Maranello Skrevet 1. juni 2008 Del Skrevet 1. juni 2008 (endret) Trenger hjelp til å fjernet spyware, sliter med popup, advarsler om spyware og tvilsomme programmer +++. SUPERAntiSpyware Scan Log SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/01/2008 at 03:57 PM Application Version : 4.1.1046 Core Rules Database Version : 3472 Trace Rules Database Version: 1463 Scan type : Complete Scan Total Scan Time : 00:22:01 Memory items scanned : 394 Memory threats detected : 4 Registry items scanned : 5482 Registry threats detected : 17 File items scanned : 15616 File threats detected : 11 Trojan.Vundo-Variant/Small-GEN C:\WINDOWS\SYSTEM32\MLJCTKHE.DLL C:\WINDOWS\SYSTEM32\MLJCTKHE.DLL Trojan.Downloader-NewJuan/VM C:\WINDOWS\SYSTEM32\HTNMYRXW.DLL C:\WINDOWS\SYSTEM32\HTNMYRXW.DLL C:\WINDOWS\SYSTEM32\OFBYJJKB.DLL C:\WINDOWS\SYSTEM32\OFBYJJKB.DLL Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\DDCCTLJB.DLL C:\WINDOWS\SYSTEM32\DDCCTLJB.DLL Trojan.Vundo-Variant/Small HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F88CC2D-3941-4F10-89D5-C8DDE461433E} HKCR\CLSID\{3F88CC2D-3941-4F10-89D5-C8DDE461433E} HKCR\CLSID\{3F88CC2D-3941-4F10-89D5-C8DDE461433E}\InprocServer32 HKCR\CLSID\{3F88CC2D-3941-4F10-89D5-C8DDE461433E}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31} HKCR\CLSID\{7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31} HKCR\CLSID\{7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31}\InprocServer32 HKCR\CLSID\{7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{efcee5aa-bec5-4b94-a464-0fbad52c7cb4} HKCR\CLSID\{EFCEE5AA-BEC5-4B94-A464-0FBAD52C7CB4} HKCR\CLSID\{EFCEE5AA-BEC5-4B94-A464-0FBAD52C7CB4}\InprocServer32 HKCR\CLSID\{EFCEE5AA-BEC5-4B94-A464-0FBAD52C7CB4}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mlJCTkhe C:\WINDOWS\SYSTEM32\FVMDQTWX.DLL C:\WINDOWS\SYSTEM32\JSGMYOSQ.DLL C:\WINDOWS\SYSTEM32\PCTYWCIA.DLL C:\WINDOWS\SYSTEM32\QEBYFHLR.DLL C:\WINDOWS\SYSTEM32\UXVTDUGA.DLL Adware.Tracking Cookie C:\Documents and Settings\KSA\Cookies\[email protected][1].txt C:\Documents and Settings\KSA\Cookies\ksa@adtech[1].txt Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\aoprndtws HKLM\SOFTWARE\Microsoft\RemoveRP HKU\S-1-5-21-1060284298-1220945662-839522115-1004\Software\Microsoft\rdfa ComboFix ComboFix 08-05-29.1 - KSA 2008-06-01 16:02:08.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.574 [GMT 2:00] Running from: C:\Documents and Settings\KSA\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMb3d34a1c.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\BJlTCcdd.ini C:\WINDOWS\system32\BJlTCcdd.ini2 C:\WINDOWS\system32\EgMlRXyb.ini C:\WINDOWS\system32\EgMlRXyb.ini2 C:\WINDOWS\system32\hRCcdfii.ini C:\WINDOWS\system32\hRCcdfii.ini2 C:\WINDOWS\system32\qsoymgsj.ini C:\WINDOWS\system32\xwtqdmvf.ini . ((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))) . 2008-06-01 15:33 . 2008-06-01 15:33 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-01 15:33 . 2008-06-01 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-01 15:32 . 2008-06-01 15:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-01 15:32 . 2008-06-01 15:33 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\SUPERAntiSpyware.com 2008-06-01 15:31 . 2008-06-01 15:31 <DIR> dr-h----- C:\Documents and Settings\KSA\Siste 2008-06-01 15:29 . 2008-06-01 15:29 2,721,524 --ahs---- C:\WINDOWS\system32\agudtvxu.tmp 2008-06-01 15:28 . 2008-06-01 15:28 <DIR> d-------- C:\Programfiler\CCleaner 2008-06-01 13:35 . 2008-06-01 14:44 269 --a------ C:\WINDOWS\wininit.ini 2008-06-01 13:06 . 2008-06-01 16:00 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-06-01 13:06 . 2008-06-01 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-05-31 12:45 . 2008-05-31 12:45 <DIR> d-------- C:\Programfiler\Nero 2008-05-30 23:10 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll 2008-05-30 23:10 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB 2008-05-30 23:10 . 2008-05-30 23:10 0 --a------ C:\WINDOWS\Irremote.ini 2008-05-30 22:58 . 2008-05-30 22:58 <DIR> d-------- C:\Programfiler\NeroInstall.bak 2008-05-30 22:56 . 2008-05-30 22:56 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\Nero 2008-05-30 22:53 . 2008-05-31 12:48 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero 2008-05-30 22:53 . 2008-05-31 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2008-05-28 21:16 . 2008-05-28 21:16 <DIR> d-------- C:\Programfiler\uTorrent 2008-05-28 21:16 . 2008-05-31 13:24 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\uTorrent 2008-05-25 15:41 . 2008-05-25 15:41 17,144 --a------ C:\Documents and Settings\KSA\Programdata\GDIPFONTCACHEV1.DAT 2008-05-22 10:35 . 2008-05-22 10:35 <DIR> d-------- C:\Programfiler\Ares 2008-05-22 10:28 . 2008-05-22 10:33 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\Ares Galaxy Professional 2008-05-15 18:23 . 2008-05-15 18:23 <DIR> d-------- C:\Programfiler\LG Software 2008-05-15 18:23 . 2006-07-13 10:30 98,304 --a------ C:\WINDOWS\system32\MGHwCtrl.dll 2008-05-15 18:23 . 2004-11-02 11:08 32,768 --a------ C:\WINDOWS\system32\MGFPCtrl.dll 2008-05-15 18:23 . 2004-08-03 16:01 24,576 --a------ C:\WINDOWS\system32\MGPwrShm.dll 2008-05-15 18:23 . 2005-04-28 15:35 23,040 --a------ C:\WINDOWS\system32\MGFPMCE.dll 2008-05-15 18:23 . 2005-03-10 09:56 20,128 --a------ C:\WINDOWS\system32\drivers\MGHwCtrl.sys 2008-05-15 17:39 . 2008-05-15 18:24 <DIR> d-------- C:\Programfiler\EzManual 2008-05-14 23:24 . 2008-05-15 00:04 <DIR> d-------- C:\Programfiler\PhotomatixPro3 2008-05-14 23:23 . 2008-05-14 23:24 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-05-14 20:52 . 2008-05-14 20:54 <DIR> d-------- C:\Programfiler\CLUE 2008-05-14 19:26 . 2008-05-14 20:02 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\FrostWire 2008-05-14 19:25 . 2008-05-22 10:27 <DIR> d-------- C:\Programfiler\FrostWire 2008-05-14 19:09 . 2008-05-14 19:09 <DIR> d-------- C:\Programfiler\Bit Che 2008-05-14 19:09 . 2008-05-14 19:09 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\Convivea 2008-05-14 19:09 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX 2008-05-14 19:09 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\mswinsck.ocx 2008-05-14 18:52 . 2008-05-14 19:22 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\LimeWire 2008-05-14 18:51 . 2008-05-14 18:51 <DIR> d-------- C:\WINDOWS\Sun 2008-05-14 18:51 . 2008-05-14 18:51 <DIR> d-------- C:\Programfiler\Java 2008-05-14 18:51 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-14 18:50 . 2008-05-14 18:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-05-12 22:19 . 2008-05-12 22:19 <DIR> d-------- C:\Programfiler\Fellesfiler\HP 2008-05-12 22:19 . 2008-05-12 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\HP 2008-05-12 22:17 . 2008-05-12 22:17 <DIR> d-------- C:\Programfiler\Fellesfiler\Hewlett-Packard 2008-05-12 22:15 . 2008-05-12 22:15 <DIR> d-------- C:\Program Files 2008-05-12 22:15 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-05-12 22:15 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2008-05-12 22:15 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2008-05-12 22:15 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2008-05-12 22:15 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2008-05-12 22:15 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2008-05-12 22:15 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2008-05-12 22:12 . 2008-05-12 22:41 <DIR> d-------- C:\Programfiler\HP 2008-05-12 22:10 . 2008-05-12 22:10 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\HP 2008-05-12 22:10 . 2008-05-12 22:29 111,851 --a------ C:\WINDOWS\hpoins07.dat 2008-05-12 22:10 . 2005-03-08 06:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2008-05-12 22:10 . 2005-05-24 07:41 21,124 --------- C:\WINDOWS\hpomdl07.dat 2008-05-12 22:10 . 2005-03-08 06:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2008-05-12 22:09 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-05-12 22:09 . 2008-04-13 11:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-05-12 22:09 . 2005-03-08 06:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2008-05-12 22:05 . 2005-04-08 03:51 606,208 -ra------ C:\WINDOWS\system32\hpotscl.dll 2008-05-12 22:05 . 2005-04-08 03:51 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll 2008-05-12 22:05 . 2005-03-08 06:39 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll 2008-05-12 22:05 . 2005-04-08 03:51 258,122 -ra------ C:\WINDOWS\system32\hpovst08.dll 2008-05-12 22:05 . 2008-04-13 11:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-05-12 22:05 . 2008-04-13 11:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-05-12 22:05 . 2008-05-29 23:19 156 --a------ C:\WINDOWS\Twunk001.MTX 2008-05-12 22:05 . 2008-05-29 23:19 4 --a------ C:\WINDOWS\Twain001.Mtx 2008-05-12 22:05 . 2008-05-12 22:05 0 --a------ C:\WINDOWS\Twunk002.MTX 2008-05-12 22:04 . 2008-04-13 11:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-05-12 22:04 . 2008-04-13 11:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-05-12 20:56 . 2008-05-12 20:56 <DIR> d-------- C:\Programfiler\Bonjour 2008-05-12 20:55 . 2008-05-12 20:55 <DIR> d-------- C:\WINDOWS\EHome 2008-05-12 20:45 . 2008-05-12 20:45 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2008-05-12 20:43 . 2008-05-15 17:12 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-05-12 20:35 . 2008-05-12 20:35 382 --a------ C:\WINDOWS\ODBC.INI 2008-05-12 20:34 . 2008-05-12 20:34 <DIR> d-------- C:\WINDOWS\ShellNew 2008-05-12 20:34 . 2008-05-12 20:34 <DIR> d-------- C:\Programfiler\Microsoft ActiveSync 2008-05-12 20:22 . 2008-05-12 20:22 <DIR> d--hs---- C:\Documents and Settings\KSA\UserData 2008-05-12 20:13 . 2008-05-12 20:13 <DIR> d-------- C:\Programfiler\Intel 2008-05-12 20:11 . 2008-05-12 20:11 <DIR> d-------- C:\Programfiler\DIFX 2008-05-12 20:11 . 2006-04-07 06:58 2,633,728 -ra------ C:\WINDOWS\system32\w39MLRes.dll 2008-05-12 20:11 . 2006-04-04 12:17 1,429,632 -ra------ C:\WINDOWS\system32\drivers\w39n51.sys 2008-05-12 20:11 . 2006-04-07 06:58 491,520 -ra------ C:\WINDOWS\system32\w39NCPA.dll 2008-05-12 20:10 . 2008-05-12 20:26 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-05-12 20:09 . 2002-05-11 12:14 203,976 --------- C:\WINDOWS\system32\richtx32.ocx 2008-05-12 20:09 . 1998-07-22 00:00 102,912 --------- C:\WINDOWS\system32\Vb6stkit.dll 2008-05-12 20:09 . 2002-05-11 12:14 102,160 --------- C:\WINDOWS\system32\VB6KO.DLL 2008-05-12 20:09 . 1998-04-24 00:00 83,552 --------- C:\WINDOWS\system32\GAPI32.DLL 2008-05-12 20:09 . 2001-08-29 21:00 59,904 --a------ C:\WINDOWS\system32\wbemdisp.tlb 2008-05-12 20:09 . 1998-07-22 00:00 30,720 --------- C:\WINDOWS\system32\Rchtxko.dll 2008-05-12 20:09 . 1998-07-22 00:00 13,824 --------- C:\WINDOWS\system32\INETKO.DLL 2008-05-12 20:09 . 1998-07-22 00:00 9,728 --------- C:\WINDOWS\system32\SYSINKO.DLL 2008-05-12 20:09 . 2002-11-21 18:56 1,764 --------- C:\WINDOWS\system32\IOBJSAFE.TLB 2008-05-12 20:08 . 2008-05-15 18:26 <DIR> d--h----- C:\Programfiler\InstallShield Installation Information 2008-05-12 20:08 . 2008-05-15 18:26 <DIR> d-------- C:\Programfiler\Fellesfiler\InstallShield 2008-05-12 20:08 . 2008-05-15 18:26 0 --a------ C:\WINDOWS\lgcenter.ini 2008-05-12 20:06 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg 2008-05-12 20:06 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-05-12 20:05 . 2008-05-12 20:05 <DIR> d-------- C:\Programfiler\ESET 2008-05-12 20:05 . 2008-05-12 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ESET 2008-05-12 20:01 . 2008-05-12 21:33 <DIR> dr------- C:\Documents and Settings\KSA\Start-meny 2008-05-12 20:01 . 2008-05-12 21:33 <DIR> d--h----- C:\Documents and Settings\KSA\Skrivere 2008-05-12 20:01 . 2008-06-01 15:37 <DIR> d-------- C:\Documents and Settings\KSA\Skrivebord 2008-05-12 20:01 . 2008-06-01 15:32 <DIR> d--h----- C:\Documents and Settings\KSA\Programdata 2008-05-12 20:01 . 2008-05-14 20:44 <DIR> dr------- C:\Documents and Settings\KSA\Mine dokumenter 2008-05-12 20:01 . 2008-05-14 17:21 <DIR> d--h----- C:\Documents and Settings\KSA\Maler 2008-05-12 20:01 . 2008-05-12 21:33 <DIR> d--h----- C:\Documents and Settings\KSA\Lokale innstillinger 2008-05-12 20:01 . 2008-06-01 15:30 <DIR> dr------- C:\Documents and Settings\KSA\Favoritter 2008-05-12 20:01 . 2008-05-12 21:33 <DIR> d--h----- C:\Documents and Settings\KSA\AndrMask 2008-05-12 20:01 . 2008-06-01 15:31 <DIR> d-------- C:\Documents and Settings\KSA 2008-05-12 20:00 . 2008-05-12 20:00 <DIR> d---s---- C:\WINDOWS\system32\Microsoft 2008-05-12 20:00 . 2008-05-12 20:00 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata 2008-05-12 20:00 . 2008-05-12 20:00 <DIR> d--h----- C:\Documents and Settings\LocalService\Lokale innstillinger 2008-05-12 20:00 . 2008-05-12 20:00 <DIR> d--hs---- C:\Documents and Settings\LocalService . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-12 19:15 --------- d-----w C:\Programfiler\Realtek 2008-05-12 19:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-05-12 17:56 --------- d-----w C:\Programfiler\microsoft frontpage 2008-05-12 17:54 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-05-12 17:53 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-04-14 07:23 69,120 ----a-w C:\WINDOWS\notepad.exe 2008-04-14 07:23 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 07:23 32,866 ------w C:\WINDOWS\slrundll.exe 2008-04-14 07:23 283,648 ----a-w C:\WINDOWS\winhlp32.exe 2008-04-14 07:23 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 07:23 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe 2008-04-14 07:23 147,456 ----a-w C:\WINDOWS\regedit.exe 2008-04-14 07:23 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 07:23 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 07:21 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll 2008-04-14 06:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 06:56 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 06:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 06:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 06:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 06:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 06:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 06:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 06:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 06:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 06:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 06:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 06:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 06:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 06:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 06:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 06:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 06:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 06:40 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-04-14 06:40 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys 2008-04-14 06:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 06:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 06:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 06:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 06:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-13 10:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 10:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 10:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 10:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 10:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 10:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 10:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 10:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 10:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 10:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 10:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 10:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 10:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 10:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 10:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 10:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 10:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 10:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 10:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 10:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 10:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 10:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 09:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 09:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 09:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 09:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 09:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 09:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 09:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 09:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 09:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 09:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 09:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 09:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 09:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 09:56 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 09:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 09:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 09:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 09:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 09:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 09:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 09:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 09:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 09:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 09:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2008-04-13 09:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 09:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-13 09:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-13 09:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys 2008-04-13 09:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys 2008-04-13 09:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys 2008-04-13 09:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys 2008-04-13 09:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys 2008-04-13 09:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys 2008-04-13 09:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys 2008-04-13 09:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys 2008-04-13 09:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys 2008-04-13 09:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys 2008-04-13 09:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62158D06-F3EE-46DC-9F5E-3A1F2103EA0B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97BEC563-264D-4DB8-8262-2322F953E63D}] C:\WINDOWS\system32\byXRlMgE.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDB12073-A1D9-4F02-B439-34868E178173}] C:\WINDOWS\system32\iifdcCRh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5BAF7EE-B81D-4DDF-ABD9-2B385641948C}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:22 15360] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2008-04-14 09:23 1695232] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 11:11 98304] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 11:13 114688] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 11:10 94208] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440] "RTHDCPL"="RTHDCPL.EXE" [2006-09-06 11:44 16262656 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "MGSysCtrl"="C:\Programfiler\LG Software\System Control Manager\MGSysCtrl.exe" [2006-07-17 14:46 544768] "NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 09:22 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Programfiler\\Java\\jre1.6.0_05\\bin\\javaw.exe"= "C:\\Programfiler\\Ares\\Ares.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-28 00:00] R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-06-22 02:09] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11] R2 NishService;Evil Driver Daemon;C:\Programfiler\LG Software\System Control Manager\edd.exe [2006-03-02 16:43] R3 MGHwCtrl;MGHwCtrl;C:\WINDOWS\system32\drivers\MGHwCtrl.sys [2005-03-10 09:56] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 14:00] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-01 16:07:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\agrsmsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe C:\Programfiler\HP\Digital Imaging\bin\hpqste08.exe . ************************************************************************** . Completion time: 2008-06-01 16:11:26 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-01 14:10:59 Pre-Run: 48,894,382,080 byte ledig Post-Run: 48,851,841,024 byte ledig 340 --- E O F --- 2008-06-01 13:07:31 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:14:47, on 01.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\Programfiler\LG Software\System Control Manager\edd.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\Programfiler\LG Software\System Control Manager\MGSysCtrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\KSA\Skrivebord\forfølg\HijackThis.exe C:\Documents and Settings\KSA\Skrivebord\forfølg\dfgdf.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {62158D06-F3EE-46DC-9F5E-3A1F2103EA0B} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {97BEC563-264D-4DB8-8262-2322F953E63D} - C:\WINDOWS\system32\byXRlMgE.dll (file missing) O2 - BHO: (no name) - {BDB12073-A1D9-4F02-B439-34868E178173} - C:\WINDOWS\system32\iifdcCRh.dll (file missing) O2 - BHO: (no name) - {F5BAF7EE-B81D-4DDF-ABD9-2B385641948C} - (no file) O4 - HKLM\..\Run: [egui] "C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MGSysCtrl] C:\Programfiler\LG Software\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programfiler\Ares\chatServer.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Evil Driver Daemon (NishService) - Unknown owner - C:\Programfiler\LG Software\System Control Manager\edd.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7709 bytes Endret 1. juni 2008 av Maranello Lenke til kommentar
norbat Skrevet 1. juni 2008 Del Skrevet 1. juni 2008 Bruk utforsker til å finne og slette (i fet): C:\WINDOWS\system32\agudtvxu.tmp Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: (no name) - {62158D06-F3EE-46DC-9F5E-3A1F2103EA0B} - (no file) O2 - BHO: (no name) - {97BEC563-264D-4DB8-8262-2322F953E63D} - C:\WINDOWS\system32\byXRlMgE.dll (file missing) O2 - BHO: (no name) - {BDB12073-A1D9-4F02-B439-34868E178173} - C:\WINDOWS\system32\iifdcCRh.dll (file missing) O2 - BHO: (no name) - {F5BAF7EE-B81D-4DDF-ABD9-2B385641948C} - (no file) Restart PC-en Fortell hvordan PC-en kjører (fortsatt popups ...?) Lenke til kommentar
Maranello Skrevet 1. juni 2008 Forfatter Del Skrevet 1. juni 2008 Takk for raskt svar! Finner ikke agudtvxu.tmp der du viser til, prøvd å søkt også... Prøver på det du sa! Lenke til kommentar
norbat Skrevet 1. juni 2008 Del Skrevet 1. juni 2008 Slå på "Vis skjulte filer og mapper" (kontrollpanel->mappealt.->vis) og se om du finner den da. Lenke til kommentar
Maranello Skrevet 1. juni 2008 Forfatter Del Skrevet 1. juni 2008 Slå på "Vis skjulte filer og mapper" (kontrollpanel->mappealt.->vis) og se om du finner den da. Fortsatt ingenting, men kjørte hjt og restartet, alt virker bra...så langt! Takk for god hjelp! Er disse programmene noe å ha videre, vil de forebygge nye angrep? Lenke til kommentar
norbat Skrevet 1. juni 2008 Del Skrevet 1. juni 2008 SAS er et meget godt antispy-program som jeg gjerne anbefaler å beholde. Combofix og Hjt er litt spesiellet program som kan lastes ned på nytt ved behov (og under veiledning). hjt fjerner du via legg til/fjern programmer + slett evt. programmappa Combofix fjerner du ved å skrive combofix /u i kjør-feltet (start->kjør) Før du fjerner combofix, kan vi se om ikke tidligere nevnte fil kan finnes og slette vha følgende måte: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\agudtvxu.tmp I loggen som lages kan du sjekke om fila er borte (se under feltet Files Created from 2008-05-01 to 2008-06-01) Lenke til kommentar
Maranello Skrevet 1. juni 2008 Forfatter Del Skrevet 1. juni 2008 Gjor som du sa, finner ikke filen i lista... Combofix ComboFix 08-05-29.1 - KSA 2008-06-01 17:41:37.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.597 [GMT 2:00] Running from: C:\Documents and Settings\KSA\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\KSA\Skrivebord\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\agudtvxu.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\agudtvxu.tmp . ((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))) . 2008-06-01 15:33 . 2008-06-01 15:33 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-01 15:33 . 2008-06-01 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-01 15:32 . 2008-06-01 15:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-06-01 15:32 . 2008-06-01 15:33 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\SUPERAntiSpyware.com 2008-06-01 15:31 . 2008-06-01 17:40 <DIR> dr-h----- C:\Documents and Settings\KSA\Siste 2008-06-01 15:28 . 2008-06-01 15:28 <DIR> d-------- C:\Programfiler\CCleaner 2008-06-01 13:35 . 2008-06-01 14:44 269 --a------ C:\WINDOWS\wininit.ini 2008-06-01 13:06 . 2008-06-01 16:00 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-06-01 13:06 . 2008-06-01 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-05-31 12:45 . 2008-05-31 12:45 <DIR> d-------- C:\Programfiler\Nero 2008-05-30 23:10 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll 2008-05-30 23:10 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB 2008-05-30 23:10 . 2008-05-30 23:10 0 --a------ C:\WINDOWS\Irremote.ini 2008-05-30 22:58 . 2008-05-30 22:58 <DIR> d-------- C:\Programfiler\NeroInstall.bak 2008-05-30 22:56 . 2008-05-30 22:56 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\Nero 2008-05-30 22:53 . 2008-05-31 12:48 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero 2008-05-30 22:53 . 2008-05-31 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2008-05-28 21:16 . 2008-05-28 21:16 <DIR> d-------- C:\Programfiler\uTorrent 2008-05-28 21:16 . 2008-05-31 13:24 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\uTorrent 2008-05-25 15:41 . 2008-05-25 15:41 17,144 --a------ C:\Documents and Settings\KSA\Programdata\GDIPFONTCACHEV1.DAT 2008-05-22 10:35 . 2008-05-22 10:35 <DIR> d-------- C:\Programfiler\Ares 2008-05-22 10:28 . 2008-05-22 10:33 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\Ares Galaxy Professional 2008-05-15 18:23 . 2008-05-15 18:23 <DIR> d-------- C:\Programfiler\LG Software 2008-05-15 18:23 . 2006-07-13 10:30 98,304 --a------ C:\WINDOWS\system32\MGHwCtrl.dll 2008-05-15 18:23 . 2004-11-02 11:08 32,768 --a------ C:\WINDOWS\system32\MGFPCtrl.dll 2008-05-15 18:23 . 2004-08-03 16:01 24,576 --a------ C:\WINDOWS\system32\MGPwrShm.dll 2008-05-15 18:23 . 2005-04-28 15:35 23,040 --a------ C:\WINDOWS\system32\MGFPMCE.dll 2008-05-15 18:23 . 2005-03-10 09:56 20,128 --a------ C:\WINDOWS\system32\drivers\MGHwCtrl.sys 2008-05-15 17:39 . 2008-05-15 18:24 <DIR> d-------- C:\Programfiler\EzManual 2008-05-14 23:24 . 2008-05-15 00:04 <DIR> d-------- C:\Programfiler\PhotomatixPro3 2008-05-14 23:23 . 2008-05-14 23:24 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-05-14 20:52 . 2008-05-14 20:54 <DIR> d-------- C:\Programfiler\CLUE 2008-05-14 19:26 . 2008-05-14 20:02 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\FrostWire 2008-05-14 19:25 . 2008-05-22 10:27 <DIR> d-------- C:\Programfiler\FrostWire 2008-05-14 19:09 . 2008-05-14 19:09 <DIR> d-------- C:\Programfiler\Bit Che 2008-05-14 19:09 . 2008-05-14 19:09 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\Convivea 2008-05-14 19:09 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX 2008-05-14 19:09 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\mswinsck.ocx 2008-05-14 18:52 . 2008-05-14 19:22 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\LimeWire 2008-05-14 18:51 . 2008-05-14 18:51 <DIR> d-------- C:\WINDOWS\Sun 2008-05-14 18:51 . 2008-05-14 18:51 <DIR> d-------- C:\Programfiler\Java 2008-05-14 18:51 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-14 18:50 . 2008-05-14 18:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-05-12 22:19 . 2008-05-12 22:19 <DIR> d-------- C:\Programfiler\Fellesfiler\HP 2008-05-12 22:19 . 2008-05-12 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\HP 2008-05-12 22:17 . 2008-05-12 22:17 <DIR> d-------- C:\Programfiler\Fellesfiler\Hewlett-Packard 2008-05-12 22:15 . 2008-05-12 22:15 <DIR> d-------- C:\Program Files 2008-05-12 22:15 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-05-12 22:15 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2008-05-12 22:15 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2008-05-12 22:15 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2008-05-12 22:15 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2008-05-12 22:15 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2008-05-12 22:15 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2008-05-12 22:12 . 2008-05-12 22:41 <DIR> d-------- C:\Programfiler\HP 2008-05-12 22:10 . 2008-05-12 22:10 <DIR> d-------- C:\Documents and Settings\KSA\Programdata\HP 2008-05-12 22:10 . 2008-05-12 22:29 111,851 --a------ C:\WINDOWS\hpoins07.dat 2008-05-12 22:10 . 2005-03-08 06:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2008-05-12 22:10 . 2005-05-24 07:41 21,124 --------- C:\WINDOWS\hpomdl07.dat 2008-05-12 22:10 . 2005-03-08 06:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2008-05-12 22:09 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-05-12 22:09 . 2008-04-13 11:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-05-12 22:09 . 2005-03-08 06:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys 2008-05-12 22:05 . 2005-04-08 03:51 606,208 -ra------ C:\WINDOWS\system32\hpotscl.dll 2008-05-12 22:05 . 2005-04-08 03:51 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll 2008-05-12 22:05 . 2005-03-08 06:39 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll 2008-05-12 22:05 . 2005-04-08 03:51 258,122 -ra------ C:\WINDOWS\system32\hpovst08.dll 2008-05-12 22:05 . 2008-04-13 11:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-05-12 22:05 . 2008-04-13 11:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-05-12 22:05 . 2008-05-29 23:19 156 --a------ C:\WINDOWS\Twunk001.MTX 2008-05-12 22:05 . 2008-05-29 23:19 4 --a------ C:\WINDOWS\Twain001.Mtx 2008-05-12 22:05 . 2008-05-12 22:05 0 --a------ C:\WINDOWS\Twunk002.MTX 2008-05-12 22:04 . 2008-04-13 11:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-05-12 22:04 . 2008-04-13 11:45 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-05-12 20:56 . 2008-05-12 20:56 <DIR> d-------- C:\Programfiler\Bonjour 2008-05-12 20:55 . 2008-05-12 20:55 <DIR> d-------- C:\WINDOWS\EHome 2008-05-12 20:45 . 2008-05-12 20:45 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2008-05-12 20:43 . 2008-05-15 17:12 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-05-12 20:35 . 2008-05-12 20:35 382 --a------ C:\WINDOWS\ODBC.INI 2008-05-12 20:34 . 2008-05-12 20:34 <DIR> d-------- C:\WINDOWS\ShellNew 2008-05-12 20:34 . 2008-05-12 20:34 <DIR> d-------- C:\Programfiler\Microsoft ActiveSync 2008-05-12 20:22 . 2008-05-12 20:22 <DIR> d--hs---- C:\Documents and Settings\KSA\UserData 2008-05-12 20:13 . 2008-05-12 20:13 <DIR> d-------- C:\Programfiler\Intel 2008-05-12 20:11 . 2008-05-12 20:11 <DIR> d-------- C:\Programfiler\DIFX 2008-05-12 20:11 . 2006-04-07 06:58 2,633,728 -ra------ C:\WINDOWS\system32\w39MLRes.dll 2008-05-12 20:11 . 2006-04-04 12:17 1,429,632 -ra------ C:\WINDOWS\system32\drivers\w39n51.sys 2008-05-12 20:11 . 2006-04-07 06:58 491,520 -ra------ C:\WINDOWS\system32\w39NCPA.dll 2008-05-12 20:10 . 2008-05-12 20:26 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-05-12 20:09 . 2002-05-11 12:14 203,976 --------- C:\WINDOWS\system32\richtx32.ocx 2008-05-12 20:09 . 1998-07-22 00:00 102,912 --------- C:\WINDOWS\system32\Vb6stkit.dll 2008-05-12 20:09 . 2002-05-11 12:14 102,160 --------- C:\WINDOWS\system32\VB6KO.DLL 2008-05-12 20:09 . 1998-04-24 00:00 83,552 --------- C:\WINDOWS\system32\GAPI32.DLL 2008-05-12 20:09 . 2001-08-29 21:00 59,904 --a------ C:\WINDOWS\system32\wbemdisp.tlb 2008-05-12 20:09 . 1998-07-22 00:00 30,720 --------- C:\WINDOWS\system32\Rchtxko.dll 2008-05-12 20:09 . 1998-07-22 00:00 13,824 --------- C:\WINDOWS\system32\INETKO.DLL 2008-05-12 20:09 . 1998-07-22 00:00 9,728 --------- C:\WINDOWS\system32\SYSINKO.DLL 2008-05-12 20:09 . 2002-11-21 18:56 1,764 --------- C:\WINDOWS\system32\IOBJSAFE.TLB 2008-05-12 20:08 . 2008-05-15 18:26 <DIR> d--h----- C:\Programfiler\InstallShield Installation Information 2008-05-12 20:08 . 2008-05-15 18:26 <DIR> d-------- C:\Programfiler\Fellesfiler\InstallShield 2008-05-12 20:08 . 2008-05-15 18:26 0 --a------ C:\WINDOWS\lgcenter.ini 2008-05-12 20:06 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg 2008-05-12 20:06 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-05-12 20:05 . 2008-05-12 20:05 <DIR> d-------- C:\Programfiler\ESET 2008-05-12 20:05 . 2008-05-12 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ESET 2008-05-12 20:01 . 2008-05-12 21:33 <DIR> dr------- C:\Documents and Settings\KSA\Start-meny 2008-05-12 20:01 . 2008-05-12 21:33 <DIR> d--h----- C:\Documents and Settings\KSA\Skrivere 2008-05-12 20:01 . 2008-06-01 17:41 <DIR> d-------- C:\Documents and Settings\KSA\Skrivebord 2008-05-12 20:01 . 2008-06-01 15:32 <DIR> d--h----- C:\Documents and Settings\KSA\Programdata 2008-05-12 20:01 . 2008-05-14 20:44 <DIR> dr------- C:\Documents and Settings\KSA\Mine dokumenter 2008-05-12 20:01 . 2008-05-14 17:21 <DIR> d--h----- C:\Documents and Settings\KSA\Maler 2008-05-12 20:01 . 2008-05-12 21:33 <DIR> d--h----- C:\Documents and Settings\KSA\Lokale innstillinger 2008-05-12 20:01 . 2008-06-01 15:30 <DIR> dr------- C:\Documents and Settings\KSA\Favoritter 2008-05-12 20:01 . 2008-05-12 21:33 <DIR> d--h----- C:\Documents and Settings\KSA\AndrMask 2008-05-12 20:01 . 2008-06-01 15:31 <DIR> d-------- C:\Documents and Settings\KSA 2008-05-12 20:00 . 2008-05-12 20:00 <DIR> d---s---- C:\WINDOWS\system32\Microsoft 2008-05-12 20:00 . 2008-05-12 20:00 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata 2008-05-12 20:00 . 2008-06-01 17:43 <DIR> d--h----- C:\Documents and Settings\LocalService\Lokale innstillinger 2008-05-12 20:00 . 2008-05-12 20:00 <DIR> d--hs---- C:\Documents and Settings\LocalService . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-12 19:15 --------- d-----w C:\Programfiler\Realtek 2008-05-12 19:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-05-12 17:56 --------- d-----w C:\Programfiler\microsoft frontpage 2008-05-12 17:54 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-05-12 17:53 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-04-14 07:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 07:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 07:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 07:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 07:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll 2008-04-14 07:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll 2008-04-14 07:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll 2008-04-14 07:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll 2008-04-14 07:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll 2008-04-14 07:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll 2008-04-14 07:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll 2008-04-14 06:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 06:56 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 06:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 06:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 06:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 06:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 06:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 06:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 06:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 06:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 06:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 06:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 06:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 06:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 06:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 06:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 06:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 06:47 2,949,120 ----a-w C:\WINDOWS\system32\wmploc.dll 2008-04-14 06:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 06:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 06:45 167,424 ----a-w C:\WINDOWS\system32\wmerror.dll 2008-04-14 06:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 06:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 06:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 06:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 06:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 06:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 06:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 06:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 06:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 06:40 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-04-14 06:40 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys 2008-04-14 06:39 8,192 ----a-w C:\WINDOWS\system32\asferror.dll 2008-04-14 06:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 06:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 06:39 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-14 06:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 06:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 06:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-13 10:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 10:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 10:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 10:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 10:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 10:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 10:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 10:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 10:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 10:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 10:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 10:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 10:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 10:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 10:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 10:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 10:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 10:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 10:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 10:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 10:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 10:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 09:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 09:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 09:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 09:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 09:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 09:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 09:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 09:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 09:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 09:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 09:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 09:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 09:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 09:56 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 09:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 09:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 09:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 09:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 09:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 09:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 09:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 09:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 09:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-01_16.10.49.54 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-01 14:06:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-01 15:13:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:22 15360] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2008-04-14 09:23 1695232] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 11:11 98304] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 11:13 114688] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 11:10 94208] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440] "RTHDCPL"="RTHDCPL.EXE" [2006-09-06 11:44 16262656 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "MGSysCtrl"="C:\Programfiler\LG Software\System Control Manager\MGSysCtrl.exe" [2006-07-17 14:46 544768] "NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 09:22 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Programfiler\\Java\\jre1.6.0_05\\bin\\javaw.exe"= "C:\\Programfiler\\Ares\\Ares.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-28 00:00] R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-06-22 02:09] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11] R2 NishService;Evil Driver Daemon;C:\Programfiler\LG Software\System Control Manager\edd.exe [2006-03-02 16:43] R3 MGHwCtrl;MGHwCtrl;C:\WINDOWS\system32\drivers\MGHwCtrl.sys [2005-03-10 09:56] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 14:00] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-01 17:44:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-01 17:45:08 ComboFix-quarantined-files.txt 2008-06-01 15:44:59 ComboFix2.txt 2008-06-01 14:11:26 Pre-Run: 48,798,986,240 byte ledig Post-Run: 48,808,099,840 byte ledig 319 --- E O F --- 2008-06-01 13:07:31 Lenke til kommentar
norbat Skrevet 1. juni 2008 Del Skrevet 1. juni 2008 (endret) Du fant den ikke i lista fordi combofix fjernet den Da kan du fjerne combofix Surf trygt. Endret 1. juni 2008 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå