecomp 2008-03-08 23:10 . 2008-03-08 23:11 <DIR> d-------- C:\Program Files\BitLord2 2008-03-05 15:54 . 2008-03-05 15:54 <DIR> d-------- C:\Program Files\Hunting Unlimited 2 2008-03-02 17:59 . 2008-03-07 15:31 <DIR> d-------- C:\Users\mats\AppData\Roaming\dvdcss 2008-02-29 19:15 . 2008-02-29 19:15 <DIR> d-------- C:\Users\mats\AppData\Roaming\Leadertech 2008-02-29 19:11 . 2008-02-29 19:11 <DIR> d-------- C:\Program Files\NovaLogic 2008-02-29 19:10 . 1998-10-29 15:45 306,688 --a------ C:\Windows\IsUninst.exe 2008-02-27 19:24 . 2008-02-27 19:24 <DIR> d-------- C:\Users\mats\AppData\Roaming\Publish Providers 2008-02-27 19:23 . 2008-02-27 19:23 <DIR> d-------- C:\Users\mats\AppData\Roaming\Sony 2008-02-27 19:23 . 2008-02-29 16:03 <DIR> d-a------ C:\Users\All Users\TEMP 2008-02-27 19:23 . 2008-02-29 16:03 <DIR> d-a------ C:\ProgramData\TEMP 2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\Users\All Users\Sony 2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\ProgramData\Sony 2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\Program Files\Vstplugins 2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\Program Files\Sony 2008-02-27 19:17 . 2008-02-27 19:17 <DIR> d-------- C:\Program Files\Sony Vegas Pro 8a 2008-02-27 16:10 . 2008-03-09 16:39 <DIR> d-------- C:\Program Files\QuickTime 2008-02-26 15:09 . 2008-02-26 15:09 <DIR> d-------- C:\Users\mats\AppData\Roaming\vlc 2008-02-26 15:08 . 2008-02-26 15:08 <DIR> d-------- C:\Program Files\VideoLAN 2008-02-25 15:57 . 2008-03-09 17:48 27,240 --a------ C:\Users\mats\AppData\Roaming\nvModes.dat 2008-02-25 14:58 . 2008-02-25 14:58 <DIR> d-------- C:\Users\mats\AppData\Roaming\Intel 2008-02-24 22:29 . 2008-02-24 22:29 <DIR> d-------- C:\Users\mats\AppData\Roaming\Creative 2008-02-24 22:10 . 2008-03-08 23:37 <DIR> d-------- C:\Users\mats\AppData\Roaming\LimeWire 2008-02-24 22:09 . 2008-02-24 22:09 <DIR> d-------- C:\Program Files\LimeWire 2008-02-24 20:23 . 2008-02-24 20:23 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-24 20:23 . 2008-02-24 20:23 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-24 20:19 . 2008-02-24 20:19 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-02-24 20:18 . 2008-02-24 20:18 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-24 20:18 . 2008-02-24 20:18 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-02-24 20:18 . 2008-02-24 20:18 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-02-24 20:17 . 2008-02-24 20:17 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-02-24 20:14 . 2008-02-24 20:14 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-02-24 19:51 . 2008-02-24 19:51 1,712,984 --a------ C:\Windows\System32\wuaueng.dll 2008-02-24 19:51 . 2008-02-24 19:51 1,524,224 --a------ C:\Windows\System32\wucltux.dll 2008-02-24 19:51 . 2008-02-24 19:51 53,080 --a------ C:\Windows\System32\wuauclt.exe 2008-02-24 19:51 . 2008-02-24 19:51 43,352 --a------ C:\Windows\System32\wups2.dll 2008-02-24 19:50 . 2008-02-24 19:50 549,720 --a------ C:\Windows\System32\wuapi.dll 2008-02-24 19:50 . 2008-02-24 19:50 80,896 --a------ C:\Windows\System32\wudriver.dll 2008-02-24 19:50 . 2008-02-24 19:50 33,624 --a------ C:\Windows\System32\wups.dll 2008-02-24 19:49 . 2008-02-24 19:49 163,000 --a------ C:\Windows\System32\wuwebv.dll 2008-02-24 19:49 . 2008-02-24 19:49 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-02-24 19:32 . 2008-02-24 19:32 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-02-24 19:32 . 2008-02-24 19:32 <DIR> d-------- C:\ProgramData\WLInstaller 2008-02-24 19:32 . 2008-02-24 19:47 <DIR> d-------- C:\Program Files\Windows Live 2008-02-24 19:32 . 2008-02-24 19:47 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-24 19:20 . 2008-02-24 19:20 <DIR> d-------- C:\Users\mats\AppData\Roaming\Roxio 2008-02-24 19:19 . 2008-02-24 19:19 <DIR> d-------- C:\Users\mats\Bluetooth Software 2008-02-24 19:18 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Searches 2008-02-24 19:18 . 2008-03-05 23:05 <DIR> dr------- C:\Users\mats\Contacts 2008-02-24 19:17 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Videos 2008-02-24 19:17 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Saved Games 2008-02-24 19:17 . 2008-02-17 19:00 <DIR> d-------- C:\Users\mats\Roaming 2008-02-24 19:17 . 2008-03-09 15:46 <DIR> dr------- C:\Users\mats\Pictures 2008-02-24 19:17 . 2008-02-28 16:24 <DIR> dr------- C:\Users\mats\Music 2008-02-24 19:17 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Links 2008-02-24 19:17 . 2008-03-09 00:03 <DIR> dr------- C:\Users\mats\Downloads 2008-02-24 19:17 . 2008-03-08 23:39 <DIR> dr------- C:\Users\mats\Documents 2008-02-24 19:17 . 2006-11-02 13:37 <DIR> d-------- C:\Users\mats\AppData\Roaming\Media Center Programs 2008-02-24 19:17 . 2008-02-24 19:18 <DIR> d--h----- C:\Users\mats\AppData 2008-02-24 19:12 . 2008-02-24 19:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts 2008-02-24 19:12 . 2008-03-09 23:42 9,044 --a------ C:\Windows\System32\Config.MPF 2008-02-18 02:37 . 2008-02-18 02:37 <DIR> d-------- C:\Program Files\DellTPad 2008-02-18 02:35 . 2008-02-18 02:35 1,335,296 --a------ C:\Windows\System32\msxml6.dll 2008-02-18 02:35 . 2008-02-18 02:35 229,888 --a------ C:\Windows\System32\msshsq.dll 2008-02-18 02:35 . 2008-02-18 02:35 205,824 --a------ C:\Windows\System32\msoeacct.dll 2008-02-18 02:35 . 2008-02-18 02:35 87,040 --a------ C:\Windows\System32\msoert2.dll 2008-02-18 02:35 . 2008-02-18 02:35 39,424 --a------ C:\Windows\System32\ACCTRES.dll 2008-02-18 02:35 . 2008-02-18 02:35 2,048 --a------ C:\Windows\System32\msxml6r.dll 2008-02-18 02:34 . 2008-02-18 02:34 750,080 --a------ C:\Windows\System32\qmgr.dll 2008-02-18 02:32 . 2008-02-18 02:32 8,147,968 --a------ C:\Windows\System32\wmploc.DLL 2008-02-18 02:32 . 2008-02-18 02:32 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll 2008-02-18 02:32 . 2008-02-18 02:32 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll 2008-02-18 02:32 . 2008-02-18 02:32 7,680 --a------ C:\Windows\System32\spwmp.dll 2008-02-18 02:32 . 2008-02-18 02:32 4,096 --a------ C:\Windows\System32\msdxm.ocx 2008-02-18 02:32 . 2008-02-18 02:32 4,096 --a------ C:\Windows\System32\dxmasf.dll 2008-02-18 02:30 . 2008-02-18 02:30 633,856 --a------ C:\Windows\System32\user32.dll 2008-02-18 02:30 . 2008-02-18 02:30 223,232 --a------ C:\Windows\System32\WMASF.DLL 2008-02-18 02:30 . 2008-02-18 02:30 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2008-02-18 02:30 . 2008-02-18 02:30 2,048 --a------ C:\Windows\System32\asferror.dll 2008-02-18 02:28 . 2008-02-18 02:28 82,432 --a------ C:\Windows\System32\drivers\sdbus.sys 2008-02-18 02:27 . 2008-02-18 02:27 130,048 --a------ C:\Windows\System32\drivers\srv2.sys 2008-02-18 02:27 . 2008-02-18 02:27 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys 2008-02-18 02:27 . 2008-02-18 02:27 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys 2008-02-18 02:27 . 2008-02-18 02:27 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys 2008-02-18 02:27 . 2008-02-18 02:27 2,048 --a------ C:\Windows\System32\tzres.dll 2008-02-18 02:25 . 2008-02-18 02:25 1,191,936 --a------ C:\Windows\System32\msxml3.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-24 19:56 --------- d-----w C:\Program Files\Windows Sidebar 2008-02-24 19:56 --------- d-----w C:\Program Files\Windows Mail 2008-02-24 19:19 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-24 19:19 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-24 19:19 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-24 19:19 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-24 19:19 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-24 19:19 217,144 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-24 19:19 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-02-24 19:19 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-24 19:19 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-24 19:19 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-24 19:19 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-02-24 19:19 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-24 19:19 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-02-24 19:18 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-24 19:18 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-24 19:18 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-24 19:18 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-24 19:15 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-24 19:15 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-24 19:15 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-24 19:15 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Start-meny 2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Skrivebord 2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Programdata 2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Maler 2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Favoritter 2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Dokumenter 2008-02-24 18:13 --------- d-sh--w C:\Program Files\Fellesfiler 2008-02-18 01:36 25,784 ------w C:\Windows\system32\drivers\msahci.sys 2008-02-18 01:36 20,152 ------w C:\Windows\system32\drivers\viaide.sys 2008-02-18 01:36 19,128 ------w C:\Windows\system32\drivers\cmdide.sys 2008-02-18 01:36 18,104 ------w C:\Windows\system32\drivers\amdide.sys 2008-02-18 01:36 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-18 01:36 17,592 ------w C:\Windows\system32\drivers\aliide.sys 2008-02-18 01:31 974,336 ----a-w C:\Windows\System32\crypt32.dll 2008-02-18 01:29 8,192 ----a-w C:\Windows\System32\riched32.dll 2008-02-18 01:28 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys 2008-02-18 01:28 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys 2008-02-18 01:28 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys 2008-02-18 01:25 --------- d-----w C:\Program Files\Windows Defender 2008-02-18 01:21 72,192 ----a-w C:\Windows\System32\dot3msm.dll 2008-02-18 01:20 98,304 ----a-w C:\Windows\System32\mssitlb.dll 2008-02-18 01:19 74,752 ----a-w C:\Windows\system32\drivers\rasl2tp.sys 2008-02-18 01:14 4,802 ----a-w C:\Windows\system32\drivers\1028_Dell_INS_I1720.mrk 2008-02-17 17:45 174 --sha-w C:\Program Files\desktop.ini 2008-01-02 04:37 595,456 ----a-w C:\Windows\System32\stapo.dll 2008-01-02 04:37 492,544 ----a-w C:\Windows\System32\ctapo32.dll 2008-01-02 04:37 45,568 ----a-w C:\Windows\System32\ctppld.dll 2008-01-02 04:37 328,704 ----a-w C:\Windows\System32\stcplx.dll 2008-01-02 04:37 299,520 ----a-w C:\Windows\System32\stapi32.dll 2008-01-02 04:37 146,944 ----a-w C:\Windows\System32\st325614.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "coalmfcd"="C:\ProgramData\license seek seek.2d31mc" [2008-03-08 23:39 4112] "Ford mpeg road draw"="C:\ProgramData\Seek Style Pure.8le1p" [2008-03-08 23:39 213008] "BitDownload"="C:\Program Files\BitDownload\BitDownload.exe" [ ] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-18 02:25 1006264] "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 07:03 17920] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 10:27 159744] "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 06:58 36864] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 05:37 405504] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-25 10:13 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-25 10:13 8433664] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-25 10:13 81920] "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-25 10:13 67584] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-02-17 18:56 77824] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920] "@"="" [] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-17 19:16 1838592] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-27 16:10 385024] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-17 18:59:37 50688] QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-02-17 18:58:36 45056] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{8BF1F8AB-EFF8-44FD-ACB7-1958BEE3E0FE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{6A12A936-4B39-4B63-B837-AA598A4F9BCD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{B20AD5AA-C68C-4258-B552-EFA8341D3E61}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{84B05050-70C4-4E7B-BDEC-D7C7C39F29F5}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect|Desc=Dell MediaDirect "{23964B9B-FD4F-49F6-AD62-4B02B654769C}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program|Desc=CyberLink PowerCinema Resident Program "{52B527F2-62B1-45FC-A368-7C7F0DCE1EDE}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine|Desc=Cyberlink Media Server Browser Engine "{E4D63630-C5A8-49CD-A6FE-7F1AF06228B4}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server|Desc=CyberLink Media Server "{F51BD284-F77E-469C-8CBF-43164A87AD00}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 05:37] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 01:39] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37] R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13] R3 NETw4v32;Intel® Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 10:44] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 06:58] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 06:59] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder "2008-02-17 18:21:22 C:\Windows\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2008-02-17 18:21:22 C:\Windows\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-09 23:42:41 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-09 23:43:32 . 2008-02-26 13:45:51 --- E O F --- Lenke til kommentar
norbat Skrevet 10. mars 2008 Del Skrevet 10. mars 2008 (endret) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Folder:: C:\Users\All Users\way rdr ford mpeg C:\Users\All Users\Flawsizecomp C:\ProgramData\way rdr ford mpeg C:\ProgramData\Flawsizecomp Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "coalmfcd"=- "Ford mpeg road draw"=- Post ny combofix-logg. Endret 10. mars 2008 av norbat Lenke til kommentar
matskjorum Skrevet 10. mars 2008 Forfatter Del Skrevet 10. mars 2008 tusen takk:P her er combofix logg: ComboFix 08-03-10.1 - mats 2008-03-10 22:40:21.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.833 [GMT 1:00] Running from: C:\Users\mats\Desktop\ComboFix.exe Command switches used :: C:\Users\mats\Desktop\CFScript.txt..txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Flawsizecomp C:\ProgramData\Flawsizecomp\Dart Grey Boob.exe C:\ProgramData\Flawsizecomp\peoweqil.exe C:\ProgramData\way rdr ford mpeg C:\ProgramData\way rdr ford mpeg\title 64.exe C:\Users\All Users\Flawsizecomp\Dart Grey Boob.exe C:\Users\All Users\Flawsizecomp\peoweqil.exe C:\Users\All Users\way rdr ford mpeg\title 64.exe . ((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))) . 2008-03-09 16:38 . 2008-03-09 16:38 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-03-09 16:38 . 2008-03-09 16:38 <DIR> d-------- C:\ProgramData\Apple Computer 2008-03-09 16:37 . 2008-03-09 16:37 <DIR> d-------- C:\Users\All Users\Apple 2008-03-09 16:37 . 2008-03-09 16:37 <DIR> d-------- C:\ProgramData\Apple 2008-03-09 16:37 . 2008-03-09 16:37 <DIR> d-------- C:\Program Files\Apple Software Update 2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\Users\mats\AppData\Roaming\SUPERAntiSpyware.com 2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-03-09 16:13 . 2008-03-09 16:13 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-03-09 16:12 . 2008-03-09 16:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-08 23:39 . 2008-03-08 23:43 <DIR> d-------- C:\Users\mats\AppData\Roaming\BitDownload 2008-03-08 23:10 . 2008-03-08 23:11 <DIR> d-------- C:\Program Files\BitLord2 2008-03-05 15:54 . 2008-03-05 15:54 <DIR> d-------- C:\Program Files\Hunting Unlimited 2 2008-03-02 17:59 . 2008-03-07 15:31 <DIR> d-------- C:\Users\mats\AppData\Roaming\dvdcss 2008-02-29 19:15 . 2008-02-29 19:15 <DIR> d-------- C:\Users\mats\AppData\Roaming\Leadertech 2008-02-29 19:11 . 2008-02-29 19:11 <DIR> d-------- C:\Program Files\NovaLogic 2008-02-29 19:10 . 1998-10-29 15:45 306,688 --a------ C:\Windows\IsUninst.exe 2008-02-27 19:24 . 2008-02-27 19:24 <DIR> d-------- C:\Users\mats\AppData\Roaming\Publish Providers 2008-02-27 19:23 . 2008-02-27 19:23 <DIR> d-------- C:\Users\mats\AppData\Roaming\Sony 2008-02-27 19:23 . 2008-02-29 16:03 <DIR> d-a------ C:\Users\All Users\TEMP 2008-02-27 19:23 . 2008-02-29 16:03 <DIR> d-a------ C:\ProgramData\TEMP 2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\Users\All Users\Sony 2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\ProgramData\Sony 2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\Program Files\Vstplugins 2008-02-27 19:20 . 2008-02-27 19:20 <DIR> d-------- C:\Program Files\Sony 2008-02-27 19:17 . 2008-02-27 19:17 <DIR> d-------- C:\Program Files\Sony Vegas Pro 8a 2008-02-27 16:10 . 2008-03-09 16:39 <DIR> d-------- C:\Program Files\QuickTime 2008-02-26 15:09 . 2008-02-26 15:09 <DIR> d-------- C:\Users\mats\AppData\Roaming\vlc 2008-02-26 15:08 . 2008-02-26 15:08 <DIR> d-------- C:\Program Files\VideoLAN 2008-02-25 15:57 . 2008-03-10 14:47 27,240 --a------ C:\Users\mats\AppData\Roaming\nvModes.dat 2008-02-25 14:58 . 2008-02-25 14:58 <DIR> d-------- C:\Users\mats\AppData\Roaming\Intel 2008-02-24 22:29 . 2008-02-24 22:29 <DIR> d-------- C:\Users\mats\AppData\Roaming\Creative 2008-02-24 22:10 . 2008-03-08 23:37 <DIR> d-------- C:\Users\mats\AppData\Roaming\LimeWire 2008-02-24 22:09 . 2008-02-24 22:09 <DIR> d-------- C:\Program Files\LimeWire 2008-02-24 20:23 . 2008-02-24 20:23 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-02-24 20:23 . 2008-02-24 20:23 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-02-24 20:19 . 2008-02-24 20:19 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-02-24 20:18 . 2008-02-24 20:18 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-24 20:18 . 2008-02-24 20:18 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-02-24 20:18 . 2008-02-24 20:18 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-02-24 20:17 . 2008-02-24 20:17 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-02-24 20:14 . 2008-02-24 20:14 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-02-24 19:51 . 2008-02-24 19:51 1,712,984 --a------ C:\Windows\System32\wuaueng.dll 2008-02-24 19:51 . 2008-02-24 19:51 1,524,224 --a------ C:\Windows\System32\wucltux.dll 2008-02-24 19:51 . 2008-02-24 19:51 53,080 --a------ C:\Windows\System32\wuauclt.exe 2008-02-24 19:51 . 2008-02-24 19:51 43,352 --a------ C:\Windows\System32\wups2.dll 2008-02-24 19:50 . 2008-02-24 19:50 549,720 --a------ C:\Windows\System32\wuapi.dll 2008-02-24 19:50 . 2008-02-24 19:50 80,896 --a------ C:\Windows\System32\wudriver.dll 2008-02-24 19:50 . 2008-02-24 19:50 33,624 --a------ C:\Windows\System32\wups.dll 2008-02-24 19:49 . 2008-02-24 19:49 163,000 --a------ C:\Windows\System32\wuwebv.dll 2008-02-24 19:49 . 2008-02-24 19:49 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-02-24 19:32 . 2008-02-24 19:32 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-02-24 19:32 . 2008-02-24 19:32 <DIR> d-------- C:\ProgramData\WLInstaller 2008-02-24 19:32 . 2008-02-24 19:47 <DIR> d-------- C:\Program Files\Windows Live 2008-02-24 19:32 . 2008-02-24 19:47 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-24 19:20 . 2008-02-24 19:20 <DIR> d-------- C:\Users\mats\AppData\Roaming\Roxio 2008-02-24 19:19 . 2008-02-24 19:19 <DIR> d-------- C:\Users\mats\Bluetooth Software 2008-02-24 19:18 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Searches 2008-02-24 19:18 . 2008-03-05 23:05 <DIR> dr------- C:\Users\mats\Contacts 2008-02-24 19:17 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Videos 2008-02-24 19:17 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Saved Games 2008-02-24 19:17 . 2008-02-17 19:00 <DIR> d-------- C:\Users\mats\Roaming 2008-02-24 19:17 . 2008-03-09 15:46 <DIR> dr------- C:\Users\mats\Pictures 2008-02-24 19:17 . 2008-02-28 16:24 <DIR> dr------- C:\Users\mats\Music 2008-02-24 19:17 . 2008-02-24 19:18 <DIR> dr------- C:\Users\mats\Links 2008-02-24 19:17 . 2008-03-09 00:03 <DIR> dr------- C:\Users\mats\Downloads 2008-02-24 19:17 . 2008-03-08 23:39 <DIR> dr------- C:\Users\mats\Documents 2008-02-24 19:17 . 2006-11-02 13:37 <DIR> d-------- C:\Users\mats\AppData\Roaming\Media Center Programs 2008-02-24 19:17 . 2008-02-24 19:18 <DIR> d--h----- C:\Users\mats\AppData 2008-02-24 19:12 . 2008-02-24 19:12 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts 2008-02-24 19:12 . 2008-03-10 22:45 9,162 --a------ C:\Windows\System32\Config.MPF 2008-02-18 02:37 . 2008-02-18 02:37 <DIR> d-------- C:\Program Files\DellTPad 2008-02-18 02:35 . 2008-02-18 02:35 1,335,296 --a------ C:\Windows\System32\msxml6.dll 2008-02-18 02:35 . 2008-02-18 02:35 229,888 --a------ C:\Windows\System32\msshsq.dll 2008-02-18 02:35 . 2008-02-18 02:35 205,824 --a------ C:\Windows\System32\msoeacct.dll 2008-02-18 02:35 . 2008-02-18 02:35 87,040 --a------ C:\Windows\System32\msoert2.dll 2008-02-18 02:35 . 2008-02-18 02:35 39,424 --a------ C:\Windows\System32\ACCTRES.dll 2008-02-18 02:35 . 2008-02-18 02:35 2,048 --a------ C:\Windows\System32\msxml6r.dll 2008-02-18 02:34 . 2008-02-18 02:34 750,080 --a------ C:\Windows\System32\qmgr.dll 2008-02-18 02:32 . 2008-02-18 02:32 8,147,968 --a------ C:\Windows\System32\wmploc.DLL 2008-02-18 02:32 . 2008-02-18 02:32 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll 2008-02-18 02:32 . 2008-02-18 02:32 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll 2008-02-18 02:32 . 2008-02-18 02:32 7,680 --a------ C:\Windows\System32\spwmp.dll 2008-02-18 02:32 . 2008-02-18 02:32 4,096 --a------ C:\Windows\System32\msdxm.ocx 2008-02-18 02:32 . 2008-02-18 02:32 4,096 --a------ C:\Windows\System32\dxmasf.dll 2008-02-18 02:30 . 2008-02-18 02:30 633,856 --a------ C:\Windows\System32\user32.dll 2008-02-18 02:30 . 2008-02-18 02:30 223,232 --a------ C:\Windows\System32\WMASF.DLL 2008-02-18 02:30 . 2008-02-18 02:30 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2008-02-18 02:30 . 2008-02-18 02:30 2,048 --a------ C:\Windows\System32\asferror.dll 2008-02-18 02:28 . 2008-02-18 02:28 82,432 --a------ C:\Windows\System32\drivers\sdbus.sys 2008-02-18 02:27 . 2008-02-18 02:27 130,048 --a------ C:\Windows\System32\drivers\srv2.sys 2008-02-18 02:27 . 2008-02-18 02:27 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys 2008-02-18 02:27 . 2008-02-18 02:27 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys 2008-02-18 02:27 . 2008-02-18 02:27 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys 2008-02-18 02:27 . 2008-02-18 02:27 2,048 --a------ C:\Windows\System32\tzres.dll 2008-02-18 02:25 . 2008-02-18 02:25 1,191,936 --a------ C:\Windows\System32\msxml3.dll 2008-02-18 02:25 . 2008-02-18 02:25 737,792 --a------ C:\Windows\System32\inetcomm.dll 2008-02-18 02:25 . 2008-02-18 02:25 376,320 --a------ C:\Windows\System32\winsrv.dll 2008-02-18 02:25 . 2008-02-18 02:25 84,480 --a------ C:\Windows\System32\INETRES.dll 2008-02-18 02:25 . 2008-02-18 02:25 49,664 --a------ C:\Windows\System32\csrsrv.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-24 19:56 --------- d-----w C:\Program Files\Windows Sidebar 2008-02-24 19:56 --------- d-----w C:\Program Files\Windows Mail 2008-02-24 19:19 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-24 19:19 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-24 19:19 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-24 19:19 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-24 19:19 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-24 19:19 217,144 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-24 19:19 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-02-24 19:19 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-24 19:19 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-24 19:19 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-24 19:19 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-02-24 19:19 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-24 19:19 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-02-24 19:18 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-24 19:18 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-24 19:18 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-24 19:18 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-24 19:15 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-24 19:15 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-24 19:15 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-24 19:15 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Start-meny 2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Skrivebord 2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Programdata 2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Maler 2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Favoritter 2008-02-24 18:13 --------- d-sh--w C:\ProgramData\Dokumenter 2008-02-24 18:13 --------- d-sh--w C:\Program Files\Fellesfiler 2008-02-18 01:36 25,784 ------w C:\Windows\system32\drivers\msahci.sys 2008-02-18 01:36 20,152 ------w C:\Windows\system32\drivers\viaide.sys 2008-02-18 01:36 19,128 ------w C:\Windows\system32\drivers\cmdide.sys 2008-02-18 01:36 18,104 ------w C:\Windows\system32\drivers\amdide.sys 2008-02-18 01:36 17,592 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-18 01:36 17,592 ------w C:\Windows\system32\drivers\aliide.sys 2008-02-18 01:31 974,336 ----a-w C:\Windows\System32\crypt32.dll 2008-02-18 01:29 8,192 ----a-w C:\Windows\System32\riched32.dll 2008-02-18 01:28 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys 2008-02-18 01:28 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys 2008-02-18 01:28 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys 2008-02-18 01:25 --------- d-----w C:\Program Files\Windows Defender 2008-02-18 01:21 72,192 ----a-w C:\Windows\System32\dot3msm.dll 2008-02-18 01:20 98,304 ----a-w C:\Windows\System32\mssitlb.dll 2008-02-18 01:19 74,752 ----a-w C:\Windows\system32\drivers\rasl2tp.sys 2008-02-18 01:14 4,802 ----a-w C:\Windows\system32\drivers\1028_Dell_INS_I1720.mrk 2008-02-17 17:45 174 --sha-w C:\Program Files\desktop.ini 2008-01-02 04:37 595,456 ----a-w C:\Windows\System32\stapo.dll 2008-01-02 04:37 492,544 ----a-w C:\Windows\System32\ctapo32.dll 2008-01-02 04:37 45,568 ----a-w C:\Windows\System32\ctppld.dll 2008-01-02 04:37 328,704 ----a-w C:\Windows\System32\stcplx.dll 2008-01-02 04:37 299,520 ----a-w C:\Windows\System32\stapi32.dll 2008-01-02 04:37 146,944 ----a-w C:\Windows\System32\st325614.dll . ((((((((((((((((((((((((((((( snapshot@2008-03-09_23.43.08,33 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-09 21:05:29 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-03-10 21:44:24 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-03-09 16:49:25 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-03-10 21:45:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-03-10 21:45:44 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-03-09 16:49:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-03-10 21:45:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-03-10 21:45:44 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-03-09 19:42:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-03-10 18:05:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-03-09 19:42:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-03-10 18:05:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-03-09 19:42:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-03-10 18:05:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-03-09 22:39:35 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-03-10 21:40:16 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat - 2008-03-09 21:07:20 103,924 ----a-w C:\Windows\System32\perfc009.dat + 2008-03-10 19:37:47 103,924 ----a-w C:\Windows\System32\perfc009.dat - 2008-03-09 21:07:20 79,408 ----a-w C:\Windows\System32\perfc014.dat + 2008-03-10 19:37:47 79,408 ----a-w C:\Windows\System32\perfc014.dat - 2008-03-09 21:07:20 610,142 ----a-w C:\Windows\System32\perfh009.dat + 2008-03-10 19:37:47 610,142 ----a-w C:\Windows\System32\perfh009.dat - 2008-03-09 21:07:20 476,858 ----a-w C:\Windows\System32\perfh014.dat + 2008-03-10 19:37:47 476,858 ----a-w C:\Windows\System32\perfh014.dat - 2008-03-09 16:49:45 3,698 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1082007917-3614400394-4259456713-1000_UserData.bin + 2008-03-10 13:48:35 3,798 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1082007917-3614400394-4259456713-1000_UserData.bin - 2008-03-09 16:49:45 56,734 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-03-10 13:48:35 57,026 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-03-09 16:49:42 32,746 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-03-10 13:48:33 32,932 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "BitDownload"="C:\Program Files\BitDownload\BitDownload.exe" [ ] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] "coalmfcd"="C:\ProgramData\license seek seek.4auys" [2008-03-09 23:49 90128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-18 02:25 1006264] "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 07:03 17920] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 10:27 159744] "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 06:58 36864] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 05:37 405504] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-25 10:13 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-25 10:13 8433664] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-25 10:13 81920] "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-25 10:13 67584] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-02-17 18:56 77824] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-17 19:16 1838592] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-27 16:10 385024] "combofix"="C:\Windows\system32\CF27053.exe" [2006-11-02 10:44 320000] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-17 18:59:37 50688] QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-02-17 18:58:36 45056] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{8BF1F8AB-EFF8-44FD-ACB7-1958BEE3E0FE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{6A12A936-4B39-4B63-B837-AA598A4F9BCD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{B20AD5AA-C68C-4258-B552-EFA8341D3E61}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{84B05050-70C4-4E7B-BDEC-D7C7C39F29F5}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect|Desc=Dell MediaDirect "{23964B9B-FD4F-49F6-AD62-4B02B654769C}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program|Desc=CyberLink PowerCinema Resident Program "{52B527F2-62B1-45FC-A368-7C7F0DCE1EDE}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine|Desc=Cyberlink Media Server Browser Engine "{E4D63630-C5A8-49CD-A6FE-7F1AF06228B4}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server|Desc=CyberLink Media Server "{F51BD284-F77E-469C-8CBF-43164A87AD00}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37] R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13] R3 NETw4v32;Intel® Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 10:44] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 06:58] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 06:59] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder "2008-02-17 18:21:22 C:\Windows\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2008-02-17 18:21:22 C:\Windows\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-10 22:46:41 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\system32\WLANExt.exe C:\Windows\system32\aestsrv.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\McAfee\MPS\mpsevh.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Windows\system32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe . ************************************************************************** . Completion time: 2008-03-10 22:48:24 - machine was rebooted [mats] ComboFix-quarantined-files.txt 2008-03-10 21:48:20 ComboFix2.txt 2008-03-09 22:43:33 . 2008-02-26 13:45:51 --- E O F --- Lenke til kommentar
norbat Skrevet 10. mars 2008 Del Skrevet 10. mars 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgnedel linje (hvis tilstede) og klikk Fix checked: O4 - HKCU\..\Run: [coalmfcd] "C:\ProgramData\license seek seek.2d31mc" Hvordan går det med 'problemet'? Lenke til kommentar
matskjorum Skrevet 10. mars 2008 Forfatter Del Skrevet 10. mars 2008 trur det er borte nå. for se om et kvarter... Tusen Takk for all hjelp... Lenke til kommentar
matskjorum Skrevet 10. mars 2008 Forfatter Del Skrevet 10. mars 2008 ingen popups:P takk takk:P Lenke til kommentar
norbat Skrevet 11. mars 2008 Del Skrevet 11. mars 2008 Fint. Du kan avinstallere combofix ved å skrive combofix /u i kjør/søk-feltet Surf trygt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå