brolle Skrevet 22. mai 2008 Del Skrevet 22. mai 2008 Har fått uønskede ting på min maskin og ønsker å høre hvilke tips folket har ang. hjelp til på få dritten fjernet. Det popper opp tilbud om gratis antivirus og skann nå meldinger med jevne mellomrom og det er enormt irriterende. Har Symantec Antivirus Client siden jeg er tilknyttet en server. Har prøvd å oppdatere antivirus,og kjøre full scan i sikkermodus uten hjelp. Har også prøvd Adaware uten at det hjalp. Håper at noen har gode tips på programmer som kan løse problemet mitt. Lenke til kommentar
johome Skrevet 22. mai 2008 Del Skrevet 22. mai 2008 Adaware er dessverre ikke av de beste programmene for å fjerne spyware. Prøv heller SAS Har du tenkt å betale for det , så er Spy Sweeper regnet for å være det beste. Her er det også lurt å scanne i sikker modus. Foreslår at du tar deg en tur innom Dette forumet Ekspertene på dette forumet er meget dyktige med å få bort spyware (Norbat , SNIPPSAT). Lenke til kommentar
josh909 Skrevet 22. mai 2008 Del Skrevet 22. mai 2008 Hvilken programvare du bør bruke avhenger av hvilken type spyware du er infisert av. Det lages ofte spesifikke tools for å ta seg av spesifikke trusler. Har du klart å identifisere hva du plages av? Lenke til kommentar
Stian V.H Skrevet 22. mai 2008 Del Skrevet 22. mai 2008 Sjekk ut siden jeg linker til; oss.Viztnd-ofte stilte spørsmål Lenke til kommentar
johome Skrevet 22. mai 2008 Del Skrevet 22. mai 2008 (endret) Sjekk ut siden jeg linker til; oss.Viztnd-ofte stilte spørsmål Den linken har gått ut på dato. Gammeldagse løsninger , med programmer som ikke finnes mere (Ewido) Endret 22. mai 2008 av johome Lenke til kommentar
Gjest Slettet-t8fn5F Skrevet 22. mai 2008 Del Skrevet 22. mai 2008 Windows defender rydder kraftig opp i OS'et. Er vel enda gratis.... CCleaner kan også hjelpe deg litt på å rydde opp i registret... Lenke til kommentar
snippsat Skrevet 22. mai 2008 Del Skrevet 22. mai 2008 Får jeg par logger så ordner det seg. Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
brolle Skrevet 23. mai 2008 Forfatter Del Skrevet 23. mai 2008 (endret) Her kommer loggen fra HiJackThis Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 07:01:57, on 23.05.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Programfiler\Microsoft SQL Server\MSSQL$MIELE_ETD\Binn\sqlservr.exe C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe C:\Programfiler\Spyware Doctor\pctsAuxs.exe C:\Programfiler\Spyware Doctor\pctsSvc.exe c:\programfiler\lenovo\system update\suservice.exe C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ICO.EXE C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\FSRremoS.EXE C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\THINKV~1\AMSG\amsg.exe C:\WINDOWS\system32\Pelmiced.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Lenovo\AwayTask\AwaySch.EXE C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\Programfiler\Lenovo\SafeGuard PrivateDisk\pdservice.exe C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe C:\Programfiler\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\Atomic Alarm Clock\AtomicAlarmClock.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Programfiler\SPYWAREfighter\spftray.exe C:\Programfiler\SPYWAREfighter\spfprc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [soundMAXPnP] "C:\Programfiler\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AwaySch] C:\Programfiler\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [PDService.exe] "C:\Programfiler\Lenovo\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [cssauth] "C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Programfiler\Google\Gmail Notifier\gnotify.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [iSTray] "C:\Programfiler\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Programfiler\SPYWAREfighter\spftray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skinClock] C:\Programfiler\Atomic Alarm Clock\AtomicAlarmClock.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Programfiler\Lenovo\System Update\sulauncher.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.bleken.no O15 - Trusted Zone: http://www.e-status.info O15 - Trusted Zone: http://www.mab.as O15 - Trusted Zone: *.samsungportal.com O15 - Trusted Zone: http://ok.service-web.no O15 - Trusted Zone: http://rapportering.service-web.no O15 - Trusted Zone: http://www.service-web.no O15 - Trusted Zone: http://ok.service-web.se O15 - Trusted Zone: http://rapportering.service-web.se O15 - Trusted Zone: http://www.service-web.se O15 - Trusted Zone: http://www.bleken.no (HKLM) O15 - Trusted Zone: http://www.e-status.info (HKLM) O15 - Trusted Zone: http://www.mab.as (HKLM) O15 - Trusted Zone: http://ok.service-web.no (HKLM) O15 - Trusted Zone: http://rapportering.service-web.no (HKLM) O15 - Trusted Zone: http://www.service-web.no (HKLM) O15 - Trusted Zone: http://ok.service-web.se (HKLM) O15 - Trusted Zone: http://rapportering.service-web.se (HKLM) O15 - Trusted Zone: http://www.service-web.se (HKLM) O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} (ClientEXE Class) - http://europe.samsungportal.com/EP/web/com...M_ClientEXE.cab O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://server/connectcomputer/nshelp.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210762327495 O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://europe.samsungportal.com/EP/web/com...rustChecker.cab O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} (SSOCheck Class) - http://europe.samsungportal.com/EP/web/com...UniSSOCheck.cab O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://europe.samsungportal.com/EP/web/com...ctiveXSetup.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hes.local O17 - HKLM\Software\..\Telephony: DomainName = hes.local O17 - HKLM\System\CCS\Services\Tcpip\..\{C4967801-6AF9-472F-B990-B05968E02FBE}: NameServer = 192.168.1.10 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hes.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hes.local O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programfiler\SPYWAREfighter\spfprc.exe O23 - Service: System Update (SUService) - - c:\programfiler\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 12679 bytes Klikk for å se/fjerne innholdet nedenfor Får jeg par logger så ordner det seg. Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Endret 23. mai 2008 av brolle Lenke til kommentar
Caze Skrevet 23. mai 2008 Del Skrevet 23. mai 2008 (endret) Hijackthis-loggen så grei ut. Sjekk den selv med denne analyzeren: http://hjt.networktechs.com/ Jeg ville fjernet ctfmon-entries, siden dette KAN være en kilde til grums. Ellers burde du også prøve TrendMicros Housecall (online gratis spyware/antivirus-scanner): http://housecall.trendmicro.com/ Endret 23. mai 2008 av Caze Lenke til kommentar
brolle Skrevet 23. mai 2008 Forfatter Del Skrevet 23. mai 2008 Her kommer også logg fra Combofix. Har prøvd TrendMicro men problemet ble ikke borte. Klikk for å se/fjerne innholdet nedenfor ComboFix 08-05-21.3 - geirs 2008-05-23 7:15:43.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.563 [GMT 2:00] Running from: C:\Documents and Settings\geirs\Skrivebord\Combofix\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\Google\googletoolbar1.dll C:\WINDOWS\BM0769dec2.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\byXonmll.dll C:\WINDOWS\system32\Cache C:\WINDOWS\system32\chslwjsg.ini C:\WINDOWS\system32\jhsadmgk.exe C:\WINDOWS\system32\jojbeluw.ini C:\WINDOWS\system32\lrviejwx.exe C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\ssqNgfFv.dll C:\WINDOWS\system32\tamgripu.ini C:\WINDOWS\system32\ungsdcki.exe C:\WINDOWS\system32\vFfgNqss.ini C:\WINDOWS\system32\vFfgNqss.ini2 C:\WINDOWS\system32\x64 . ((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))) . 2008-05-23 07:08 . 2008-05-23 07:08 126,464 --a------ C:\WINDOWS\system32\rflxcgqf.dll 2008-05-22 15:00 . 2008-05-22 15:00 <DIR> d-------- C:\Programfiler\Fellesfiler\Application 2008-05-22 14:59 . 2008-05-22 15:05 <DIR> d-------- C:\Programfiler\SPYWAREfighter 2008-05-22 14:35 . 2008-05-23 07:10 <DIR> dr-h----- C:\Documents and Settings\geirs\Siste 2008-05-22 13:31 . 2008-05-22 13:31 501,814 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP 2008-05-22 13:30 . 2008-05-22 13:38 <DIR> d-------- C:\Programfiler\Spyware Doctor 2008-05-22 13:30 . 2008-05-22 13:30 <DIR> d-------- C:\Documents and Settings\geirs\Programdata\PC Tools 2008-05-22 13:30 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-05-22 13:30 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-05-22 13:30 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-05-22 13:30 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-05-22 11:49 . 2002-08-13 06:09 684,032 --a------ C:\WINDOWS\system32\libeay32.dll 2008-05-22 11:49 . 2002-08-13 06:10 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2008-05-22 11:34 . 2008-05-22 11:34 <DIR> d-------- C:\Programfiler\Trend Micro 2008-05-22 10:54 . 2008-05-22 10:54 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2008-05-22 10:49 . 2008-05-22 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-05-21 13:56 . 2008-05-21 13:56 0 --a------ C:\WINDOWS\VPC32.INI 2008-05-21 13:55 . 2008-05-21 13:54 124,167 --a------ C:\WINDOWS\system32\SYMEVNT.386 2008-05-21 13:55 . 2008-05-21 13:54 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-05-21 13:55 . 2008-05-21 13:54 73,496 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-05-21 13:54 . 2008-05-21 13:54 <DIR> d-------- C:\Programfiler\Symantec_Client_Security 2008-05-21 11:23 . 2008-05-21 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Trend Micro 2008-05-21 08:29 . 2008-05-21 08:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-05-21 08:00 . 2008-05-21 08:00 <DIR> d-------- C:\WINDOWS\Sun 2008-05-21 08:00 . 2008-05-22 08:10 <DIR> d-------- C:\Documents and Settings\geirs\.housecall6.6 2008-05-20 09:51 . 2008-05-22 10:25 0 --a------ C:\WINDOWS\system32\sys_dll.dll 2008-05-20 09:44 . 2008-05-20 09:44 371,712 --a------ C:\WINDOWS\system32\qoMfcYQI.dll.vir 2008-05-20 09:42 . 2008-05-23 07:29 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-05-20 08:31 . 2008-05-21 11:18 <DIR> d-------- C:\Programfiler\Lavasoft 2008-05-20 07:53 . 2008-05-20 07:53 114,688 --a------ C:\WINDOWS\system32\nhqslxci.dll.vir 2008-05-20 07:52 . 2008-05-20 09:45 2,215 --ahs---- C:\WINDOWS\system32\IQYcfMoq.ini 2008-05-20 07:47 . 2008-05-20 07:53 <DIR> d-------- C:\Documents and Settings\geirs\Programdata\LimeWire 2008-05-19 10:03 . 2008-05-19 10:03 <DIR> d-------- C:\Programfiler\SAMSUNG SDS 2008-05-19 09:16 . 2008-05-19 09:16 <DIR> d-------- C:\Program Files 2008-05-15 11:09 . 2008-05-15 11:10 <DIR> d-------- C:\Programfiler\Miele-eBTD 2008-05-15 08:51 . 2008-05-15 08:52 425,406 --a------ C:\WINDOWS\system32\prfh0414.dat 2008-05-15 08:51 . 2008-05-15 08:52 79,248 --a------ C:\WINDOWS\system32\prfc0414.dat 2008-05-15 08:39 . 2008-05-15 08:43 <DIR> d-------- C:\InetPub 2008-05-15 08:22 . 2008-05-15 08:25 <DIR> d-------- C:\Programfiler\BitLord 2008-05-15 08:19 . 2008-05-15 08:19 <DIR> d-------- C:\Documents and Settings\geirs\Programdata\Uniblue 2008-05-14 13:05 . 2008-05-14 13:05 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2008-05-14 12:58 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-14 10:46 . 2008-03-14 09:12 409,600 --a------ C:\WINDOWS\system32\ETD-Base.dll 2008-05-14 10:46 . 2007-11-26 18:37 147,456 --a------ C:\WINDOWS\system32\SXPdotNET.dll 2008-05-14 10:38 . 2008-05-14 11:05 <DIR> d-------- C:\Programfiler\Miele Offline-ETD 2008-05-14 10:37 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-05-14 10:37 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll 2008-05-14 10:37 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll 2008-05-14 10:36 . 2008-05-14 10:36 <DIR> d-------- C:\Programfiler\Microsoft SQL Server 2008-05-14 09:27 . 2008-05-20 09:38 <DIR> d-------- C:\Programfiler\Atomic Alarm Clock 2008-05-14 08:54 . 2008-05-14 08:54 <DIR> d-------- C:\Documents and Settings\geirs\Programdata\MAB 2008-05-14 08:53 . 2008-05-14 08:53 <DIR> d-------- C:\Documents and Settings\geirs\Programdata\InstallShield 2008-05-14 08:53 . 2007-10-15 10:45 4,734,976 --a------ C:\WINDOWS\system32\vfp9r.dll 2008-05-14 08:53 . 2007-10-15 10:15 1,187,840 --a------ C:\WINDOWS\system32\VFP9RENU.DLL 2008-05-14 08:43 . 2006-02-24 11:08 <DIR> dr------- C:\Documents and Settings\__sbs_netsetup__\Start-meny 2008-05-14 08:43 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\__sbs_netsetup__\Skrivere 2008-05-14 08:43 . 2008-05-14 08:43 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__\Skrivebord 2008-05-14 08:43 . 2008-05-14 08:43 <DIR> dr-h----- C:\Documents and Settings\__sbs_netsetup__\Siste 2008-05-14 08:43 . 2006-02-24 10:27 <DIR> dr-h----- C:\Documents and Settings\__sbs_netsetup__\SendTo 2008-05-14 08:43 . 2008-05-13 13:59 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__\Programdata\ThinkVantage 2008-05-14 08:43 . 2008-05-13 13:48 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__\Programdata\Symantec 2008-05-14 08:43 . 2008-05-13 13:47 <DIR> d---s---- C:\Documents and Settings\__sbs_netsetup__\Programdata\Microsoft 2008-05-14 08:43 . 2008-05-13 13:59 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__\Programdata\Lenovo 2008-05-14 08:43 . 2006-02-24 10:27 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__\Programdata\Identities 2008-05-14 08:43 . 2008-05-13 13:59 <DIR> dr-h----- C:\Documents and Settings\__sbs_netsetup__\Programdata 2008-05-14 08:43 . 2008-05-14 08:43 <DIR> dr------- C:\Documents and Settings\__sbs_netsetup__\Mine dokumenter 2008-05-14 08:43 . 2006-02-24 10:14 <DIR> d--h----- C:\Documents and Settings\__sbs_netsetup__\Maler 2008-05-14 08:43 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\__sbs_netsetup__\Lokale innstillinger 2008-05-14 08:43 . 2008-05-14 08:43 <DIR> dr------- C:\Documents and Settings\__sbs_netsetup__\Favoritter 2008-05-14 08:43 . 2006-02-24 10:25 <DIR> d--hs---- C:\Documents and Settings\__sbs_netsetup__\Cookies 2008-05-14 08:43 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\__sbs_netsetup__\AndrMask 2008-05-14 08:43 . 2008-05-14 08:43 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__ 2008-05-14 08:43 . 2008-05-14 08:44 786,432 --ah----- C:\Documents and Settings\__sbs_netsetup__\NTUSER.DAT 2008-05-14 08:31 . 2008-03-01 15:05 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-05-14 08:31 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-05-14 08:31 . 2007-03-08 07:11 1,007,616 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-05-14 08:31 . 2008-03-01 15:05 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-05-14 08:31 . 2008-03-01 15:05 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-05-14 08:31 . 2008-03-01 15:05 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-05-14 08:31 . 2008-03-01 15:05 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-05-14 08:31 . 2008-03-01 15:05 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-05-14 08:31 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-05-14 08:08 . 2008-05-14 08:08 <DIR> d-------- C:\WINDOWS\system32\no 2008-05-14 08:08 . 2008-05-14 08:08 <DIR> d-------- C:\WINDOWS\system32\bits 2008-05-14 08:08 . 2008-05-14 08:08 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-14 08:07 . 2008-05-14 08:07 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-05-14 08:07 . 2008-05-23 07:16 <DIR> d-------- C:\Programfiler\Google 2008-05-14 08:06 . 2008-05-14 08:06 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-05-14 07:55 . 2004-08-04 00:54 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-05-14 07:42 . 2008-05-14 07:42 <DIR> d-------- C:\Programfiler\Microsoft.NET 2008-05-14 07:42 . 2008-05-14 07:42 <DIR> d-------- C:\Programfiler\Microsoft Works 2008-05-14 07:40 . 2008-05-14 07:42 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-05-14 07:40 . 2008-05-14 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-05-14 07:39 . 2008-05-14 07:39 <DIR> dr-h----- C:\MSOCache 2008-05-14 07:38 . 2008-05-21 13:55 <DIR> d-------- C:\Programfiler\Symantec 2008-05-14 07:37 . 2008-05-14 07:37 <DIR> d-------- C:\Programfiler\Microsoft Windows Small Business Server 2008-05-14 07:37 . 2006-02-24 11:08 <DIR> dr------- C:\Documents and Settings\administrator.HES\Start-meny 2008-05-14 07:37 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\administrator.HES\Skrivere 2008-05-14 07:37 . 2008-05-14 07:37 <DIR> d-------- C:\Documents and Settings\administrator.HES\Skrivebord 2008-05-14 07:37 . 2008-05-14 07:39 <DIR> dr-h----- C:\Documents and Settings\administrator.HES\Siste 2008-05-14 07:37 . 2008-05-13 13:59 <DIR> d-------- C:\Documents and Settings\administrator.HES\Programdata\ThinkVantage 2008-05-14 07:37 . 2008-05-13 13:48 <DIR> d-------- C:\Documents and Settings\administrator.HES\Programdata\Symantec 2008-05-14 07:37 . 2008-05-13 13:59 <DIR> d-------- C:\Documents and Settings\administrator.HES\Programdata\Lenovo 2008-05-14 07:37 . 2008-05-14 08:08 <DIR> dr-h----- C:\Documents and Settings\administrator.HES\Programdata 2008-05-14 07:37 . 2008-05-14 07:37 <DIR> dr------- C:\Documents and Settings\administrator.HES\Mine dokumenter 2008-05-14 07:37 . 2006-02-24 10:14 <DIR> d--h----- C:\Documents and Settings\administrator.HES\Maler 2008-05-14 07:37 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\administrator.HES\Lokale innstillinger 2008-05-14 07:37 . 2008-05-14 07:37 <DIR> dr------- C:\Documents and Settings\administrator.HES\Favoritter 2008-05-14 07:37 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\administrator.HES\AndrMask 2008-05-14 07:37 . 2008-05-14 07:37 <DIR> d-------- C:\Documents and Settings\administrator.HES 2008-05-14 07:08 . 2008-05-14 07:08 <DIR> d-------- C:\Documents and Settings\geirs\Programdata\Sonic 2008-05-13 15:02 . 2008-05-13 15:02 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-05-13 15:00 . 2008-05-13 15:00 <DIR> d-------- C:\WINDOWS\SchCache 2008-05-13 14:12 . 2008-05-13 14:12 <DIR> d-------- C:\Programfiler\Windows Live Toolbar 2008-05-13 14:12 . 2006-02-24 11:08 <DIR> dr------- C:\Documents and Settings\Geir\Start-meny 2008-05-13 14:12 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\Geir\Skrivere 2008-05-13 14:12 . 2008-05-13 14:12 <DIR> d-------- C:\Documents and Settings\Geir\Skrivebord 2008-05-13 14:12 . 2008-05-13 14:12 <DIR> dr-h----- C:\Documents and Settings\Geir\Siste 2008-05-13 14:12 . 2008-05-13 13:59 <DIR> d-------- C:\Documents and Settings\Geir\Programdata\ThinkVantage 2008-05-13 14:12 . 2008-05-13 13:48 <DIR> d-------- C:\Documents and Settings\Geir\Programdata\Symantec 2008-05-13 14:12 . 2008-05-13 13:59 <DIR> d-------- C:\Documents and Settings\Geir\Programdata\Lenovo 2008-05-13 14:12 . 2008-05-13 14:57 <DIR> dr-h----- C:\Documents and Settings\Geir\Programdata 2008-05-13 14:12 . 2008-05-13 14:12 <DIR> dr------- C:\Documents and Settings\Geir\Mine dokumenter 2008-05-13 14:12 . 2006-02-24 10:14 <DIR> d--h----- C:\Documents and Settings\Geir\Maler 2008-05-13 14:12 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\Geir\Lokale innstillinger . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 11:54 17,280 ----a-w C:\WINDOWS\system32\drivers\psadd.sys 2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 16:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll 2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll 2008-04-14 16:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll 2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll 2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll 2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll 2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll 2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 15:48 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys 2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 15:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-14 07:23 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 07:22 987,136 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 07:22 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-14 08:07 171448] "SkinClock"="C:\Programfiler\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-05-20 09:22 529408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 14:34 49152 C:\WINDOWS\system32\ico.exe] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 06:11 98304] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 06:13 114688] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 06:10 94208] "AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [2005-11-14 08:23 487424] "LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-03-22 18:10 106496] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920] "AwaySch"="C:\Programfiler\Lenovo\AwayTask\AwaySch.EXE" [2006-04-18 19:05 69632] "TVT Scheduler Proxy"="C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 04:01 503808] "DiskeeperSystray"="C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696] "Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2005-10-28 20:08 335872] "PDService.exe"="C:\Programfiler\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 16:38 41472] "cssauth"="C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe" [2006-05-12 20:15 2333440] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programfiler\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232] "vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe" [2003-05-21 01:21 90112] "ISTray"="C:\Programfiler\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848] "spywarefighterguard"="C:\Programfiler\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344] "BM0769dec2"="C:\WINDOWS\system32\rflxcgqf.dll" [2008-05-23 07:08 126464] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Service Manager.lnk - C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify] C:\Programfiler\Lenovo\AwayTask\AwayNotify.dll 2006-04-18 19:05 49152 C:\Programfiler\Lenovo\AwayTask\AwayNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\BitLord\\BitLord.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R2 MSSQL$MIELE_ETD;MSSQL$MIELE_ETD;C:\Programfiler\Microsoft SQL Server\MSSQL$MIELE_ETD\Binn\sqlservr.exe [2002-12-17 17:26] R2 PrivateDisk;PrivateDisk;C:\Programfiler\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 16:05] R2 smi2;smi2;C:\Programfiler\SMI2\smi2.sys [2006-05-12 18:10] R3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 13:55] R3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 13:25] R3 SpyFighter;SpyFighter Guard Device;C:\Programfiler\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38] R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programfiler\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37] S3 SQLAgent$MIELE_ETD;SQLAgent$MIELE_ETD;C:\Programfiler\Microsoft SQL Server\MSSQL$MIELE_ETD\Binn\sqlagent.EXE [2002-12-17 17:23] . Contents of the 'Scheduled Tasks' folder "2008-05-22 14:35:02 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-23 07:29:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\NavLogon.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\rflxcgqf.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\IPSSVC.EXE C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe C:\Programfiler\Spyware Doctor\pctsAuxs.exe C:\Programfiler\Spyware Doctor\pctsSvc.exe C:\Programfiler\Lenovo\System Update\SUService.exe C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\FSRremoS.EXE C:\WINDOWS\system32\PELMICED.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Completion time: 2008-05-23 7:33:10 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-23 05:33:02 Pre-Run: 51,770,785,792 byte ledig Post-Run: 51,834,945,536 byte ledig 363 Klikk for å se/fjerne innholdet nedenfor Hijackthis-loggen så grei ut. Sjekk den selv med denne analyzeren:http://hjt.networktechs.com/ Jeg ville fjernet ctfmon-entries, siden dette KAN være en kilde til grums. Ellers burde du også prøve TrendMicros Housecall (online gratis spyware/antivirus-scanner): http://housecall.trendmicro.com/ Her kommer også logg fra Combofix. Har prøvd TrendMicro men problemet ble ikke borte. Klikk for å se/fjerne innholdet nedenfor ComboFix 08-05-21.3 - geirs 2008-05-23 7:15:43.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.563 [GMT 2:00] Running from: C:\Documents and Settings\geirs\Skrivebord\Combofix\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\Google\googletoolbar1.dll C:\WINDOWS\BM0769dec2.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\byXonmll.dll C:\WINDOWS\system32\Cache C:\WINDOWS\system32\chslwjsg.ini C:\WINDOWS\system32\jhsadmgk.exe C:\WINDOWS\system32\jojbeluw.ini C:\WINDOWS\system32\lrviejwx.exe C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\ssqNgfFv.dll C:\WINDOWS\system32\tamgripu.ini C:\WINDOWS\system32\ungsdcki.exe C:\WINDOWS\system32\vFfgNqss.ini C:\WINDOWS\system32\vFfgNqss.ini2 C:\WINDOWS\system32\x64 . ((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))) . 2008-05-23 07:08 . 2008-05-23 07:08 126,464 --a------ C:\WINDOWS\system32\rflxcgqf.dll 2008-05-22 15:00 . 2008-05-22 15:00 <DIR> d-------- C:\Programfiler\Fellesfiler\Application 2008-05-22 14:59 . 2008-05-22 15:05 <DIR> d-------- C:\Programfiler\SPYWAREfighter 2008-05-22 14:35 . 2008-05-23 07:10 <DIR> dr-h----- C:\Documents and Settings\geirs\Siste 2008-05-22 13:31 . 2008-05-22 13:31 501,814 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP 2008-05-22 13:30 . 2008-05-22 13:38 <DIR> d-------- C:\Programfiler\Spyware Doctor 2008-05-22 13:30 . 2008-05-22 13:30 <DIR> d-------- C:\Documents and Settings\geirs\Programdata\PC Tools 2008-05-22 13:30 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-05-22 13:30 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-05-22 13:30 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-05-22 13:30 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-05-22 11:49 . 2002-08-13 06:09 684,032 --a------ C:\WINDOWS\system32\libeay32.dll 2008-05-22 11:49 . 2002-08-13 06:10 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2008-05-22 11:34 . 2008-05-22 11:34 <DIR> d-------- C:\Programfiler\Trend Micro 2008-05-22 10:54 . 2008-05-22 10:54 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com 2008-05-22 10:49 . 2008-05-22 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-05-21 13:56 . 2008-05-21 13:56 0 --a------ C:\WINDOWS\VPC32.INI 2008-05-21 13:55 . 2008-05-21 13:54 124,167 --a------ C:\WINDOWS\system32\SYMEVNT.386 2008-05-21 13:55 . 2008-05-21 13:54 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-05-21 13:55 . 2008-05-21 13:54 73,496 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-05-21 13:54 . 2008-05-21 13:54 <DIR> d-------- C:\Programfiler\Symantec_Client_Security 2008-05-21 11:23 . 2008-05-21 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Trend Micro 2008-05-21 08:29 . 2008-05-21 08:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-05-21 08:00 . 2008-05-21 08:00 <DIR> d-------- C:\WINDOWS\Sun 2008-05-21 08:00 . 2008-05-22 08:10 <DIR> d-------- C:\Documents and Settings\geirs\.housecall6.6 2008-05-20 09:51 . 2008-05-22 10:25 0 --a------ C:\WINDOWS\system32\sys_dll.dll 2008-05-20 09:44 . 2008-05-20 09:44 371,712 --a------ C:\WINDOWS\system32\qoMfcYQI.dll.vir 2008-05-20 09:42 . 2008-05-23 07:29 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-05-20 08:31 . 2008-05-21 11:18 <DIR> d-------- C:\Programfiler\Lavasoft 2008-05-20 07:53 . 2008-05-20 07:53 114,688 --a------ C:\WINDOWS\system32\nhqslxci.dll.vir 2008-05-20 07:52 . 2008-05-20 09:45 2,215 --ahs---- C:\WINDOWS\system32\IQYcfMoq.ini 2008-05-20 07:47 . 2008-05-20 07:53 <DIR> d-------- C:\Documents and Settings\geirs\Programdata\LimeWire 2008-05-19 10:03 . 2008-05-19 10:03 <DIR> d-------- C:\Programfiler\SAMSUNG SDS 2008-05-19 09:16 . 2008-05-19 09:16 <DIR> d-------- C:\Program Files 2008-05-15 11:09 . 2008-05-15 11:10 <DIR> d-------- C:\Programfiler\Miele-eBTD 2008-05-15 08:51 . 2008-05-15 08:52 425,406 --a------ C:\WINDOWS\system32\prfh0414.dat 2008-05-15 08:51 . 2008-05-15 08:52 79,248 --a------ C:\WINDOWS\system32\prfc0414.dat 2008-05-15 08:39 . 2008-05-15 08:43 <DIR> d-------- C:\InetPub 2008-05-15 08:22 . 2008-05-15 08:25 <DIR> d-------- C:\Programfiler\BitLord 2008-05-15 08:19 . 2008-05-15 08:19 <DIR> d-------- C:\Documents and Settings\geirs\Programdata\Uniblue 2008-05-14 13:05 . 2008-05-14 13:05 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2008-05-14 12:58 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-14 10:46 . 2008-03-14 09:12 409,600 --a------ C:\WINDOWS\system32\ETD-Base.dll 2008-05-14 10:46 . 2007-11-26 18:37 147,456 --a------ C:\WINDOWS\system32\SXPdotNET.dll 2008-05-14 10:38 . 2008-05-14 11:05 <DIR> d-------- C:\Programfiler\Miele Offline-ETD 2008-05-14 10:37 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-05-14 10:37 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll 2008-05-14 10:37 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll 2008-05-14 10:36 . 2008-05-14 10:36 <DIR> d-------- C:\Programfiler\Microsoft SQL Server 2008-05-14 09:27 . 2008-05-20 09:38 <DIR> d-------- C:\Programfiler\Atomic Alarm Clock 2008-05-14 08:54 . 2008-05-14 08:54 <DIR> d-------- C:\Documents and Settings\geirs\Programdata\MAB 2008-05-14 08:53 . 2008-05-14 08:53 <DIR> d-------- C:\Documents and Settings\geirs\Programdata\InstallShield 2008-05-14 08:53 . 2007-10-15 10:45 4,734,976 --a------ C:\WINDOWS\system32\vfp9r.dll 2008-05-14 08:53 . 2007-10-15 10:15 1,187,840 --a------ C:\WINDOWS\system32\VFP9RENU.DLL 2008-05-14 08:43 . 2006-02-24 11:08 <DIR> dr------- C:\Documents and Settings\__sbs_netsetup__\Start-meny 2008-05-14 08:43 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\__sbs_netsetup__\Skrivere 2008-05-14 08:43 . 2008-05-14 08:43 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__\Skrivebord 2008-05-14 08:43 . 2008-05-14 08:43 <DIR> dr-h----- C:\Documents and Settings\__sbs_netsetup__\Siste 2008-05-14 08:43 . 2006-02-24 10:27 <DIR> dr-h----- C:\Documents and Settings\__sbs_netsetup__\SendTo 2008-05-14 08:43 . 2008-05-13 13:59 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__\Programdata\ThinkVantage 2008-05-14 08:43 . 2008-05-13 13:48 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__\Programdata\Symantec 2008-05-14 08:43 . 2008-05-13 13:47 <DIR> d---s---- C:\Documents and Settings\__sbs_netsetup__\Programdata\Microsoft 2008-05-14 08:43 . 2008-05-13 13:59 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__\Programdata\Lenovo 2008-05-14 08:43 . 2006-02-24 10:27 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__\Programdata\Identities 2008-05-14 08:43 . 2008-05-13 13:59 <DIR> dr-h----- C:\Documents and Settings\__sbs_netsetup__\Programdata 2008-05-14 08:43 . 2008-05-14 08:43 <DIR> dr------- C:\Documents and Settings\__sbs_netsetup__\Mine dokumenter 2008-05-14 08:43 . 2006-02-24 10:14 <DIR> d--h----- C:\Documents and Settings\__sbs_netsetup__\Maler 2008-05-14 08:43 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\__sbs_netsetup__\Lokale innstillinger 2008-05-14 08:43 . 2008-05-14 08:43 <DIR> dr------- C:\Documents and Settings\__sbs_netsetup__\Favoritter 2008-05-14 08:43 . 2006-02-24 10:25 <DIR> d--hs---- C:\Documents and Settings\__sbs_netsetup__\Cookies 2008-05-14 08:43 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\__sbs_netsetup__\AndrMask 2008-05-14 08:43 . 2008-05-14 08:43 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__ 2008-05-14 08:43 . 2008-05-14 08:44 786,432 --ah----- C:\Documents and Settings\__sbs_netsetup__\NTUSER.DAT 2008-05-14 08:31 . 2008-03-01 15:05 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-05-14 08:31 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-05-14 08:31 . 2007-03-08 07:11 1,007,616 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-05-14 08:31 . 2008-03-01 15:05 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-05-14 08:31 . 2008-03-01 15:05 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-05-14 08:31 . 2008-03-01 15:05 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-05-14 08:31 . 2008-03-01 15:05 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-05-14 08:31 . 2008-03-01 15:05 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-05-14 08:31 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-05-14 08:08 . 2008-05-14 08:08 <DIR> d-------- C:\WINDOWS\system32\no 2008-05-14 08:08 . 2008-05-14 08:08 <DIR> d-------- C:\WINDOWS\system32\bits 2008-05-14 08:08 . 2008-05-14 08:08 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-14 08:07 . 2008-05-14 08:07 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-05-14 08:07 . 2008-05-23 07:16 <DIR> d-------- C:\Programfiler\Google 2008-05-14 08:06 . 2008-05-14 08:06 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-05-14 07:55 . 2004-08-04 00:54 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-05-14 07:42 . 2008-05-14 07:42 <DIR> d-------- C:\Programfiler\Microsoft.NET 2008-05-14 07:42 . 2008-05-14 07:42 <DIR> d-------- C:\Programfiler\Microsoft Works 2008-05-14 07:40 . 2008-05-14 07:42 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-05-14 07:40 . 2008-05-14 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-05-14 07:39 . 2008-05-14 07:39 <DIR> dr-h----- C:\MSOCache 2008-05-14 07:38 . 2008-05-21 13:55 <DIR> d-------- C:\Programfiler\Symantec 2008-05-14 07:37 . 2008-05-14 07:37 <DIR> d-------- C:\Programfiler\Microsoft Windows Small Business Server 2008-05-14 07:37 . 2006-02-24 11:08 <DIR> dr------- C:\Documents and Settings\administrator.HES\Start-meny 2008-05-14 07:37 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\administrator.HES\Skrivere 2008-05-14 07:37 . 2008-05-14 07:37 <DIR> d-------- C:\Documents and Settings\administrator.HES\Skrivebord 2008-05-14 07:37 . 2008-05-14 07:39 <DIR> dr-h----- C:\Documents and Settings\administrator.HES\Siste 2008-05-14 07:37 . 2008-05-13 13:59 <DIR> d-------- C:\Documents and Settings\administrator.HES\Programdata\ThinkVantage 2008-05-14 07:37 . 2008-05-13 13:48 <DIR> d-------- C:\Documents and Settings\administrator.HES\Programdata\Symantec 2008-05-14 07:37 . 2008-05-13 13:59 <DIR> d-------- C:\Documents and Settings\administrator.HES\Programdata\Lenovo 2008-05-14 07:37 . 2008-05-14 08:08 <DIR> dr-h----- C:\Documents and Settings\administrator.HES\Programdata 2008-05-14 07:37 . 2008-05-14 07:37 <DIR> dr------- C:\Documents and Settings\administrator.HES\Mine dokumenter 2008-05-14 07:37 . 2006-02-24 10:14 <DIR> d--h----- C:\Documents and Settings\administrator.HES\Maler 2008-05-14 07:37 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\administrator.HES\Lokale innstillinger 2008-05-14 07:37 . 2008-05-14 07:37 <DIR> dr------- C:\Documents and Settings\administrator.HES\Favoritter 2008-05-14 07:37 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\administrator.HES\AndrMask 2008-05-14 07:37 . 2008-05-14 07:37 <DIR> d-------- C:\Documents and Settings\administrator.HES 2008-05-14 07:08 . 2008-05-14 07:08 <DIR> d-------- C:\Documents and Settings\geirs\Programdata\Sonic 2008-05-13 15:02 . 2008-05-13 15:02 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-05-13 15:00 . 2008-05-13 15:00 <DIR> d-------- C:\WINDOWS\SchCache 2008-05-13 14:12 . 2008-05-13 14:12 <DIR> d-------- C:\Programfiler\Windows Live Toolbar 2008-05-13 14:12 . 2006-02-24 11:08 <DIR> dr------- C:\Documents and Settings\Geir\Start-meny 2008-05-13 14:12 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\Geir\Skrivere 2008-05-13 14:12 . 2008-05-13 14:12 <DIR> d-------- C:\Documents and Settings\Geir\Skrivebord 2008-05-13 14:12 . 2008-05-13 14:12 <DIR> dr-h----- C:\Documents and Settings\Geir\Siste 2008-05-13 14:12 . 2008-05-13 13:59 <DIR> d-------- C:\Documents and Settings\Geir\Programdata\ThinkVantage 2008-05-13 14:12 . 2008-05-13 13:48 <DIR> d-------- C:\Documents and Settings\Geir\Programdata\Symantec 2008-05-13 14:12 . 2008-05-13 13:59 <DIR> d-------- C:\Documents and Settings\Geir\Programdata\Lenovo 2008-05-13 14:12 . 2008-05-13 14:57 <DIR> dr-h----- C:\Documents and Settings\Geir\Programdata 2008-05-13 14:12 . 2008-05-13 14:12 <DIR> dr------- C:\Documents and Settings\Geir\Mine dokumenter 2008-05-13 14:12 . 2006-02-24 10:14 <DIR> d--h----- C:\Documents and Settings\Geir\Maler 2008-05-13 14:12 . 2006-02-24 11:08 <DIR> d--h----- C:\Documents and Settings\Geir\Lokale innstillinger . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 11:54 17,280 ----a-w C:\WINDOWS\system32\drivers\psadd.sys 2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 16:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll 2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll 2008-04-14 16:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll 2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll 2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll 2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll 2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll 2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 15:48 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys 2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 15:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-14 07:23 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 07:22 987,136 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 07:22 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-14 08:07 171448] "SkinClock"="C:\Programfiler\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-05-20 09:22 529408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 14:34 49152 C:\WINDOWS\system32\ico.exe] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 06:11 98304] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 06:13 114688] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 06:10 94208] "AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [2005-11-14 08:23 487424] "LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-03-22 18:10 106496] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920] "AwaySch"="C:\Programfiler\Lenovo\AwayTask\AwaySch.EXE" [2006-04-18 19:05 69632] "TVT Scheduler Proxy"="C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 04:01 503808] "DiskeeperSystray"="C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696] "Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2005-10-28 20:08 335872] "PDService.exe"="C:\Programfiler\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 16:38 41472] "cssauth"="C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe" [2006-05-12 20:15 2333440] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programfiler\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232] "vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe" [2003-05-21 01:21 90112] "ISTray"="C:\Programfiler\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848] "spywarefighterguard"="C:\Programfiler\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344] "BM0769dec2"="C:\WINDOWS\system32\rflxcgqf.dll" [2008-05-23 07:08 126464] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Service Manager.lnk - C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify] C:\Programfiler\Lenovo\AwayTask\AwayNotify.dll 2006-04-18 19:05 49152 C:\Programfiler\Lenovo\AwayTask\AwayNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\BitLord\\BitLord.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R2 MSSQL$MIELE_ETD;MSSQL$MIELE_ETD;C:\Programfiler\Microsoft SQL Server\MSSQL$MIELE_ETD\Binn\sqlservr.exe [2002-12-17 17:26] R2 PrivateDisk;PrivateDisk;C:\Programfiler\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 16:05] R2 smi2;smi2;C:\Programfiler\SMI2\smi2.sys [2006-05-12 18:10] R3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 13:55] R3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 13:25] R3 SpyFighter;SpyFighter Guard Device;C:\Programfiler\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38] R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programfiler\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37] S3 SQLAgent$MIELE_ETD;SQLAgent$MIELE_ETD;C:\Programfiler\Microsoft SQL Server\MSSQL$MIELE_ETD\Binn\sqlagent.EXE [2002-12-17 17:23] . Contents of the 'Scheduled Tasks' folder "2008-05-22 14:35:02 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-23 07:29:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\NavLogon.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\rflxcgqf.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\IPSSVC.EXE C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe C:\Programfiler\Spyware Doctor\pctsAuxs.exe C:\Programfiler\Spyware Doctor\pctsSvc.exe C:\Programfiler\Lenovo\System Update\SUService.exe C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\FSRremoS.EXE C:\WINDOWS\system32\PELMICED.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Completion time: 2008-05-23 7:33:10 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-23 05:33:02 Pre-Run: 51,770,785,792 byte ledig Post-Run: 51,834,945,536 byte ledig 363 Klikk for å se/fjerne innholdet nedenfor Hijackthis-loggen så grei ut. Sjekk den selv med denne analyzeren:http://hjt.networktechs.com/ Jeg ville fjernet ctfmon-entries, siden dette KAN være en kilde til grums. Ellers burde du også prøve TrendMicros Housecall (online gratis spyware/antivirus-scanner): http://housecall.trendmicro.com/ Lenke til kommentar
norbat Skrevet 23. mai 2008 Del Skrevet 23. mai 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\rflxcgqf.dll C:\WINDOWS\VPC32.INI C:\WINDOWS\system32\sys_dll.dll C:\WINDOWS\system32\qoMfcYQI.dll.vir C:\WINDOWS\system32\nhqslxci.dll.vir C:\WINDOWS\system32\IQYcfMoq.ini Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BM0769dec2"=- Hvis du ennå ikke har fått kjørt en scan med SAS, så er det tid for det nå. Post loggen som SAS lager (preferences->statistics/logs) Fortell også hvordan PC-en kjører. Lenke til kommentar
Scortech Skrevet 23. mai 2008 Del Skrevet 23. mai 2008 (endret) Windows defender rydder kraftig opp i OS'et. Er vel enda gratis....CCleaner kan også hjelpe deg litt på å rydde opp i registret... Windows defender..lol..ja den synes jeg var god. den stopper omtrent ingenting og finner omtrent ingenting. Bruk Spyware terminator..veldig godt program og gratis.. og den har også innebygget anti-virus som du kan velge og aktivere eller ikke.. som om du f.eks har eget anti-virus program forsiden av det.. Endret 23. mai 2008 av Scortech Lenke til kommentar
Gjest Slettet-t8fn5F Skrevet 23. mai 2008 Del Skrevet 23. mai 2008 (endret) Windows defender rydder kraftig opp i OS'et. Er vel enda gratis....CCleaner kan også hjelpe deg litt på å rydde opp i registret... Windows defender..lol..ja den synes jeg var god. den stopper omtrent ingenting og finner omtrent ingenting. Bruk Spyware terminator..veldig godt program og gratis.. og den har også innebygget anti-virus som du kan velge og aktivere eller ikke.. som om du f.eks har eget anti-virus program forsiden av det.. Bare hyggelig at du syntes det var gøy, men avataren din avslører deg. Defender er blandt de beste gratis spywarefjerner som er å få fatt i og ingen, absolutt ingen er bedre til å reparere Windows enn Microsoft selv når OS'et er skakkjørt av spyware.. Her er linken til HW.NO sin test av Spyware terminator. Se nederste linje på oppsummeringen.... Endret 23. mai 2008 av Slettet-t8fn5F Lenke til kommentar
Scortech Skrevet 24. mai 2008 Del Skrevet 24. mai 2008 ja jeg bruker også ubuntu men jeg bruker vista til vanlig.. og at du kommer med den linken om programmet som var testet for et over ett år siden kommer du ikke langt med..hehe.. er veldig mye som er fåbedret seg med det programmet.. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå