snippsat Skrevet 20. mars 2008 Del Skrevet 20. mars 2008 (endret) så defence gjør samme nytten som avira->jeg bør avinstallere defence? Prøv og ha den på,husk at det tar en stund før den lærer alt. Du kan disable den høyereklikk ikon "defence+ disable" Nod32 blokker med sitt ThreatSense system. Defor har jeg den ikke på. Tenkte på om den melding kom på en webside eller flere. Endret 20. mars 2008 av SNIPPSAT Lenke til kommentar
sommer87 Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 hvis du ser på forrige post, ser du to bilder. det ene er et eksempel på hvor cid-en går. skal prøve å poste tilsvarende bilder for andre cid-er som kommer opp Lenke til kommentar
sommer87 Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 så defence gjør samme nytten som avira->jeg bør avinstallere defence? Prøv og ha den på,husk at det tar en stund før den lærer alt. Du kan disable den høyereklikk ikon "defence+ disable" Nod32 blokker med sitt ThreatSense system. Defor har jeg den ikke på. Tenkte på om den melding kom på en webside eller flere. virker jo ikke som at det er noe ende på hvor mange hosts.xyz-filer den skal komme med. hver eneste gang er det ett nytt etternavn. Er det grunn til å tro at det er noe galt med dette? Lenke til kommentar
snippsat Skrevet 20. mars 2008 Del Skrevet 20. mars 2008 (endret) Kom til og tenke på nolop glemte den. http://www.precisesecurity.com/adware-spy/cidpu.htm Kjør combofix en gang til fikk ikke med hele loggen sist. Hadde en instruks liggende. Hent NoLop legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. Ha på popup blokkering. Verktøy->popup blokkering Cookie som dette. Verktøy->personvern->avansert->tredjepart informasjonkapsel blokkere Førstepart informasjonkapsel godta Endret 20. mars 2008 av SNIPPSAT Lenke til kommentar
sommer87 Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 (endret) hvor ble det av de hjt-linjene? skal jeg ikke fjerne dem likavel? kjører nolop nå. skal det vere noen logg til dette? Klikk for å se/fjerne innholdet nedenfor NoLop! Log by Skate_Punk_21 Please Note: any existing old logs will have now been renamed to NoLop!OLD.log Fix running from: C:\Documents and Settings\gunn beate gjengedal\Skrivebord [20.03.08] [11:51:38] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\ABF65BED9189CE09.job Beginning Removal... Rebooting... Removing Lop's Leftover Files/Folders... Editing Registry... **Fix Complete!** ---Listing AppData sub directories--- *fikk i skrivende stund ny cid (se vedliegg) *dobbeltsjekker at pop-up blokk fertsatt er på (var det fra før). Går deretter inn i avansert, og fjerner klarerte områder* *ny type popup: http://www.be2.no/?partnerid=NO0308DDA01* *kjører combofix* edit: rett etterpå, ny cid Endret 20. mars 2008 av irritert Lenke til kommentar
sommer87 Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 (endret) nå har jeg prøvd combofix en gang i normalmodus, og 3 ganger i sikkermodus, og hvergang har det kommet blåskjerm når den er på omtrent step 2. meldingen er som følger: invalid_process_attach_attempt teknisk informasjon *** STOP: 0x00000005 (0x86470630, 0x867c6830, 0x00000001, 0x864703B8) dumper fysisk minne til disk.: [tall som teller opp til mer enn 60] now what? edit: coocie blokert tredjepart infokapsel blokkert. førstepart godtatt Endret 20. mars 2008 av irritert Lenke til kommentar
snippsat Skrevet 20. mars 2008 Del Skrevet 20. mars 2008 (endret) Ahh greide ikke nolop og fjerne dette. Kjør nolop i flere også i sikkerhetmodus. Fant en job fil ser jeg. Husk og renske host filen etter dette. Denne gjør det samme som combofix. Hent Deckard legg på skrivebord. Kjør dss.exe og følge veiledningen. Når scanningen er ferdig, åpnes det en logg (main.txt). Den kopierer du og poster Endret 20. mars 2008 av SNIPPSAT Lenke til kommentar
sommer87 Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 *kjører nolop i vanlig modus* ingen feil funnet (mer kommer) Lenke til kommentar
sommer87 Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 kom to logger med det programmet: Klikk for å se/fjerne innholdet nedenfor Klikk for å se/fjerne innholdet nedenfor Deckard's System Scanner v20071014.68Run by gunn beate gjengedal on 2008-03-20 18:02:13 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 3 Restore Point(s) -- 3: 2008-03-20 17:02:17 UTC - RP3 - Deckard's System Scanner Restore Point 2: 2008-03-20 02:00:30 UTC - RP2 - Software Distribution Service 3.0 1: 2008-03-20 00:25:22 UTC - RP1 - Kontrollpunkt for system Backed up registry hives. Performed disk cleanup. -- HijackThis (run as gunn beate gjengedal.exe) -------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:03, on 2008-03-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\Apoint2K\Apoint.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programfiler\COMODO\Firewall\cfp.exe C:\Programfiler\RALINK\Common\RaUI.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Apoint2K\Apntex.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\Programfiler\COMODO\Firewall\cmdagent.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\gunn beate gjengedal\Skrivebord\dss.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\gunn beate gjengedal.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\COMODO\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [show obj] C:\DOCUME~1\GUNNBE~1\PROGRA~1\CDROML~1\bolt cake spam.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programfiler\COMODO\Firewall\cmdagent.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5778 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080319-195159-137 O4 - HKLM\..\Run: [find trust seek mail] C:\Documents and Settings\All Users\Programdata\Defy Memo Find Trust\curb drive.exe backup-20080319-195159-789 O4 - HKCU\..\Run: [show obj] C:\DOCUME~1\GUNNBE~1\PROGRA~1\CDROML~1\bolt cake spam.exe backup-20080319-232215-130 O4 - Global Startup: BTTray.lnk = ? backup-20080319-232215-138 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) backup-20080319-232215-204 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?1691ae2a199d4d5387a07cf52e7f745f backup-20080319-232215-227 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com backup-20080319-232215-273 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com backup-20080319-232215-287 O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll backup-20080319-232215-324 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger backup-20080319-232215-339 O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName backup-20080319-232215-422 O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm backup-20080319-232215-584 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC backup-20080319-232215-591 O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 backup-20080319-232215-607 O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto backup-20080319-232215-638 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com backup-20080319-232215-664 O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?1691ae2a199d4d5387a07cf52e7f745f backup-20080319-232215-922 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll backup-20080319-232215-960 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 rtl8139 (Realtek RTL8139(A/B/C)-basert PCI Fast Ethernet-kort NT-driver) - c:\windows\system32\drivers\rtl8139.sys (file missing) S3 SASENUM - c:\programfiler\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\programfiler\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler> S3 hpqwmi (HP WMI Interface) - c:\programfiler\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318} Description: Standard diskettkontroller Device ID: ROOT\*PNP0700\1_0_13_0_0_0 Manufacturer: (Standard diskettkontrollere) Name: Standard diskettkontroller PNP Device ID: ROOT\*PNP0700\1_0_13_0_0_0 Service: fdc -- Scheduled Tasks ------------------------------------------------------------- 2008-03-20 18:03:00 282 --a------ C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job -- Files created between 2008-02-20 and 2008-03-20 ----------------------------- 2008-03-20 18:00:21 106 --a------ C:\delete.bat 2008-03-20 12:28:27 0 d-------- C:\ComboFixc 2008-03-20 12:16:00 68096 --a------ C:\WINDOWS\system32\zip.exe 2008-03-20 12:16:00 98816 --a------ C:\WINDOWS\system32\sed.exe 2008-03-20 12:16:00 80412 --a------ C:\WINDOWS\system32\grep.exe 2008-03-20 12:16:00 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-03-20 11:51:53 0 d-------- C:\NoLopBackups 2008-03-20 01:05:14 0 d-------- C:\Programfiler\COMODO 2008-03-19 23:07:45 1154 --a------ C:\WINDOWS\mozver.dat 2008-03-19 22:27:46 0 d-------- C:\Programfiler\Avira 2008-03-19 21:54:46 0 d-------- C:\WINDOWS\pss 2008-03-19 18:02:06 0 d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-19 18:01:47 0 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-19 17:39:51 0 d-------- C:\Programfiler\CCleaner 2008-03-19 17:28:28 0 d-------- C:\Programfiler\Trend Micro 2008-03-19 17:25:06 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-12 17:38:01 0 d-------- C:\Programfiler\Macrogaming 2008-03-12 00:18:45 0 d-------- C:\Programfiler\CDROM LESS 2008-03-11 12:55:02 0 d-------- C:\Programfiler\Windows Media Connect 2 2008-03-11 12:53:11 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-03-11 12:42:19 0 d-------- C:\My Downloads 2008-03-11 12:18:17 0 d-------- C:\Programfiler\DivX 2008-03-11 12:17:43 0 d-------- C:\Programfiler\Yahoo! 2008-03-11 12:14:48 0 d-------- C:\Programfiler\Get-Torrent 2008-03-04 12:28:08 0 d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2008-03-03 23:10:11 0 d-------- C:\Programfiler\The_Pirate_Bay 2008-03-03 23:10:11 0 d-------- C:\Programfiler\Conduit 2008-03-03 22:09:52 0 d-------- C:\Programfiler\uTorrent 2008-03-03 16:59:40 0 d-------- C:\WINDOWS\system32\PreInstall 2008-03-02 18:14:38 290897 --a------ C:\WINDOWS\system32\Install6x.dll <Not Verified; ; Install Dynamic Link Library> 2008-03-02 18:14:38 8192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin 2008-03-02 18:14:38 8192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin 2008-03-02 18:14:38 8192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin 2008-03-02 18:14:38 243328 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS <Not Verified; Ralink Technology Inc.; RT2500 802.11g Wireless Adapters> 2008-03-02 18:14:38 311296 --a------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application> 2008-03-02 18:14:38 162 --a------ C:\WINDOWS\filespec6x 2008-02-25 20:48:10 0 d-------- C:\Programfiler\RALINK 2008-02-22 22:08:30 0 d-------- C:\WINDOWS\system32\LogFiles 2008-02-22 20:43:18 0 d-------- C:\Programfiler\Windows Live Toolbar 2008-02-22 20:42:19 0 d-------- C:\Programfiler\MSN Messenger 2008-02-22 20:08:01 0 d-------- C:\Programfiler\LimeWire 2008-02-22 18:52:38 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-02-21 03:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 03:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-02-21 03:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-02-21 03:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-02-21 03:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-02-21 03:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll -- Find3M Report --------------------------------------------------------------- 2008-03-20 14:25:03 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\uTorrent 2008-03-20 01:05:18 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Comodo 2008-03-19 23:40:15 0 d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2008-03-19 22:55:04 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS 2008-03-19 22:05:48 0 d-------- C:\Programfiler\QuickTime 2008-03-19 18:02:06 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\SUPERAntiSpyware.com 2008-03-19 18:01:47 0 d-------- C:\Programfiler\Fellesfiler 2008-03-19 17:24:43 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Mozilla 2008-03-14 01:08:59 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\DivX 2008-03-11 14:55:59 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\LimeWire 2008-03-11 12:18:46 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Yahoo! 2008-03-04 12:51:28 384784 --a------ C:\WINDOWS\system32\perfh014.dat 2008-03-04 12:51:28 60326 --a------ C:\WINDOWS\system32\perfc014.dat 2008-03-02 23:20:57 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Adobe 2008-03-02 18:13:37 0 d--h----- C:\Programfiler\InstallShield Installation Information 2008-02-22 19:14:46 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Help 2008-02-22 19:13:22 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Macromedia 2008-02-19 13:08:59 0 d-------- C:\Programfiler\Hewlett-Packard 2008-02-19 13:08:58 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\InstallShield 2008-02-19 11:10:53 0 d-------- C:\Programfiler\InterVideo 2008-02-19 11:09:52 0 d-------- C:\Programfiler\HPQ 2008-01-25 11:53:50 23424 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-01-23 23:55:50 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\InterVideo 2008-01-23 18:50:40 0 d-------- C:\Programfiler\Intel 2008-01-23 17:39:25 0 d-------- C:\Programfiler\Microsoft IntelliPoint 2008-01-23 16:34:54 0 d-------- C:\Programfiler\Fellesfiler\ODBC 2008-01-23 16:34:50 0 d-------- C:\Programfiler\Fellesfiler\SpeechEngines 2008-01-23 16:32:33 62 --ahs---- C:\Documents and Settings\gunn beate gjengedal\Programdata\desktop.ini 2008-01-23 16:27:15 0 d-------- C:\Programfiler\Messenger 2008-01-23 16:20:27 0 d-------- C:\Programfiler\Java 2008-01-23 16:19:56 0 d-------- C:\Programfiler\Fellesfiler\Java 2008-01-23 16:19:28 0 d-------- C:\Programfiler\Fellesfiler\InstallShield 2008-01-23 16:18:18 0 d-------- C:\Programfiler\Fellesfiler\TiVo Shared 2008-01-23 16:18:15 0 d-------- C:\Programfiler\Sonic 2008-01-23 16:17:38 0 d-------- C:\Programfiler\Fellesfiler\SureThing Shared 2008-01-23 16:17:26 0 d-------- C:\Programfiler\Fellesfiler\Sonic Shared 2008-01-23 16:15:05 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Apple Computer 2008-01-23 16:09:54 0 d-------- C:\Programfiler\Hp 2008-01-23 15:57:32 0 d-------- C:\Programfiler\ATI Technologies 2008-01-23 15:56:29 0 d-------- C:\Programfiler\Apoint2K 2008-01-23 15:52:33 0 d-------- C:\Programfiler\WIDCOMM 2008-01-23 15:51:12 0 d-------- C:\Programfiler\Analog Devices 2008-01-23 15:49:21 0 d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Identities 2008-01-23 15:43:12 0 d-------- C:\Programfiler\microsoft frontpage 2008-01-23 15:43:05 0 -rahs---- C:\MSDOS.SYS 2008-01-23 15:43:05 0 -rahs---- C:\IO.SYS 2008-01-23 15:43:05 0 --a------ C:\CONFIG.SYS 2008-01-23 15:43:05 0 --a------ C:\AUTOEXEC.BAT 2008-01-23 15:41:50 0 d--h----- C:\Programfiler\WindowsUpdate 2008-01-23 15:41:46 0 d-------- C:\Programfiler\Elektroniske tjenester 2008-01-23 15:40:52 0 d-------- C:\Programfiler\Fellesfiler\Tjenester 2008-01-23 15:40:47 0 d-------- C:\Programfiler\Fellesfiler\MSSoap 2008-01-23 15:40:36 0 d-------- C:\Programfiler\Movie Maker 2008-01-23 15:39:03 0 d-------- C:\Programfiler\MSN Gaming Zone 2008-01-23 15:38:52 0 d-------- C:\Programfiler\Windows NT -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 08:27] "Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2005-02-08 17:38] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-20 21:15] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-03-29 14:45] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2005-03-24 00:26] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 13:00] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 11:12 C:\WINDOWS\AGRSMMSG.exe] "avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 22:50] "COMODO Firewall Pro"="C:\Programfiler\COMODO\Firewall\cfp.exe" [2008-03-20 01:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Show obj"="C:\DOCUME~1\GUNNBE~1\PROGRA~1\CDROML~1\bolt cake spam.exe" [2008-03-12 00:18] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\Common\RaUI.exe [2008-03-02 18:14:46] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "disableregistrytools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe -- End of Deckard's System Scanner: finished at 2008-03-20 18:04:19 ------------ Klikk for å se/fjerne innholdet nedenfor Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: Norwegian CPU 0: Intel® Pentium® M processor 1.60GHz Percentage of Memory in Use: 34% Physical Memory (total/avail): 1022.43 MiB / 671.16 MiB Pagefile Memory (total/avail): 2459.65 MiB / 2106.16 MiB Virtual Memory (total/avail): 2047.88 MiB / 1931.66 MiB C: is Fixed (NTFS) - 14.65 GiB total, 6.57 GiB free. D: is Fixed (NTFS) - 59.87 GiB total, 53.06 GiB free. E: is CDROM (UDF) \\.\PHYSICALDRIVE0 - ST9808210A - 74.53 GiB - 2 partitions \PARTITION0 (bootable) - Installerbart filsystem - 14.65 GiB - C: \PARTITION1 - Utvidet med Extended Int 13 - 59.87 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. UpdatesDisableNotify is set. FW: COMODO Firewall Pro v3.0 (COMODO) AV: Avira AntiVir PersonalEdition v 7.0.3.55 (Avira GmbH) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\musikk\\LimeWire\\LimeWire.exe"="D:\\musikk\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Programfiler\\Messenger\\msmsgs.exe"="C:\\Programfiler\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Programfiler\\LimeWire\\LimeWire.exe"="C:\\Programfiler\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Programfiler\\MSN Messenger\\livecall.exe"="C:\\Programfiler\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Programfiler\\uTorrent\\uTorrent.exe"="C:\\Programfiler\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\gunn beate gjengedal\Programdata CLIENTNAME=Console CommonProgramFiles=C:\Programfiler\Fellesfiler COMPUTERNAME=GUNN-4213D0715D ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\gunn beate gjengedal LOGONSERVER=\\GUNN-4213D0715D NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programfiler\ATI Technologies\ATI Control Panel PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0d08 ProgramFiles=C:\Programfiler PROMPT=$P$G SESSIONNAME=Console SonicCentral=C:\Programfiler\Fellesfiler\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\GUNNBE~1\LOKALE~1\Temp TMP=C:\DOCUME~1\GUNNBE~1\LOKALE~1\Temp USERDOMAIN=GUNN-4213D0715D USERNAME=gunn beate gjengedal USERPROFILE=C:\Documents and Settings\gunn beate gjengedal windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- gunn beate gjengedal (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 6.0.1 - Norsk --> MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A00000000001} Agere Systems AC'97 Modem --> agrsmdel ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL ATI - Avinstalleringsverktøy for Programvaren --> C:\Programfiler\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Control Panel --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean µTorrent --> "C:\Programfiler\uTorrent\uTorrent.exe" /UNINSTALL Avira AntiVir PersonalEdition Classic --> C:\Programfiler\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Broadcom 802.11 Wireless LAN Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo CCleaner (remove only) --> "C:\Programfiler\CCleaner\uninst.exe" CiD Help --> C:\DOCUME~1\GUNNBE~1\PROGRA~1\CDROML~1\bolt cake spam.exe -uninstall COMODO Firewall Pro --> C:\Programfiler\COMODO\Firewall\cfpconfg.exe -u DivX Codec --> C:\Programfiler\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Programfiler\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Programfiler\DivX\DivXConverterUninstall.exe /CONVERTER Feed-detektor for Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{3DD6C97A-4300-4B0A-AE3A-2419C0583B31} Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Help and Support --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x14 -removeonly HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679} HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Wireless Assistant 2.00 C1 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\Setup.exe" -l0x14 hpquninst HP_User_Guides_0005 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{29F3E29B-4B0F-4485-9A48-1A48F3F47247}\setup.exe" -l0x14 -removeonly InterVideo WinDVD --> "C:\Programfiler\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040} LimeWire 4.16.6 --> "C:\Programfiler\LimeWire\uninstall.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mozilla Firefox (2.0.0.12) --> C:\Programfiler\Mozilla Firefox\uninstall\helper.exe OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{037E9698-C8E7-44A7-8F04-0234760B7F2D} Oppdatering for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Oppdatering for Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe" Popup-blokkering (Windows Live Toolbar) --> MsiExec.exe /X{B32FC5AF-763A-4963-9F94-BCEB3E8F879D} Quick Launch Buttons 5.10 B5 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x14 -uninst Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x14 REMOVE Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Sikkerhetsoppdatering for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Sikkerhetsoppdatering for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Smartmenyer (Windows Live Toolbar) --> MsiExec.exe /X{71750192-A105-4D7B-8AB9-19D8BF423CEA} Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SoundMAX --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x14 -removeonly SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\FELLES~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1} /l1033 Utvidelse for Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{D92258A2-306A-4D6E-877B-0E7F8546553F} Vis fliker (Windows Live Toolbar) --> MsiExec.exe /X{6E3BCBE0-9FC7-4E2F-B0A1-848721C9215A} Windows Live Messenger --> MsiExec.exe /I{B4C75EAB-B1B8-4120-B9AF-0852EAE4A434} Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{175AE50D-A2D5-422D-9650-BFCCD9A13ABA} Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Live Toolbar --> "C:\Programfiler\Windows Live Toolbar\UnInstall.exe" {2453396B-8129-4003-B304-9E2BCE5B01A3} Windows Live Toolbar --> MsiExec.exe /X{2453396B-8129-4003-B304-9E2BCE5B01A3} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP hurtigreparasjon - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB883667 --> C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB884575 --> C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB885464 --> C:\WINDOWS\$NtUninstallKB885464$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB885855 --> C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP hurtigreparasjon - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP hurtigreparasjon - KB892559 --> "C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type1748 / Success Event Submitted/Written: 03/20/2008 09:47:37 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type1678 / Error Event Submitted/Written: 03/19/2008 08:47:02 PM Event ID/Source: 8 / crypt32 Event Description: Kan ikke automatisk oppdatere henting av tredjeparts rotlistesekvensnummer fra: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> med feil: Kan ikke kontrollere serverens navn eller adresse Event Record #/Type1671 / Success Event Submitted/Written: 03/19/2008 08:02:19 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type1656 / Warning Event Submitted/Written: 03/19/2008 07:53:24 PM Event ID/Source: 1524 / Userenv Event Description: Windows kan ikke laste ut register filen for klasser. Den er fortsatt i bruk av andre programmer eller andre tjenester. Filen lastes ut når den ikke lenger er i bruk. Event Record #/Type1655 / Error Event Submitted/Written: 03/19/2008 07:30:56 PM Event ID/Source: 8 / crypt32 Event Description: Kan ikke automatisk oppdatere henting av tredjeparts rotlistesekvensnummer fra: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> med feil: Kan ikke kontrollere serverens navn eller adresse -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type1939 / Warning Event Submitted/Written: 03/20/2008 02:17:49 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP har nådd sikkerhetsbegrensningen for antall samtidige TCP-tilkoblingsforsøk. Event Record #/Type1934 / Error Event Submitted/Written: 03/20/2008 00:44:18 PM Event ID/Source: 1003 / System Error Event Description: Feilkode 00000005, parameter1 86470630, parameter2 867c6830, parameter3 00000001, parameter4 864703b8. Event Record #/Type1933 / Error Event Submitted/Written: 03/20/2008 00:44:15 PM Event ID/Source: 1003 / System Error Event Description: Feilkode 00000005, parameter1 84f947c0, parameter2 865c6830, parameter3 00000001, parameter4 84e6e020. Event Record #/Type1932 / Error Event Submitted/Written: 03/20/2008 00:44:02 PM Event ID/Source: 1003 / System Error Event Description: Feilkode 00000005, parameter1 8648f7c8, parameter2 867c6830, parameter3 00000001, parameter4 864a26e8. Event Record #/Type1911 / Error Event Submitted/Written: 03/20/2008 00:35:32 PM Event ID/Source: 10005 / DCOM Event Description: DCOM fikk feilen "%%1084" ved forsøk på å starte tjenesten netman med argument "" for å kunne kjøre server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} -- End of Deckard's System Scanner: finished at 2008-03-20 18:04:19 ------------ skal kjøre nolop i sikkerhetsmodus med brukeren min, og brukeren administrator... Lenke til kommentar
sommer87 Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 (endret) nolop fant ingenting verken på administrator eller brukeren min i sikkerhetsmodus. logg fra dss i sikkerhetsmodus, hvis dere skulle trenge det: Klikk for å se/fjerne innholdet nedenfor Deckard's System Scanner v20071014.68Run by Administrator on 2008-03-20 18:18:39 Computer is in Safe Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:18:47, on 20.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Administrator\Skrivebord\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programfiler\COMODO\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Programfiler\COMODO\Firewall\cmdagent.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 4954 bytes -- Files created between 2008-02-20 and 2008-03-20 ----------------------------- 2008-03-20 18:00:21 212 --a------ C:\delete.bat 2008-03-20 12:28:27 0 d-------- C:\ComboFixc 2008-03-20 12:16:00 68096 --a------ C:\WINDOWS\system32\zip.exe 2008-03-20 12:16:00 98816 --a------ C:\WINDOWS\system32\sed.exe 2008-03-20 12:16:00 80412 --a------ C:\WINDOWS\system32\grep.exe 2008-03-20 12:16:00 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-03-20 11:51:53 0 d-------- C:\NoLopBackups 2008-03-20 01:05:14 0 d-------- C:\Programfiler\COMODO 2008-03-19 23:07:45 1154 --a------ C:\WINDOWS\mozver.dat 2008-03-19 22:27:46 0 d-------- C:\Programfiler\Avira 2008-03-19 21:54:46 0 d-------- C:\WINDOWS\pss 2008-03-19 18:02:06 0 d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-19 18:01:47 0 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-19 17:39:51 0 d-------- C:\Programfiler\CCleaner 2008-03-19 17:28:28 0 d-------- C:\Programfiler\Trend Micro 2008-03-19 17:25:06 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-12 17:38:01 0 d-------- C:\Programfiler\Macrogaming 2008-03-12 00:18:45 0 d-------- C:\Programfiler\CDROM LESS 2008-03-11 12:55:02 0 d-------- C:\Programfiler\Windows Media Connect 2 2008-03-11 12:53:11 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-03-11 12:42:19 0 d-------- C:\My Downloads 2008-03-11 12:18:17 0 d-------- C:\Programfiler\DivX 2008-03-11 12:17:43 0 d-------- C:\Programfiler\Yahoo! 2008-03-11 12:14:48 0 d-------- C:\Programfiler\Get-Torrent 2008-03-04 12:28:08 0 d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2008-03-03 23:10:11 0 d-------- C:\Programfiler\The_Pirate_Bay 2008-03-03 23:10:11 0 d-------- C:\Programfiler\Conduit 2008-03-03 22:09:52 0 d-------- C:\Programfiler\uTorrent 2008-03-03 16:59:40 0 d-------- C:\WINDOWS\system32\PreInstall 2008-03-02 18:14:38 290897 --a------ C:\WINDOWS\system32\Install6x.dll <Not Verified; ; Install Dynamic Link Library> 2008-03-02 18:14:38 8192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin 2008-03-02 18:14:38 8192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin 2008-03-02 18:14:38 8192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin 2008-03-02 18:14:38 243328 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS <Not Verified; Ralink Technology Inc.; RT2500 802.11g Wireless Adapters> 2008-03-02 18:14:38 311296 --a------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application> 2008-03-02 18:14:38 162 --a------ C:\WINDOWS\filespec6x 2008-02-25 20:48:10 0 d-------- C:\Programfiler\RALINK 2008-02-22 22:08:30 0 d-------- C:\WINDOWS\system32\LogFiles 2008-02-22 20:43:18 0 d-------- C:\Programfiler\Windows Live Toolbar 2008-02-22 20:42:19 0 d-------- C:\Programfiler\MSN Messenger 2008-02-22 20:08:01 0 d-------- C:\Programfiler\LimeWire 2008-02-22 18:52:38 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-02-21 03:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 03:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-02-21 03:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-02-21 03:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-02-21 03:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-02-21 03:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll -- Find3M Report --------------------------------------------------------------- 2008-03-19 23:40:15 0 d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2008-03-19 22:05:48 0 d-------- C:\Programfiler\QuickTime 2008-03-19 18:01:47 0 d-------- C:\Programfiler\Fellesfiler 2008-03-04 12:51:28 384784 --a------ C:\WINDOWS\system32\perfh014.dat 2008-03-04 12:51:28 60326 --a------ C:\WINDOWS\system32\perfc014.dat 2008-03-02 18:13:37 0 d--h----- C:\Programfiler\InstallShield Installation Information 2008-02-19 13:08:59 0 d-------- C:\Programfiler\Hewlett-Packard 2008-02-19 11:10:53 0 d-------- C:\Programfiler\InterVideo 2008-02-19 11:09:52 0 d-------- C:\Programfiler\HPQ 2008-01-25 11:53:50 23424 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-01-25 11:46:26 62 --ahs---- C:\Documents and Settings\Administrator\Programdata\desktop.ini 2008-01-23 18:50:40 0 d-------- C:\Programfiler\Intel 2008-01-23 17:39:25 0 d-------- C:\Programfiler\Microsoft IntelliPoint 2008-01-23 16:34:54 0 d-------- C:\Programfiler\Fellesfiler\ODBC 2008-01-23 16:34:50 0 d-------- C:\Programfiler\Fellesfiler\SpeechEngines 2008-01-23 16:27:15 0 d-------- C:\Programfiler\Messenger 2008-01-23 16:20:27 0 d-------- C:\Programfiler\Java 2008-01-23 16:19:56 0 d-------- C:\Programfiler\Fellesfiler\Java 2008-01-23 16:19:28 0 d-------- C:\Programfiler\Fellesfiler\InstallShield 2008-01-23 16:18:18 0 d-------- C:\Programfiler\Fellesfiler\TiVo Shared 2008-01-23 16:18:15 0 d-------- C:\Programfiler\Sonic 2008-01-23 16:17:38 0 d-------- C:\Programfiler\Fellesfiler\SureThing Shared 2008-01-23 16:17:26 0 d-------- C:\Programfiler\Fellesfiler\Sonic Shared 2008-01-23 16:09:54 0 d-------- C:\Programfiler\Hp 2008-01-23 15:57:32 0 d-------- C:\Programfiler\ATI Technologies 2008-01-23 15:56:29 0 d-------- C:\Programfiler\Apoint2K 2008-01-23 15:52:33 0 d-------- C:\Programfiler\WIDCOMM 2008-01-23 15:51:12 0 d-------- C:\Programfiler\Analog Devices 2008-01-23 15:43:12 0 d-------- C:\Programfiler\microsoft frontpage 2008-01-23 15:43:05 0 -rahs---- C:\MSDOS.SYS 2008-01-23 15:43:05 0 -rahs---- C:\IO.SYS 2008-01-23 15:43:05 0 --a------ C:\CONFIG.SYS 2008-01-23 15:43:05 0 --a------ C:\AUTOEXEC.BAT 2008-01-23 15:41:50 0 d--h----- C:\Programfiler\WindowsUpdate 2008-01-23 15:41:46 0 d-------- C:\Programfiler\Elektroniske tjenester 2008-01-23 15:40:52 0 d-------- C:\Programfiler\Fellesfiler\Tjenester 2008-01-23 15:40:47 0 d-------- C:\Programfiler\Fellesfiler\MSSoap 2008-01-23 15:40:36 0 d-------- C:\Programfiler\Movie Maker 2008-01-23 15:39:03 0 d-------- C:\Programfiler\MSN Gaming Zone 2008-01-23 15:38:52 0 d-------- C:\Programfiler\Windows NT -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [14.10.2004 09:11] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [06.08.2004 08:27] "Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [08.02.2005 17:38] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [20.06.2005 21:15] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [29.03.2005 14:45] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [16.02.2005 23:11] "eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [03.12.2004 13:24] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [24.03.2005 00:26] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04.08.2004 13:00] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [13.12.2005 16:45] "AGRSMMSG"="AGRSMMSG.exe" [13.04.2005 11:12 C:\WINDOWS\AGRSMMSG.exe] "avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [19.03.2008 22:50] "COMODO Firewall Pro"="C:\Programfiler\COMODO\Firewall\cfp.exe" [20.03.2008 01:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [04.08.2004 13:00] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\Common\RaUI.exe [02.03.2008 18:14:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe -- End of Deckard's System Scanner: finished at 2008-03-20 18:19:18 ------------ hostfila er det ikke noe nytt i... Endret 20. mars 2008 av irritert Lenke til kommentar
norbat Skrevet 20. mars 2008 Del Skrevet 20. mars 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Folder:: C:\Programfiler\CDROM LESS C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS C:\Programfiler\Macrogaming Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Show obj"=- Post loggen og fortell hvordan det går med CiD Lenke til kommentar
sommer87 Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 (endret) Klikk for å se/fjerne innholdet nedenfor aComboFix 08-03-18.1 - gunn beate gjengedal 2008-03-20 18:39:51.3 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.652 [GMT 1:00] Running from: C:\Documents and Settings\gunn beate gjengedal\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\gunn beate gjengedal\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS\0 C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS\bolt cake spam.exe C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS\qgdhmpvq.exe C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS\tlsnposf.exe C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS\Usermessdebug.exe C:\Documents and Settings\gunn beate gjengedal\Programdata\CDROM LESS\uvrqppza.exe C:\Programfiler\CDROM LESS C:\Programfiler\Macrogaming C:\Programfiler\Macrogaming\SweetIM\conf\users\[email protected]\emoticons_shortcut.xml C:\Programfiler\Macrogaming\SweetIM\conf\users\[email protected]\lastuse_Emoticons.xml C:\Programfiler\Macrogaming\SweetIM\conf\users\[email protected]\user_config.xml C:\Programfiler\Macrogaming\SweetIM\conf\users\main_user_config.xml C:\Programfiler\Macrogaming\SweetIM\data\contentdb\000100B9.dat C:\Programfiler\Macrogaming\SweetIM\data\contentdb\0001089B.dat C:\Programfiler\Macrogaming\SweetIM\data\contentdb\00020071.dat C:\Programfiler\Macrogaming\SweetIM\data\contentdb\0002013F.dat C:\Programfiler\Macrogaming\SweetIM\data\contentdb\00020185.dat C:\Programfiler\Macrogaming\SweetIM\data\contentdb\00040029.dat C:\Programfiler\Macrogaming\SweetIM\data\contentdb\0004002B.dat C:\Programfiler\Macrogaming\SweetIM\data\contentdb\cache_indx.dat . ((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))) . 2008-03-20 18:01 . 2008-03-20 18:01 <DIR> d-------- C:\Deckard 2008-03-20 18:00 . 2008-03-20 18:21 318 --a------ C:\delete.bat 2008-03-20 11:51 . 2008-03-20 11:53 <DIR> d-------- C:\NoLopBackups 2008-03-20 03:02 . 2006-11-15 10:45 315,904 --a--c--- C:\WINDOWS\system32\dllcache\unregmp2.exe 2008-03-20 01:05 . 2008-03-20 01:05 <DIR> d-------- C:\Programfiler\COMODO 2008-03-20 01:05 . 2008-03-20 01:05 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Comodo 2008-03-20 01:05 . 2008-03-20 01:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\comodo 2008-03-20 01:05 . 2008-03-20 01:05 139,008 --a------ C:\WINDOWS\system32\guard32.dll 2008-03-20 01:05 . 2008-03-20 01:05 85,112 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys 2008-03-20 01:05 . 2008-03-20 01:05 23,800 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys 2008-03-19 23:59 . 2008-03-20 18:38 <DIR> dr-h----- C:\Documents and Settings\gunn beate gjengedal\Siste 2008-03-19 23:07 . 2008-03-19 23:07 1,154 --a------ C:\WINDOWS\mozver.dat 2008-03-19 22:27 . 2008-03-19 22:27 <DIR> d-------- C:\Programfiler\Avira 2008-03-19 22:27 . 2008-03-19 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avira 2008-03-19 22:00 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-03-19 22:00 . 2001-10-06 13:36 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-03-19 21:58 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-03-19 21:58 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-03-19 18:02 . 2008-03-19 18:02 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-19 18:02 . 2008-03-19 18:02 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\SUPERAntiSpyware.com 2008-03-19 18:02 . 2008-03-19 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-19 18:01 . 2008-03-19 18:01 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-19 17:39 . 2008-03-19 17:39 <DIR> d-------- C:\Programfiler\CCleaner 2008-03-19 17:28 . 2008-03-19 17:28 <DIR> d-------- C:\Programfiler\Trend Micro 2008-03-19 17:25 . 2008-03-19 17:25 0 --a------ C:\WINDOWS\nsreg.dat 2008-03-12 00:18 . 2008-03-12 00:18 680,960 --a------ C:\WINDOWS\isRS-000.tmp 2008-03-11 12:55 . 2008-03-11 12:55 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-03-11 12:53 . 2008-03-20 14:23 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-03-11 12:42 . 2008-03-14 00:18 <DIR> d-------- C:\My Downloads 2008-03-11 12:23 . 2008-03-14 01:08 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\DivX 2008-03-11 12:18 . 2008-03-19 22:00 <DIR> d-------- C:\Programfiler\DivX 2008-03-11 12:18 . 2008-03-11 12:18 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\Yahoo! 2008-03-11 12:18 . 2008-02-21 03:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-03-11 12:18 . 2008-02-21 03:05 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-03-11 12:18 . 2008-02-21 03:05 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2008-03-11 12:18 . 2008-02-21 03:05 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-03-11 12:18 . 2008-02-21 03:05 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-03-11 12:17 . 2008-03-19 22:02 <DIR> d-------- C:\Programfiler\Yahoo! 2008-03-11 12:15 . 2008-03-12 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Defy Memo Find Trust 2008-03-11 12:14 . 2008-03-19 22:02 <DIR> d-------- C:\Programfiler\Get-Torrent 2008-03-11 12:12 . 2008-03-11 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Protexis 2008-03-08 09:44 . 2008-03-08 09:44 268 --ah----- C:\sqmdata00.sqm 2008-03-08 09:44 . 2008-03-08 09:44 244 --ah----- C:\sqmnoopt00.sqm 2008-03-04 12:28 . 2008-03-04 12:28 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2008-03-03 23:10 . 2008-03-19 21:53 <DIR> d-------- C:\Programfiler\The_Pirate_Bay 2008-03-03 23:10 . 2008-03-19 21:53 <DIR> d-------- C:\Programfiler\Conduit 2008-03-03 22:09 . 2008-03-03 22:09 <DIR> d-------- C:\Programfiler\uTorrent 2008-03-03 22:09 . 2008-03-20 14:25 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Programdata\uTorrent 2008-03-03 16:59 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-03-02 18:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-02 18:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-02 18:15 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-02 18:14 . 2006-03-09 11:33 366,080 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2008-03-02 18:14 . 2005-05-17 15:24 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe 2008-03-02 18:14 . 2006-01-17 14:51 290,897 --a------ C:\WINDOWS\system32\Install6x.dll 2008-03-02 18:14 . 2005-10-20 15:00 243,328 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS 2008-03-02 18:14 . 2008-03-02 18:14 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-03-02 18:14 . 2005-10-26 14:22 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin 2008-03-02 18:14 . 2005-10-26 14:22 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin 2008-03-02 18:14 . 2005-10-26 14:22 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin 2008-03-02 18:14 . 2005-06-16 00:30 162 --a------ C:\WINDOWS\filespec6x 2008-02-25 20:48 . 2008-03-02 18:13 <DIR> d-------- C:\Programfiler\RALINK 2008-02-22 22:08 . 2008-03-11 12:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-02-22 20:45 . 2008-02-22 20:45 <DIR> d---s---- C:\Documents and Settings\gunn beate gjengedal\UserData 2008-02-22 20:43 . 2008-02-22 20:43 <DIR> d-------- C:\Programfiler\Windows Live Toolbar 2008-02-22 20:43 . 2008-02-22 20:43 <DIR> d-------- C:\Documents and Settings\gunn beate gjengedal\Contacts 2008-02-22 20:43 . 2008-02-22 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Windows Live Toolbar 2008-02-22 20:42 . 2008-02-22 20:42 <DIR> d-------- C:\Programfiler\MSN Messenger 2008-02-22 20:08 . 2008-02-22 20:08 <DIR> d-------- C:\Programfiler\LimeWire 2008-02-22 19:34 . 2006-06-01 19:50 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll 2008-02-22 19:34 . 2006-06-01 19:50 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll 2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a------ C:\WINDOWS\system32\divxdec.ax 2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 22:40 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-03-19 21:05 --------- d-----w C:\Programfiler\QuickTime 2008-03-11 13:55 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\LimeWire 2008-03-02 17:13 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-02-19 12:08 --------- d-----w C:\Programfiler\Hewlett-Packard 2008-02-19 12:08 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\InstallShield 2008-02-19 10:12 1,614 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Pavilion dv4000 (EN440EA#ABN)_YN_0Pavi_Q2CE609085Y_EU_46_I309E_SHP_V52.0C_BF.04_T051209_WXH2_L414_M1023_J8 _7Intel_8Pentium M_91.6_#080123_N10EC8139_(EN440EA#ABN)_XMOBILE_CN10_Z8086266D_2_G10025653.MRK 2008-02-19 10:10 --------- d-----w C:\Programfiler\InterVideo 2008-02-19 10:09 --------- d-----w C:\Programfiler\HPQ 2008-01-23 22:55 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\InterVideo 2008-01-23 17:50 --------- d-----w C:\Programfiler\Intel 2008-01-23 16:39 --------- d-----w C:\Programfiler\Microsoft IntelliPoint 2008-01-23 15:20 --------- d-----w C:\Programfiler\Java 2008-01-23 15:19 --------- d-----w C:\Programfiler\Fellesfiler\Java 2008-01-23 15:19 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-01-23 15:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\InstallShield 2008-01-23 15:18 --------- d-----w C:\Programfiler\Sonic 2008-01-23 15:18 --------- d-----w C:\Programfiler\Fellesfiler\TiVo Shared 2008-01-23 15:17 --------- d-----w C:\Programfiler\Fellesfiler\SureThing Shared 2008-01-23 15:17 --------- d-----w C:\Programfiler\Fellesfiler\Sonic Shared 2008-01-23 15:15 --------- d-----w C:\Documents and Settings\gunn beate gjengedal\Programdata\Apple Computer 2008-01-23 15:14 --------- d-----w C:\Documents and Settings\All Users\Programdata\QuickTime 2008-01-23 15:14 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-01-23 15:09 --------- d-----w C:\Programfiler\Hp 2008-01-23 14:57 --------- d-----w C:\Programfiler\ATI Technologies 2008-01-23 14:56 --------- d-----w C:\Programfiler\Apoint2K 2008-01-23 14:52 --------- d-----w C:\Programfiler\WIDCOMM 2008-01-23 14:51 --------- d-----w C:\Programfiler\Analog Devices 2008-01-23 14:43 --------- d-----w C:\Programfiler\microsoft frontpage 2008-01-23 14:41 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-01-23 14:40 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 08:27 860160] "Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2005-02-08 17:38 159744] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-20 21:15 344064] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-03-29 14:45 233534] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2005-03-24 00:26 217088] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 13:00 59392] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45 507904] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 11:12 88209 C:\WINDOWS\AGRSMMSG.exe] "avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 22:50 249896] "COMODO Firewall Pro"="C:\Programfiler\COMODO\Firewall\cfp.exe" [2008-03-20 01:05 1503488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\Common\RaUI.exe [2008-03-02 18:14:46 606208] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Programfiler\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2005-06-03 03:52 36975 C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-02-29 16:03 1481968 C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\musikk\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-03-20 01:05] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-03-20 01:05] . Contents of the 'Scheduled Tasks' folder "2008-03-20 17:03:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-20 18:41:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????3?9?8?-??????? ???B?????????????hLC???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-20 18:41:52 ComboFix-quarantined-files.txt 2008-03-20 17:41:43 . 2008-03-20 02:09:25 --- E O F --- skal bruke maskinen litt, så får dere vite det Endret 20. mars 2008 av irritert Lenke til kommentar
snippsat Skrevet 20. mars 2008 Del Skrevet 20. mars 2008 Hei norbat. Greit og få litt hjelp Lenke til kommentar
sommer87 Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 Hei norbat. Greit og få litt hjelp ja, alltid fint med litt hjelp har ikke fått no cid-er etter siste melding fra norbat Takker SNIPPSAT veldig for hjelpen han har satt av til nå, og selvsagt NORBAT sin siste "killer" kommer tilbake hvis det skulle vere noe mer Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå