Gå til innhold

trenger sjekk guide utført

sommer87

Av sommer87
i IKT-drift og sikkerhet

Anbefalte innlegg

snippsat

snippsat

Skrevet
Skrevet (endret)
så defence gjør samme nytten som avira->jeg bør avinstallere defence?

Prøv og ha den på,husk at det tar en stund før den lærer alt.

Du kan disable den høyereklikk ikon "defence+ disable"

Nod32 blokker med sitt ThreatSense system.

Defor har jeg den ikke på.

 

Tenkte på om den melding kom på en webside eller flere.

Endret av SNIPPSAT
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
sommer87

sommer87

Skrevet
  • Forfatter
Skrevet
så defence gjør samme nytten som avira->jeg bør avinstallere defence?

Prøv og ha den på,husk at det tar en stund før den lærer alt.

Du kan disable den høyereklikk ikon "defence+ disable"

Nod32 blokker med sitt ThreatSense system.

Defor har jeg den ikke på.

 

Tenkte på om den melding kom på en webside eller flere.

virker jo ikke som at det er noe ende på hvor mange hosts.xyz-filer den skal komme med. hver eneste gang er det ett nytt etternavn. Er det grunn til å tro at det er noe galt med dette?

Lenke til kommentar
snippsat

snippsat

Skrevet
Skrevet (endret)

Kom til og tenke på nolop glemte den.

http://www.precisesecurity.com/adware-spy/cidpu.htm

 

Kjør combofix en gang til fikk ikke med hele loggen sist.

 

Hadde en instruks liggende.

Hent NoLop legg det på skrivebordet.

 

Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen.

 

Ha på popup blokkering.

Verktøy->popup blokkering

 

Cookie som dette.

Verktøy->personvern->avansert->tredjepart informasjonkapsel blokkere

Førstepart informasjonkapsel godta

Endret av SNIPPSAT
Lenke til kommentar
sommer87

sommer87

Skrevet
  • Forfatter
Skrevet (endret)

hvor ble det av de hjt-linjene? skal jeg ikke fjerne dem likavel?

 

kjører nolop nå. skal det vere noen logg til dette?

 

Klikk for å se/fjerne innholdet nedenfor
NoLop! Log by Skate_Punk_21

 

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

 

Fix running from: C:\Documents and Settings\gunn beate gjengedal\Skrivebord

[20.03.08]

[11:51:38]

 

---Infection Files Found/Removed---

C:\WINDOWS\tasks\ABF65BED9189CE09.job

 

Beginning Removal...

Rebooting...

Removing Lop's Leftover Files/Folders...

Editing Registry...

**Fix Complete!**

 

---Listing AppData sub directories---

 

 

*fikk i skrivende stund ny cid :) (se vedliegg)

 

*dobbeltsjekker at pop-up blokk fertsatt er på (var det fra før). Går deretter inn i avansert, og fjerner klarerte områder*

 

*ny type popup: http://www.be2.no/?partnerid=NO0308DDA01*

 

*kjører combofix*

 

edit: rett etterpå, ny cid

post-114827-1206010961_thumb.jpg

post-114827-1206011082_thumb.jpg

Endret av irritert
Lenke til kommentar
sommer87

sommer87

Skrevet
  • Forfatter
Skrevet (endret)

nå har jeg prøvd combofix en gang i normalmodus, og 3 ganger i sikkermodus, og hvergang har det kommet blåskjerm når den er på omtrent step 2.

 

meldingen er som følger:

 

invalid_process_attach_attempt

 

teknisk informasjon

 

*** STOP: 0x00000005 (0x86470630, 0x867c6830,

0x00000001, 0x864703B8)

 

 

dumper fysisk minne til disk.: [tall som teller opp til mer enn 60]

 

 

now what?

 

 

edit: coocie blokert tredjepart infokapsel blokkert. førstepart godtatt

Endret av irritert
Lenke til kommentar
snippsat

snippsat

Skrevet
Skrevet (endret)

Ahh greide ikke nolop og fjerne dette.

 

Kjør nolop i flere også i sikkerhetmodus.

Fant en job fil ser jeg.

 

Husk og renske host filen etter dette.

 

Denne gjør det samme som combofix.

Hent Deckard legg på skrivebord.

Kjør dss.exe og følge veiledningen.

Når scanningen er ferdig, åpnes det en logg (main.txt). Den kopierer du og poster

Endret av SNIPPSAT
Lenke til kommentar
sommer87

sommer87

Skrevet
  • Forfatter
Skrevet

kom to logger med det programmet:

 

Klikk for å se/fjerne innholdet nedenfor
Klikk for å se/fjerne innholdet nedenfor
Deckard's System Scanner v20071014.68

Run by gunn beate gjengedal on 2008-03-20 18:02:13

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 3 Restore Point(s) --

3: 2008-03-20 17:02:17 UTC - RP3 - Deckard's System Scanner Restore Point

2: 2008-03-20 02:00:30 UTC - RP2 - Software Distribution Service 3.0

1: 2008-03-20 00:25:22 UTC - RP1 - Kontrollpunkt for system

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as gunn beate gjengedal.exe) --------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:03, on 2008-03-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe

C:\Programfiler\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programfiler\COMODO\Firewall\cfp.exe

C:\Programfiler\RALINK\Common\RaUI.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\Programfiler\COMODO\Firewall\cmdagent.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\gunn beate gjengedal\Skrivebord\dss.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\gunn beate gjengedal.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\COMODO\Firewall\cfp.exe" -h

O4 - HKCU\..\Run: [show obj] C:\DOCUME~1\GUNNBE~1\PROGRA~1\CDROML~1\bolt cake spam.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programfiler\COMODO\Firewall\cmdagent.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 5778 bytes

 

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

 

backup-20080319-195159-137 O4 - HKLM\..\Run: [find trust seek mail] C:\Documents and Settings\All Users\Programdata\Defy Memo Find Trust\curb drive.exe

backup-20080319-195159-789 O4 - HKCU\..\Run: [show obj] C:\DOCUME~1\GUNNBE~1\PROGRA~1\CDROML~1\bolt cake spam.exe

backup-20080319-232215-130 O4 - Global Startup: BTTray.lnk = ?

backup-20080319-232215-138 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

backup-20080319-232215-204 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?1691ae2a199d4d5387a07cf52e7f745f

backup-20080319-232215-227 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

backup-20080319-232215-273 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

backup-20080319-232215-287 O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

backup-20080319-232215-324 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

backup-20080319-232215-339 O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

backup-20080319-232215-422 O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

backup-20080319-232215-584 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

backup-20080319-232215-591 O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

backup-20080319-232215-607 O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

backup-20080319-232215-638 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

backup-20080319-232215-664 O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?1691ae2a199d4d5387a07cf52e7f745f

backup-20080319-232215-922 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

backup-20080319-232215-960 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

S3 rtl8139 (Realtek RTL8139(A/B/C)-basert PCI Fast Ethernet-kort NT-driver) - c:\windows\system32\drivers\rtl8139.sys (file missing)

S3 SASENUM - c:\programfiler\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\programfiler\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>

 

S3 hpqwmi (HP WMI Interface) - c:\programfiler\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318}

Description: Standard diskettkontroller

Device ID: ROOT\*PNP0700\1_0_13_0_0_0

Manufacturer: (Standard diskettkontrollere)

Name: Standard diskettkontroller

PNP Device ID: ROOT\*PNP0700\1_0_13_0_0_0

Service: fdc

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-03-20 18:03:00 282 --a------ C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

 

 

-- Files created between 2008-02-20 and 2008-03-20 -----------------------------

 

2008-03-20 18:00:21 106 --a------ C:\delete.bat

2008-03-20 12:28:27 0 d-------- C:\ComboFixc

2008-03-20 12:16:00 68096 --a------ C:\WINDOWS\system32\zip.exe

2008-03-20 12:16:00 98816 --a------ C:\WINDOWS\system32\sed.exe

2008-03-20 12:16:00 80412 --a------ C:\WINDOWS\system32\grep.exe

2008-03-20 12:16:00 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-03-20 11:51:53 0 d-------- C:\NoLopBackups

2008-03-20 01:05:14 0 d-------- C:\Programfiler\COMODO

2008-03-19 23:07:45 1154 --a------ C:\WINDOWS\mozver.dat

2008-03-19 22:27:46 0 d-------- C:\Programfiler\Avira

2008-03-19 21:54:46 0 d-------- C:\WINDOWS\pss

2008-03-19 18:02:06 0 d-------- C:\Programfiler\SUPERAntiSpyware

2008-03-19 18:01:47 0 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-03-19 17:39:51 0 d-------- C:\Programfiler\CCleaner

2008-03-19 17:28:28 0 d-------- C:\Programfiler\Trend Micro

2008-03-19 17:25:06 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-12 17:38:01 0 d-------- C:\Programfiler\Macrogaming

2008-03-12 00:18:45 0 d-------- C:\Programfiler\CDROM LESS

2008-03-11 12:55:02 0 d-------- C:\Programfiler\Windows Media Connect 2

2008-03-11 12:53:11 0 d-------- C:\WINDOWS\system32\drivers\UMDF

2008-03-11 12:42:19 0 d-------- C:\My Downloads

2008-03-11 12:18:17 0 d-------- C:\Programfiler\DivX

2008-03-11 12:17:43 0 d-------- C:\Programfiler\Yahoo!

2008-03-11 12:14:48 0 d-------- C:\Programfiler\Get-Torrent

2008-03-04 12:28:08 0 d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-03-03 23:10:11 0 d-------- C:\Programfiler\The_Pirate_Bay

2008-03-03 23:10:11 0 d-------- C:\Programfiler\Conduit

2008-03-03 22:09:52 0 d-------- C:\Programfiler\uTorrent

2008-03-03 16:59:40 0 d-------- C:\WINDOWS\system32\PreInstall

2008-03-02 18:14:38 290897 --a------ C:\WINDOWS\system32\Install6x.dll <Not Verified; ; Install Dynamic Link Library>

2008-03-02 18:14:38 8192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin

2008-03-02 18:14:38 8192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin

2008-03-02 18:14:38 8192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin

2008-03-02 18:14:38 243328 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS <Not Verified; Ralink Technology Inc.; RT2500 802.11g Wireless Adapters>

2008-03-02 18:14:38 311296 --a------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application>

2008-03-02 18:14:38 162 --a------ C:\WINDOWS\filespec6x

2008-02-25 20:48:10 0 d-------- C:\Programfiler\RALINK

2008-02-22 22:08:30 0 d-------- C:\WINDOWS\system32\LogFiles

2008-02-22 20:43:18 0 d-------- C:\Programfiler\Windows Live Toolbar

2008-02-22 20:42:19 0 d-------- C:\Programfiler\MSN Messenger

2008-02-22 20:08:01 0 d-------- C:\Programfiler\LimeWire

2008-02-22 18:52:38 0 d-------- C:\WINDOWS\system32\SoftwareDistribution

2008-02-21 03:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-02-21 03:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>

2008-02-21 03:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>

2008-02-21 03:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>

2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>

2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>

2008-02-21 03:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>

2008-02-21 03:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-03-20 14:25:03 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\uTorrent

2008-03-20 01:05:18 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Comodo

2008-03-19 23:40:15 0 d-------- C:\Programfiler\Fellesfiler\Symantec Shared

2008-03-19 22:55:04 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS

2008-03-19 22:05:48 0 d-------- C:\Programfiler\QuickTime

2008-03-19 18:02:06 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\SUPERAntiSpyware.com

2008-03-19 18:01:47 0 d-------- C:\Programfiler\Fellesfiler

2008-03-19 17:24:43 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Mozilla

2008-03-14 01:08:59 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\DivX

2008-03-11 14:55:59 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\LimeWire

2008-03-11 12:18:46 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Yahoo!

2008-03-04 12:51:28 384784 --a------ C:\WINDOWS\system32\perfh014.dat

2008-03-04 12:51:28 60326 --a------ C:\WINDOWS\system32\perfc014.dat

2008-03-02 23:20:57 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Adobe

2008-03-02 18:13:37 0 d--h----- C:\Programfiler\InstallShield Installation Information

2008-02-22 19:14:46 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Help

2008-02-22 19:13:22 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Macromedia

2008-02-19 13:08:59 0 d-------- C:\Programfiler\Hewlett-Packard

2008-02-19 13:08:58 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\InstallShield

2008-02-19 11:10:53 0 d-------- C:\Programfiler\InterVideo

2008-02-19 11:09:52 0 d-------- C:\Programfiler\HPQ

2008-01-25 11:53:50 23424 --a------ C:\WINDOWS\system32\emptyregdb.dat

2008-01-23 23:55:50 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\InterVideo

2008-01-23 18:50:40 0 d-------- C:\Programfiler\Intel

2008-01-23 17:39:25 0 d-------- C:\Programfiler\Microsoft IntelliPoint

2008-01-23 16:34:54 0 d-------- C:\Programfiler\Fellesfiler\ODBC

2008-01-23 16:34:50 0 d-------- C:\Programfiler\Fellesfiler\SpeechEngines

2008-01-23 16:32:33 62 --ahs---- C:\Documents and Settings\gunn beate gjengedal\Programdata\desktop.ini

2008-01-23 16:27:15 0 d-------- C:\Programfiler\Messenger

2008-01-23 16:20:27 0 d-------- C:\Programfiler\Java

2008-01-23 16:19:56 0 d-------- C:\Programfiler\Fellesfiler\Java

2008-01-23 16:19:28 0 d-------- C:\Programfiler\Fellesfiler\InstallShield

2008-01-23 16:18:18 0 d-------- C:\Programfiler\Fellesfiler\TiVo Shared

2008-01-23 16:18:15 0 d-------- C:\Programfiler\Sonic

2008-01-23 16:17:38 0 d-------- C:\Programfiler\Fellesfiler\SureThing Shared

2008-01-23 16:17:26 0 d-------- C:\Programfiler\Fellesfiler\Sonic Shared

2008-01-23 16:15:05 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Apple Computer

2008-01-23 16:09:54 0 d-------- C:\Programfiler\Hp

2008-01-23 15:57:32 0 d-------- C:\Programfiler\ATI Technologies

2008-01-23 15:56:29 0 d-------- C:\Programfiler\Apoint2K

2008-01-23 15:52:33 0 d-------- C:\Programfiler\WIDCOMM

2008-01-23 15:51:12 0 d-------- C:\Programfiler\Analog Devices

2008-01-23 15:49:21 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Identities

2008-01-23 15:43:12 0 d-------- C:\Programfiler\microsoft frontpage

2008-01-23 15:43:05 0 -rahs---- C:\MSDOS.SYS

2008-01-23 15:43:05 0 -rahs---- C:\IO.SYS

2008-01-23 15:43:05 0 --a------ C:\CONFIG.SYS

2008-01-23 15:43:05 0 --a------ C:\AUTOEXEC.BAT

2008-01-23 15:41:50 0 d--h----- C:\Programfiler\WindowsUpdate

2008-01-23 15:41:46 0 d-------- C:\Programfiler\Elektroniske tjenester

2008-01-23 15:40:52 0 d-------- C:\Programfiler\Fellesfiler\Tjenester

2008-01-23 15:40:47 0 d-------- C:\Programfiler\Fellesfiler\MSSoap

2008-01-23 15:40:36 0 d-------- C:\Programfiler\Movie Maker

2008-01-23 15:39:03 0 d-------- C:\Programfiler\MSN Gaming Zone

2008-01-23 15:38:52 0 d-------- C:\Programfiler\Windows NT

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]

"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 08:27]

"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2005-02-08 17:38]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-20 21:15]

"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-03-29 14:45]

"HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]

"eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24]

"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2005-03-24 00:26]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 13:00]

"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45]

"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 11:12 C:\WINDOWS\AGRSMMSG.exe]

"avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 22:50]

"COMODO Firewall Pro"="C:\Programfiler\COMODO\Firewall\cfp.exe" [2008-03-20 01:05]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Show obj"="C:\DOCUME~1\GUNNBE~1\PROGRA~1\CDROML~1\bolt cake spam.exe" [2008-03-12 00:18]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\Common\RaUI.exe [2008-03-02 18:14:46]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"disableregistrytools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

 

 

 

-- End of Deckard's System Scanner: finished at 2008-03-20 18:04:19 ------------

 

Klikk for å se/fjerne innholdet nedenfor
Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: Norwegian

 

CPU 0: Intel® Pentium® M processor 1.60GHz

Percentage of Memory in Use: 34%

Physical Memory (total/avail): 1022.43 MiB / 671.16 MiB

Pagefile Memory (total/avail): 2459.65 MiB / 2106.16 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1931.66 MiB

 

C: is Fixed (NTFS) - 14.65 GiB total, 6.57 GiB free.

D: is Fixed (NTFS) - 59.87 GiB total, 53.06 GiB free.

E: is CDROM (UDF)

 

\\.\PHYSICALDRIVE0 - ST9808210A - 74.53 GiB - 2 partitions

\PARTITION0 (bootable) - Installerbart filsystem - 14.65 GiB - C:

\PARTITION1 - Utvidet med Extended Int 13 - 59.87 GiB - D:

 

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

 

FirstRunDisabled is set.

AntiVirusDisableNotify is set.

FirewallDisableNotify is set.

UpdatesDisableNotify is set.

 

FW: COMODO Firewall Pro v3.0 (COMODO)

AV: Avira AntiVir PersonalEdition v 7.0.3.55

(Avira GmbH)

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\\musikk\\LimeWire\\LimeWire.exe"="D:\\musikk\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Programfiler\\Messenger\\msmsgs.exe"="C:\\Programfiler\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Programfiler\\LimeWire\\LimeWire.exe"="C:\\Programfiler\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Programfiler\\uTorrent\\uTorrent.exe"="C:\\Programfiler\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\gunn beate gjengedal\Programdata

CLIENTNAME=Console

CommonProgramFiles=C:\Programfiler\Fellesfiler

COMPUTERNAME=GUNN-4213D0715D

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\gunn beate gjengedal

LOGONSERVER=\\GUNN-4213D0715D

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programfiler\ATI Technologies\ATI Control Panel

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0d08

ProgramFiles=C:\Programfiler

PROMPT=$P$G

SESSIONNAME=Console

SonicCentral=C:\Programfiler\Fellesfiler\Sonic Shared\Sonic Central\

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\GUNNBE~1\LOKALE~1\Temp

TMP=C:\DOCUME~1\GUNNBE~1\LOKALE~1\Temp

USERDOMAIN=GUNN-4213D0715D

USERNAME=gunn beate gjengedal

USERPROFILE=C:\Documents and Settings\gunn beate gjengedal

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

gunn beate gjengedal (admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 6.0.1 - Norsk --> MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A00000000001}

Agere Systems AC'97 Modem --> agrsmdel

ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL

ATI - Avinstalleringsverktøy for Programvaren --> C:\Programfiler\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Control Panel --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

µTorrent --> "C:\Programfiler\uTorrent\uTorrent.exe" /UNINSTALL

Avira AntiVir PersonalEdition Classic --> C:\Programfiler\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Broadcom 802.11 Wireless LAN Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo

CCleaner (remove only) --> "C:\Programfiler\CCleaner\uninst.exe"

CiD Help --> C:\DOCUME~1\GUNNBE~1\PROGRA~1\CDROML~1\bolt cake spam.exe -uninstall

COMODO Firewall Pro --> C:\Programfiler\COMODO\Firewall\cfpconfg.exe -u

DivX Codec --> C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC

DivX Content Uploader --> C:\Programfiler\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Converter --> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER

Feed-detektor for Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{3DD6C97A-4300-4B0A-AE3A-2419C0583B31}

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HP Help and Support --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x14 -removeonly

HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}

HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}

HP Wireless Assistant 2.00 C1 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\Setup.exe" -l0x14 hpquninst

HP_User_Guides_0005 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{29F3E29B-4B0F-4485-9A48-1A48F3F47247}\setup.exe" -l0x14 -removeonly

InterVideo WinDVD --> "C:\Programfiler\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}

LimeWire 4.16.6 --> "C:\Programfiler\LimeWire\uninstall.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Mozilla Firefox (2.0.0.12) --> C:\Programfiler\Mozilla Firefox\uninstall\helper.exe

OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{037E9698-C8E7-44A7-8F04-0234760B7F2D}

Oppdatering for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Oppdatering for Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"

Popup-blokkering (Windows Live Toolbar) --> MsiExec.exe /X{B32FC5AF-763A-4963-9F94-BCEB3E8F879D}

Quick Launch Buttons 5.10 B5 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x14 -uninst

Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly

REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x14 REMOVE

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Sikkerhetsoppdatering for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Sikkerhetsoppdatering for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Smartmenyer (Windows Live Toolbar) --> MsiExec.exe /X{71750192-A105-4D7B-8AB9-19D8BF423CEA}

Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}

Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}

Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}

Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}

Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

SoundMAX --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x14 -removeonly

SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1} /l1033

Utvidelse for Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{D92258A2-306A-4D6E-877B-0E7F8546553F}

Vis fliker (Windows Live Toolbar) --> MsiExec.exe /X{6E3BCBE0-9FC7-4E2F-B0A1-848721C9215A}

Windows Live Messenger --> MsiExec.exe /I{B4C75EAB-B1B8-4120-B9AF-0852EAE4A434}

Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{175AE50D-A2D5-422D-9650-BFCCD9A13ABA}

Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

Windows Live Toolbar --> "C:\Programfiler\Windows Live Toolbar\UnInstall.exe" {2453396B-8129-4003-B304-9E2BCE5B01A3}

Windows Live Toolbar --> MsiExec.exe /X{2453396B-8129-4003-B304-9E2BCE5B01A3}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows XP hurtigreparasjon - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB883667 --> C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB884575 --> C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB885464 --> C:\WINDOWS\$NtUninstallKB885464$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB885855 --> C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP hurtigreparasjon - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

Windows XP hurtigreparasjon - KB892559 --> "C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe"

 

 

-- Application Event Log -------------------------------------------------------

 

Event Record #/Type1748 / Success

Event Submitted/Written: 03/20/2008 09:47:37 AM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

 

Event Record #/Type1678 / Error

Event Submitted/Written: 03/19/2008 08:47:02 PM

Event ID/Source: 8 / crypt32

Event Description:

Kan ikke automatisk oppdatere henting av tredjeparts rotlistesekvensnummer fra: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> med feil: Kan ikke kontrollere serverens navn eller adresse

 

Event Record #/Type1671 / Success

Event Submitted/Written: 03/19/2008 08:02:19 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

 

Event Record #/Type1656 / Warning

Event Submitted/Written: 03/19/2008 07:53:24 PM

Event ID/Source: 1524 / Userenv

Event Description:

Windows kan ikke laste ut register filen for klasser. Den er fortsatt i bruk av andre programmer eller andre tjenester. Filen lastes ut når den ikke lenger er i bruk.

 

Event Record #/Type1655 / Error

Event Submitted/Written: 03/19/2008 07:30:56 PM

Event ID/Source: 8 / crypt32

Event Description:

Kan ikke automatisk oppdatere henting av tredjeparts rotlistesekvensnummer fra: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> med feil: Kan ikke kontrollere serverens navn eller adresse

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type1939 / Warning

Event Submitted/Written: 03/20/2008 02:17:49 PM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP har nådd sikkerhetsbegrensningen for antall samtidige TCP-tilkoblingsforsøk.

 

Event Record #/Type1934 / Error

Event Submitted/Written: 03/20/2008 00:44:18 PM

Event ID/Source: 1003 / System Error

Event Description:

Feilkode 00000005, parameter1 86470630, parameter2 867c6830, parameter3 00000001, parameter4 864703b8.

 

Event Record #/Type1933 / Error

Event Submitted/Written: 03/20/2008 00:44:15 PM

Event ID/Source: 1003 / System Error

Event Description:

Feilkode 00000005, parameter1 84f947c0, parameter2 865c6830, parameter3 00000001, parameter4 84e6e020.

 

Event Record #/Type1932 / Error

Event Submitted/Written: 03/20/2008 00:44:02 PM

Event ID/Source: 1003 / System Error

Event Description:

Feilkode 00000005, parameter1 8648f7c8, parameter2 867c6830, parameter3 00000001, parameter4 864a26e8.

 

Event Record #/Type1911 / Error

Event Submitted/Written: 03/20/2008 00:35:32 PM

Event ID/Source: 10005 / DCOM

Event Description:

DCOM fikk feilen "%%1084" ved forsøk på å starte tjenesten netman med argument ""

for å kunne kjøre server:

{BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

 

 

-- End of Deckard's System Scanner: finished at 2008-03-20 18:04:19 ------------

 

 

skal kjøre nolop i sikkerhetsmodus med brukeren min, og brukeren administrator...

Lenke til kommentar
sommer87

sommer87

Skrevet
  • Forfatter
Skrevet (endret)

nolop fant ingenting verken på administrator eller brukeren min i sikkerhetsmodus.

 

logg fra dss i sikkerhetsmodus, hvis dere skulle trenge det:

 

Klikk for å se/fjerne innholdet nedenfor
Deckard's System Scanner v20071014.68

Run by Administrator on 2008-03-20 18:18:39

Computer is in Safe Mode.

--------------------------------------------------------------------------------

 

 

 

-- HijackThis (run as Administrator.exe) ---------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:18:47, on 20.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Administrator\Skrivebord\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\COMODO\Firewall\cfp.exe" -h

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programfiler\COMODO\Firewall\cmdagent.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 4954 bytes

 

-- Files created between 2008-02-20 and 2008-03-20 -----------------------------

 

2008-03-20 18:00:21 212 --a------ C:\delete.bat

2008-03-20 12:28:27 0 d-------- C:\ComboFixc

2008-03-20 12:16:00 68096 --a------ C:\WINDOWS\system32\zip.exe

2008-03-20 12:16:00 98816 --a------ C:\WINDOWS\system32\sed.exe

2008-03-20 12:16:00 80412 --a------ C:\WINDOWS\system32\grep.exe

2008-03-20 12:16:00 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-03-20 11:51:53 0 d-------- C:\NoLopBackups

2008-03-20 01:05:14 0 d-------- C:\Programfiler\COMODO

2008-03-19 23:07:45 1154 --a------ C:\WINDOWS\mozver.dat

2008-03-19 22:27:46 0 d-------- C:\Programfiler\Avira

2008-03-19 21:54:46 0 d-------- C:\WINDOWS\pss

2008-03-19 18:02:06 0 d-------- C:\Programfiler\SUPERAntiSpyware

2008-03-19 18:01:47 0 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-03-19 17:39:51 0 d-------- C:\Programfiler\CCleaner

2008-03-19 17:28:28 0 d-------- C:\Programfiler\Trend Micro

2008-03-19 17:25:06 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-12 17:38:01 0 d-------- C:\Programfiler\Macrogaming

2008-03-12 00:18:45 0 d-------- C:\Programfiler\CDROM LESS

2008-03-11 12:55:02 0 d-------- C:\Programfiler\Windows Media Connect 2

2008-03-11 12:53:11 0 d-------- C:\WINDOWS\system32\drivers\UMDF

2008-03-11 12:42:19 0 d-------- C:\My Downloads

2008-03-11 12:18:17 0 d-------- C:\Programfiler\DivX

2008-03-11 12:17:43 0 d-------- C:\Programfiler\Yahoo!

2008-03-11 12:14:48 0 d-------- C:\Programfiler\Get-Torrent

2008-03-04 12:28:08 0 d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-03-03 23:10:11 0 d-------- C:\Programfiler\The_Pirate_Bay

2008-03-03 23:10:11 0 d-------- C:\Programfiler\Conduit

2008-03-03 22:09:52 0 d-------- C:\Programfiler\uTorrent

2008-03-03 16:59:40 0 d-------- C:\WINDOWS\system32\PreInstall

2008-03-02 18:14:38 290897 --a------ C:\WINDOWS\system32\Install6x.dll <Not Verified; ; Install Dynamic Link Library>

2008-03-02 18:14:38 8192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin

2008-03-02 18:14:38 8192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin

2008-03-02 18:14:38 8192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin

2008-03-02 18:14:38 243328 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS <Not Verified; Ralink Technology Inc.; RT2500 802.11g Wireless Adapters>

2008-03-02 18:14:38 311296 --a------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application>

2008-03-02 18:14:38 162 --a------ C:\WINDOWS\filespec6x

2008-02-25 20:48:10 0 d-------- C:\Programfiler\RALINK

2008-02-22 22:08:30 0 d-------- C:\WINDOWS\system32\LogFiles

2008-02-22 20:43:18 0 d-------- C:\Programfiler\Windows Live Toolbar

2008-02-22 20:42:19 0 d-------- C:\Programfiler\MSN Messenger

2008-02-22 20:08:01 0 d-------- C:\Programfiler\LimeWire

2008-02-22 18:52:38 0 d-------- C:\WINDOWS\system32\SoftwareDistribution

2008-02-21 03:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-02-21 03:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>

2008-02-21 03:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>

2008-02-21 03:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>

2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>

2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>

2008-02-21 03:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>

2008-02-21 03:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-03-19 23:40:15 0 d-------- C:\Programfiler\Fellesfiler\Symantec Shared

2008-03-19 22:05:48 0 d-------- C:\Programfiler\QuickTime

2008-03-19 18:01:47 0 d-------- C:\Programfiler\Fellesfiler

2008-03-04 12:51:28 384784 --a------ C:\WINDOWS\system32\perfh014.dat

2008-03-04 12:51:28 60326 --a------ C:\WINDOWS\system32\perfc014.dat

2008-03-02 18:13:37 0 d--h----- C:\Programfiler\InstallShield Installation Information

2008-02-19 13:08:59 0 d-------- C:\Programfiler\Hewlett-Packard

2008-02-19 11:10:53 0 d-------- C:\Programfiler\InterVideo

2008-02-19 11:09:52 0 d-------- C:\Programfiler\HPQ

2008-01-25 11:53:50 23424 --a------ C:\WINDOWS\system32\emptyregdb.dat

2008-01-25 11:46:26 62 --ahs---- C:\Documents and Settings\Administrator\Programdata\desktop.ini

2008-01-23 18:50:40 0 d-------- C:\Programfiler\Intel

2008-01-23 17:39:25 0 d-------- C:\Programfiler\Microsoft IntelliPoint

2008-01-23 16:34:54 0 d-------- C:\Programfiler\Fellesfiler\ODBC

2008-01-23 16:34:50 0 d-------- C:\Programfiler\Fellesfiler\SpeechEngines

2008-01-23 16:27:15 0 d-------- C:\Programfiler\Messenger

2008-01-23 16:20:27 0 d-------- C:\Programfiler\Java

2008-01-23 16:19:56 0 d-------- C:\Programfiler\Fellesfiler\Java

2008-01-23 16:19:28 0 d-------- C:\Programfiler\Fellesfiler\InstallShield

2008-01-23 16:18:18 0 d-------- C:\Programfiler\Fellesfiler\TiVo Shared

2008-01-23 16:18:15 0 d-------- C:\Programfiler\Sonic

2008-01-23 16:17:38 0 d-------- C:\Programfiler\Fellesfiler\SureThing Shared

2008-01-23 16:17:26 0 d-------- C:\Programfiler\Fellesfiler\Sonic Shared

2008-01-23 16:09:54 0 d-------- C:\Programfiler\Hp

2008-01-23 15:57:32 0 d-------- C:\Programfiler\ATI Technologies

2008-01-23 15:56:29 0 d-------- C:\Programfiler\Apoint2K

2008-01-23 15:52:33 0 d-------- C:\Programfiler\WIDCOMM

2008-01-23 15:51:12 0 d-------- C:\Programfiler\Analog Devices

2008-01-23 15:43:12 0 d-------- C:\Programfiler\microsoft frontpage

2008-01-23 15:43:05 0 -rahs---- C:\MSDOS.SYS

2008-01-23 15:43:05 0 -rahs---- C:\IO.SYS

2008-01-23 15:43:05 0 --a------ C:\CONFIG.SYS

2008-01-23 15:43:05 0 --a------ C:\AUTOEXEC.BAT

2008-01-23 15:41:50 0 d--h----- C:\Programfiler\WindowsUpdate

2008-01-23 15:41:46 0 d-------- C:\Programfiler\Elektroniske tjenester

2008-01-23 15:40:52 0 d-------- C:\Programfiler\Fellesfiler\Tjenester

2008-01-23 15:40:47 0 d-------- C:\Programfiler\Fellesfiler\MSSoap

2008-01-23 15:40:36 0 d-------- C:\Programfiler\Movie Maker

2008-01-23 15:39:03 0 d-------- C:\Programfiler\MSN Gaming Zone

2008-01-23 15:38:52 0 d-------- C:\Programfiler\Windows NT

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [14.10.2004 09:11]

"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [06.08.2004 08:27]

"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [08.02.2005 17:38]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [20.06.2005 21:15]

"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [29.03.2005 14:45]

"HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [16.02.2005 23:11]

"eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [03.12.2004 13:24]

"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [24.03.2005 00:26]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04.08.2004 13:00]

"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [13.12.2005 16:45]

"AGRSMMSG"="AGRSMMSG.exe" [13.04.2005 11:12 C:\WINDOWS\AGRSMMSG.exe]

"avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [19.03.2008 22:50]

"COMODO Firewall Pro"="C:\Programfiler\COMODO\Firewall\cfp.exe" [20.03.2008 01:05]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04.08.2004 13:00]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\Common\RaUI.exe [02.03.2008 18:14:46]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

 

 

 

-- End of Deckard's System Scanner: finished at 2008-03-20 18:19:18 ------------

 

 

 

 

hostfila er det ikke noe nytt i...

Endret av irritert
Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

Folder::

C:\Programfiler\CDROM LESS

C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS

C:\Programfiler\Macrogaming

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Show obj"=-

 

Post loggen og fortell hvordan det går med CiD

Lenke til kommentar
sommer87

sommer87

Skrevet
  • Forfatter
Skrevet (endret)

Klikk for å se/fjerne innholdet nedenfor
aComboFix 08-03-18.1 - gunn beate gjengedal 2008-03-20 18:39:51.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.652 [GMT 1:00]

Running from: C:\Documents and Settings\gunn beate gjengedal\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\gunn beate gjengedal\Skrivebord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS

C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS\0

C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS\bolt cake spam.exe

C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS\qgdhmpvq.exe

C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS\tlsnposf.exe

C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS\Usermessdebug.exe

C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS\uvrqppza.exe

C:\Programfiler\CDROM LESS

C:\Programfiler\Macrogaming

C:\Programfiler\Macrogaming\SweetIM\conf\users\[email protected]\emoticons_shortcut.xml

C:\Programfiler\Macrogaming\SweetIM\conf\users\[email protected]\lastuse_Emoticons.xml

C:\Programfiler\Macrogaming\SweetIM\conf\users\[email protected]\user_config.xml

C:\Programfiler\Macrogaming\SweetIM\conf\users\main_user_config.xml

C:\Programfiler\Macrogaming\SweetIM\data\contentdb\000100B9.dat

C:\Programfiler\Macrogaming\SweetIM\data\contentdb\0001089B.dat

C:\Programfiler\Macrogaming\SweetIM\data\contentdb\00020071.dat

C:\Programfiler\Macrogaming\SweetIM\data\contentdb\0002013F.dat

C:\Programfiler\Macrogaming\SweetIM\data\contentdb\00020185.dat

C:\Programfiler\Macrogaming\SweetIM\data\contentdb\00040029.dat

C:\Programfiler\Macrogaming\SweetIM\data\contentdb\0004002B.dat

C:\Programfiler\Macrogaming\SweetIM\data\contentdb\cache_indx.dat

 

.

((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))

.

 

2008-03-20 18:01 . 2008-03-20 18:01 <DIR> d-------- C:\Deckard

2008-03-20 18:00 . 2008-03-20 18:21 318 --a------ C:\delete.bat

2008-03-20 11:51 . 2008-03-20 11:53 <DIR> d-------- C:\NoLopBackups

2008-03-20 03:02 . 2006-11-15 10:45 315,904 --a--c--- C:\WINDOWS\system32\dllcache\unregmp2.exe

2008-03-20 01:05 . 2008-03-20 01:05 <DIR> d-------- C:\Programfiler\COMODO

2008-03-20 01:05 . 2008-03-20 01:05 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Comodo

2008-03-20 01:05 . 2008-03-20 01:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\comodo

2008-03-20 01:05 . 2008-03-20 01:05 139,008 --a------ C:\WINDOWS\system32\guard32.dll

2008-03-20 01:05 . 2008-03-20 01:05 85,112 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys

2008-03-20 01:05 . 2008-03-20 01:05 23,800 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-03-19 23:59 . 2008-03-20 18:38 <DIR> dr-h----- C:\Documents and Settings\gunn beate gjengedal\Siste

2008-03-19 23:07 . 2008-03-19 23:07 1,154 --a------ C:\WINDOWS\mozver.dat

2008-03-19 22:27 . 2008-03-19 22:27 <DIR> d-------- C:\Programfiler\Avira

2008-03-19 22:27 . 2008-03-19 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avira

2008-03-19 22:00 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-03-19 22:00 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-03-19 21:58 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-03-19 21:58 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-03-19 18:02 . 2008-03-19 18:02 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-03-19 18:02 . 2008-03-19 18:02 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\SUPERAntiSpyware.com

2008-03-19 18:02 . 2008-03-19 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-03-19 18:01 . 2008-03-19 18:01 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-03-19 17:39 . 2008-03-19 17:39 <DIR> d-------- C:\Programfiler\CCleaner

2008-03-19 17:28 . 2008-03-19 17:28 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-19 17:25 . 2008-03-19 17:25 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-12 00:18 . 2008-03-12 00:18 680,960 --a------ C:\WINDOWS\isRS-000.tmp

2008-03-11 12:55 . 2008-03-11 12:55 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-03-11 12:53 . 2008-03-20 14:23 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-03-11 12:42 . 2008-03-14 00:18 <DIR> d-------- C:\My Downloads

2008-03-11 12:23 . 2008-03-14 01:08 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\DivX

2008-03-11 12:18 . 2008-03-19 22:00 <DIR> d-------- C:\Programfiler\DivX

2008-03-11 12:18 . 2008-03-11 12:18 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Yahoo!

2008-03-11 12:18 . 2008-02-21 03:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-03-11 12:18 . 2008-02-21 03:05 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe

2008-03-11 12:18 . 2008-02-21 03:05 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe

2008-03-11 12:18 . 2008-02-21 03:05 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-03-11 12:18 . 2008-02-21 03:05 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-03-11 12:17 . 2008-03-19 22:02 <DIR> d-------- C:\Programfiler\Yahoo!

2008-03-11 12:15 . 2008-03-12 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Defy Memo Find Trust

2008-03-11 12:14 . 2008-03-19 22:02 <DIR> d-------- C:\Programfiler\Get-Torrent

2008-03-11 12:12 . 2008-03-11 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Protexis

2008-03-08 09:44 . 2008-03-08 09:44 268 --ah----- C:\sqmdata00.sqm

2008-03-08 09:44 . 2008-03-08 09:44 244 --ah----- C:\sqmnoopt00.sqm

2008-03-04 12:28 . 2008-03-04 12:28 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-03-03 23:10 . 2008-03-19 21:53 <DIR> d-------- C:\Programfiler\The_Pirate_Bay

2008-03-03 23:10 . 2008-03-19 21:53 <DIR> d-------- C:\Programfiler\Conduit

2008-03-03 22:09 . 2008-03-03 22:09 <DIR> d-------- C:\Programfiler\uTorrent

2008-03-03 22:09 . 2008-03-20 14:25 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\uTorrent

2008-03-03 16:59 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-03-02 18:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-02 18:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-02 18:15 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-02 18:14 . 2006-03-09 11:33 366,080 --a------ C:\WINDOWS\system32\drivers\rt61.sys

2008-03-02 18:14 . 2005-05-17 15:24 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe

2008-03-02 18:14 . 2006-01-17 14:51 290,897 --a------ C:\WINDOWS\system32\Install6x.dll

2008-03-02 18:14 . 2005-10-20 15:00 243,328 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS

2008-03-02 18:14 . 2008-03-02 18:14 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-03-02 18:14 . 2005-10-26 14:22 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin

2008-03-02 18:14 . 2005-10-26 14:22 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin

2008-03-02 18:14 . 2005-10-26 14:22 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin

2008-03-02 18:14 . 2005-06-16 00:30 162 --a------ C:\WINDOWS\filespec6x

2008-02-25 20:48 . 2008-03-02 18:13 <DIR> d-------- C:\Programfiler\RALINK

2008-02-22 22:08 . 2008-03-11 12:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-02-22 20:45 . 2008-02-22 20:45 <DIR> d---s---- C:\Documents and Settings\gunn beate gjengedal\UserData

2008-02-22 20:43 . 2008-02-22 20:43 <DIR> d-------- C:\Programfiler\Windows Live Toolbar

2008-02-22 20:43 . 2008-02-22 20:43 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Contacts

2008-02-22 20:43 . 2008-02-22 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Windows Live Toolbar

2008-02-22 20:42 . 2008-02-22 20:42 <DIR> d-------- C:\Programfiler\MSN Messenger

2008-02-22 20:08 . 2008-02-22 20:08 <DIR> d-------- C:\Programfiler\LimeWire

2008-02-22 19:34 . 2006-06-01 19:50 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll

2008-02-22 19:34 . 2006-06-01 19:50 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll

2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax

2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-19 22:40 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-03-19 21:05 --------- d-----w C:\Programfiler\QuickTime

2008-03-11 13:55 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\LimeWire

2008-03-02 17:13 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-02-19 12:08 --------- d-----w C:\Programfiler\Hewlett-Packard

2008-02-19 12:08 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\InstallShield

2008-02-19 10:12 1,614 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Pavilion dv4000 (EN440EA#ABN)_YN_0Pavi_Q2CE609085Y_EU_46_I309E_SHP_V52.0C_BF.04_T051209_WXH2_L414_M1023_J8

_7Intel_8Pentium M_91.6_#080123_N10EC8139_(EN440EA#ABN)_XMOBILE_CN10_Z8086266D_2_G10025653.MRK

2008-02-19 10:10 --------- d-----w C:\Programfiler\InterVideo

2008-02-19 10:09 --------- d-----w C:\Programfiler\HPQ

2008-01-23 22:55 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\InterVideo

2008-01-23 17:50 --------- d-----w C:\Programfiler\Intel

2008-01-23 16:39 --------- d-----w C:\Programfiler\Microsoft IntelliPoint

2008-01-23 15:20 --------- d-----w C:\Programfiler\Java

2008-01-23 15:19 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-01-23 15:19 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-01-23 15:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\InstallShield

2008-01-23 15:18 --------- d-----w C:\Programfiler\Sonic

2008-01-23 15:18 --------- d-----w C:\Programfiler\Fellesfiler\TiVo Shared

2008-01-23 15:17 --------- d-----w C:\Programfiler\Fellesfiler\SureThing Shared

2008-01-23 15:17 --------- d-----w C:\Programfiler\Fellesfiler\Sonic Shared

2008-01-23 15:15 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\Apple Computer

2008-01-23 15:14 --------- d-----w C:\Documents and Settings\All Users\Programdata\QuickTime

2008-01-23 15:14 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-01-23 15:09 --------- d-----w C:\Programfiler\Hp

2008-01-23 14:57 --------- d-----w C:\Programfiler\ATI Technologies

2008-01-23 14:56 --------- d-----w C:\Programfiler\Apoint2K

2008-01-23 14:52 --------- d-----w C:\Programfiler\WIDCOMM

2008-01-23 14:51 --------- d-----w C:\Programfiler\Analog Devices

2008-01-23 14:43 --------- d-----w C:\Programfiler\microsoft frontpage

2008-01-23 14:41 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-01-23 14:40 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 08:27 860160]

"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2005-02-08 17:38 159744]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-20 21:15 344064]

"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-03-29 14:45 233534]

"HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]

"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2005-03-24 00:26 217088]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 13:00 59392]

"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45 507904]

"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 11:12 88209 C:\WINDOWS\AGRSMMSG.exe]

"avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 22:50 249896]

"COMODO Firewall Pro"="C:\Programfiler\COMODO\Firewall\cfp.exe" [2008-03-20 01:05 1503488]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\Common\RaUI.exe [2008-03-02 18:14:46 606208]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:54 5674352 C:\Programfiler\MSN Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-06-03 03:52 36975 C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

--a------ 2008-02-29 16:03 1481968 C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\musikk\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

 

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-03-20 01:05]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-03-20 01:05]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-20 17:03:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-20 18:41:21

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????3?9?8?-??????? ???B?????????????hLC????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-20 18:41:52

ComboFix-quarantined-files.txt 2008-03-20 17:41:43

.

2008-03-20 02:09:25 --- E O F ---

 

skal bruke maskinen litt, så får dere vite det ;)

Endret av irritert
Lenke til kommentar
sommer87

sommer87

Skrevet
  • Forfatter
Skrevet
Hei norbat.

 

Greit og få litt hjelp :thumbup:

ja, alltid fint med litt hjelp :)

 

har ikke fått no cid-er etter siste melding fra norbat :)

 

Takker SNIPPSAT veldig for hjelpen han har satt av til nå, og selvsagt NORBAT sin siste "killer" :)

 

kommer tilbake hvis det skulle vere noe mer

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...