slippern Skrevet 2. juni 2008 Del Skrevet 2. juni 2008 Var så smart å trykke på en youtube link, så selvfølgelig ikke på domene formularet. men var rask med å avslutte msn å opera når jeg forstod hva jeg hadde gjort. Så langt har jeg skannet med Norman, KasperSky Online Scanner og SUPERAntiSpyware, og Hijack this. Ikke funnet noe så langt. her er loggen fra hijackthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:50:00, on 02.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\SYSTEM32\DWRCST.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe D:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe D:\Programfiler\ComAgent\ComAgent.exe D:\Programfiler\TechSmith\SnagIt 8\SnagIt32.exe D:\Programfiler\TechSmith\SnagIt 8\TSCHelp.exe D:\Programfiler\TechSmith\SnagIt 8\SnagPriv.exe C:\Programfiler\MSN Messenger\usnsvc.exe D:\Programfiler\mIRC\mirc.exe C:\DOCUME~1\TORD~1.KRI\LOKALE~1\Temp\FPSoftware\ZF.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\uTorrent\uTorrent.exe D:\Programfiler\totalcmd\TOTALCMD.EXE C:\WINDOWS\ehSched.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\NORMAN\npm\bin\Zanda.exe D:\Programfiler\Opera\opera.exe C:\NORMAN\Npm\bin\ELOGSVC.EXE C:\NORMAN\Npm\bin\NJEEVES.EXE C:\NORMAN\Nvc\bin\nvcoas.exe C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.no R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fk003:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = e-torg.no.ihost.com;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Programfiler\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Programfiler\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows UDP Control Center] ehSched.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ComAgent.lnk = D:\Programfiler\ComAgent\ComAgent.exe O4 - Global Startup: SnagIt 8.lnk = D:\Programfiler\TechSmith\SnagIt 8\SnagIt32.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: Helpdesk - {71F62ED1-59FC-471A-84B0-F6E754C172D1} - http://fk008/MRcgi/MRentrancePage.pl (file missing) (HKCU) O16 - DPF: iLO 2 Remote Console Applet - https://82.148.144.132/dvc.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fauske.lokalt O17 - HKLM\Software\..\Telephony: DomainName = fauske.lokalt O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fauske.lokalt O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fauske.lokalt O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fauske.lokalt O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\NORMAN\Npm\bin\ELOGSVC.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NBService - Nero AG - D:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\NORMAN\Npm\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE -- End of file - 8845 bytes Lenke til kommentar
norbat Skrevet 2. juni 2008 Del Skrevet 2. juni 2008 Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Bartin Skrevet 2. juni 2008 Del Skrevet 2. juni 2008 (endret) youtube.glx.***/watchv/=LJTwgF9BSYk-youtube.com .. Den linken? Klarte heldigvis å ikke trykke Endret 2. juni 2008 av Skagen Fjernet URL-taggen i lenken og delvis sensurerte domenet. Lenke til kommentar
Kristian. Skrevet 2. juni 2008 Del Skrevet 2. juni 2008 Fikk den av 4 stk.... nesten samtidig her nå... Lenke til kommentar
slippern Skrevet 3. juni 2008 Forfatter Del Skrevet 3. juni 2008 Ja en sånn rar link. youtube.zn.xl eller noe sånt Lenke til kommentar
slippern Skrevet 3. juni 2008 Forfatter Del Skrevet 3. juni 2008 Her er loggen. ComboFix 08-06-01.6 - tord.kristensen 2008-06-03 8:12:47.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1182 [GMT 2:00] Running from: C:\Documents and Settings\tord.kristensen\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\tord.kristensen\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS.exe C:\WINDOWS\059573.exe C:\WINDOWS\203937.exe C:\WINDOWS\images.zip C:\WINDOWS\scvhost.exe . ((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))) . 2008-06-02 23:36 . 2008-06-02 23:36 174,592 --a------ C:\WINDOWS\seeshost.exe 2008-06-02 23:19 . 2008-06-02 23:24 61,444 --a------ C:\WINDOWS\sshost.exe 2008-06-02 18:34 . 2008-06-02 19:19 65,536 --a------ C:\WINDOWS\sysys.exe 2008-06-02 15:49 . 2008-06-02 15:49 <DIR> d-------- C:\Programfiler\Trend Micro 2008-06-02 15:48 . 2008-06-02 15:48 <DIR> d-------- C:\Documents and Settings\LocalService\Start-meny 2008-06-02 15:48 . 2008-02-11 14:56 19,512 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys 2008-06-02 15:44 . 2008-06-02 15:44 <DIR> d-------- C:\WINDOWS\PushWiz 2008-06-02 15:44 . 2008-06-02 15:48 <DIR> d-------- C:\NORMAN 2008-06-02 15:39 . 2008-06-02 15:39 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-02 15:39 . 2008-06-02 15:39 <DIR> d-------- C:\WINDOWS\LastGood 2008-06-02 15:39 . 2008-06-02 15:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab 2008-06-02 15:38 . 2008-06-02 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-02 15:37 . 2008-06-02 15:37 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-02 15:37 . 2008-06-02 15:37 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\SUPERAntiSpyware.com 2008-06-02 15:35 . 2008-06-02 15:35 53,252 -r-hs---- C:\WINDOWS\ehSched.exe 2008-06-02 14:24 . 2008-06-02 14:55 <DIR> d-------- C:\Programfiler\BDD 2007 2008-06-02 11:32 . 2008-06-02 11:32 <DIR> d-------- C:\Programfiler\MSXML 6.0 2008-05-29 16:29 . 2008-05-29 16:31 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\VMware 2008-05-29 16:29 . 2008-05-29 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\VMware 2008-05-27 11:53 . 2008-05-27 11:53 73 --a------ C:\WINDOWS\EurekaLog.ini 2008-05-27 09:39 . 2008-05-27 09:39 <DIR> d-------- C:\Programfiler\Runtime Software 2008-05-26 08:58 . 2008-05-26 08:58 <DIR> d-------- C:\Programfiler\QuickTime 2008-05-26 08:09 . 2008-05-29 12:48 <DIR> d-------- C:\WINDOWS\AutoLogin 2008-05-26 08:08 . 2008-05-26 08:08 <DIR> d-------- C:\WINDOWS\FPSoftware 2008-05-23 12:14 . 2008-05-23 12:14 <DIR> d-------- C:\Programfiler\JGsoft 2008-05-23 12:14 . 2008-05-23 12:14 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\JGsoft 2008-05-23 12:14 . 2008-01-17 03:00 67,208 --a------ C:\WINDOWS\UnDeploy.exe 2008-05-21 11:13 . 2008-05-21 11:13 <DIR> d-------- C:\WINDOWS\Sun 2008-05-21 08:39 . 2008-05-21 08:39 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-05-21 08:39 . 2008-04-14 18:22 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-21 08:38 . 2008-05-21 08:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-05-21 08:38 . 2008-05-21 08:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-05-21 08:13 . 2008-04-25 19:41 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll 2008-05-20 13:52 . 1995-03-03 06:00 92,576 --a------ C:\WINDOWS\system\ODBCINST.DLL 2008-05-20 13:52 . 1995-03-03 06:00 56,240 --a------ C:\WINDOWS\system\ODBC.DLL 2008-05-20 13:52 . 2008-05-20 13:54 105 --a------ C:\WINDOWS\odbc.ini 2008-05-20 13:06 . 2008-06-02 12:21 9,906 --a------ C:\WINDOWS\IST.INI 2008-05-16 10:35 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-16 10:34 . 2008-05-16 10:35 <DIR> d-------- C:\Programfiler\Java 2008-05-16 10:34 . 2008-05-16 10:34 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-05-16 10:25 . 2008-05-16 10:25 62 --a------ C:\WINDOWS\ericsson.ini 2008-05-08 14:06 . 2008-05-08 14:06 51,300 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-05-08 10:11 . 2008-05-08 10:11 <DIR> d-------- C:\WINDOWS\system32\no 2008-05-08 10:11 . 2008-05-08 10:11 <DIR> d-------- C:\WINDOWS\system32\bits 2008-05-08 10:11 . 2008-05-08 10:11 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-08 10:10 . 2008-05-08 10:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-05-08 10:02 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-05-07 16:30 . 2008-05-22 15:14 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-05-07 12:31 . 2008-05-22 14:32 <DIR> d-------- C:\temp 2008-05-07 12:31 . 2008-05-22 14:32 652 --a------ C:\WINDOWS\concept.ini 2008-05-07 12:31 . 2008-05-07 12:33 351 --a------ C:\WINDOWS\UqAnsatt.ini 2008-05-06 03:00 . 2008-05-06 03:00 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-05-05 12:57 . 2008-05-05 12:57 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared 2008-05-05 12:57 . 2008-05-05 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Adobe Systems 2008-05-05 11:32 . 2008-05-05 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-05-05 11:25 . 2008-05-16 09:06 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\Ahead 2008-05-05 11:25 . 2008-05-05 11:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Ahead 2008-05-05 11:23 . 2008-05-05 11:24 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead 2008-05-05 11:23 . 2008-05-05 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2008-05-05 11:23 . 1998-03-10 01:00 42,496 --a------ C:\WINDOWS\ttuninst.exe 2008-05-05 11:01 . 2008-05-05 11:01 <DIR> d-------- C:\Programfiler\Bonjour 2008-05-05 10:58 . 2008-05-05 10:58 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2008-05-05 10:55 . 2008-06-02 09:33 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-05-05 10:39 . 2008-05-05 10:39 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\DAEMON Tools 2008-05-05 10:39 . 2008-05-05 10:39 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-03 06:06 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\uTorrent 2008-06-02 19:35 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\mIRC 2008-06-02 13:37 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-27 07:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-05-26 07:05 214 ----a-w C:\home.reg 2008-05-21 06:27 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-05-20 10:03 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\DameWare Development 2008-05-16 15:34 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\MySQL 2008-05-08 08:18 --------- d-----w C:\Programfiler\MSN Messenger 2008-04-30 13:10 --------- d-----w C:\Programfiler\Intel 2008-04-30 13:10 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\InstallShield 2008-04-25 17:41 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-04-25 10:00 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\Alt-N 2008-04-25 09:59 --------- d-----w C:\Programfiler\Alt-N Technologies 2008-04-25 08:22 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\Subversion 2008-04-25 08:01 --------- d--h--w C:\Programfiler\Zero G Registry 2008-04-25 07:15 --------- d-----w C:\Programfiler\uTorrent 2008-04-25 07:08 454,656 ----a-w C:\WINDOWS\system32\putty.exe 2008-04-23 14:51 --------- d-----w C:\Programfiler\MSBuild 2008-04-23 14:51 --------- d-----w C:\Programfiler\Microsoft Works 2008-04-23 14:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\TechSmith 2008-04-23 14:28 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\ComAgent 2008-04-23 13:33 --------- d-----w C:\Documents and Settings\administrator\Programdata\ComAgent 2008-04-23 11:30 --------- d-----w C:\Programfiler\Realtek 2008-04-23 11:30 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-04-23 11:21 --------- d-----w C:\Programfiler\ATI Technologies 2008-04-23 11:21 --------- d-----w C:\Programfiler\ATI 2008-04-23 10:20 --------- d-----w C:\Programfiler\microsoft frontpage 2008-04-23 10:19 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-04-23 10:18 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 16:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll 2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll 2008-04-14 16:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll 2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll 2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll 2008-04-14 16:19 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll 2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll 2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 15:50 14,592 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys 2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 15:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-14 07:23 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 07:22 987,136 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 07:22 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "DAEMON Tools Lite"="D:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 14:27 16207872 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 12:46 135168] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 12:46 159744] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 12:46 131072] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "DameWare MRC Agent"="C:\WINDOWS\system32\DWRCST.exe" [2008-02-19 15:40 78848] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "Windows UDP Control Center"="ehSched.exe" [2008-06-02 15:35 53252 C:\WINDOWS\ehSched.exe] "Norman ZANDA"="C:\NORMAN\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352] "Nod32 Runtime"="sysregi.exe" [2008-04-14 18:22 174592 C:\WINDOWS\system32\sysregi.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Nod32 Runtime"="sysregi.exe" [2008-04-14 18:22 174592 C:\WINDOWS\system32\sysregi.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] C:\Documents and Settings\tord.kristensen\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ ComAgent.lnk - D:\Programfiler\ComAgent\ComAgent.exe [2008-04-23 15:33:10 1236992] SnagIt 8.lnk - D:\Programfiler\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-16 18:40:52 6379080] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "ForceStartMenuLogOff"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1177238915-630328440-1801674531-3369\Scripts\Logon\0\0] "Script"=\\fauske.lokalt\SysVol\fauske.lokalt\scripts\logon.cmd [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "D:\\Programfiler\\mIRC\\mirc.exe"= "D:\\Programfiler\\Zend Studio\\ZendStudio.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;C:\WINDOWS\system32\DRIVERS\dwvkbd.sys [2007-02-15 20:00] R2 Ndiskio;Ndiskio;C:\NORMAN\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R3 DwMirror;DwMirror;C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [2007-02-07 20:00] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56] R3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\bin\nvcoas.exe [2007-12-12 11:45] R3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23] *Newly Created Service* - CATCHME *Newly Created Service* - ELOGGERSVC6 *Newly Created Service* - NDISKIO *Newly Created Service* - NORMAN_NJEEVES *Newly Created Service* - NORMAN_ZANDA *Newly Created Service* - NVCMFLT *Newly Created Service* - NVCOAS *Newly Created Service* - NVCSCHEDULER *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-03 08:14:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tsd32.dll . Completion time: 2008-06-03 8:15:13 ComboFix-quarantined-files.txt 2008-06-03 06:15:08 Pre-Run: 4,193,038,336 byte ledig Post-Run: 5,939,130,368 byte ledig 281 --- E O F --- 2008-05-22 01:00:40 Lenke til kommentar
Kristian. Skrevet 3. juni 2008 Del Skrevet 3. juni 2008 Har du ikke så mye viktig "data" på den, så er nok Formatering det letteste... Lenke til kommentar
Krillekongen Skrevet 3. juni 2008 Del Skrevet 3. juni 2008 har fått den linken av 5 folk nå. bare jenter, høhø Lenke til kommentar
norbat Skrevet 3. juni 2008 Del Skrevet 3. juni 2008 Gå til nettstedet jotti og last opp følgende fil for sjekk: C:\WINDOWS\ehSched.exe Hvilket resultat får du på fila? Åpne notisblokk og kopier inn det som står i fet skrift under. Lagre fila som CFScript og legg den på skrivebordet. Dra fila over combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\seeshost.exe C:\WINDOWS\sshost.exe C:\WINDOWS\sysys.exe Post ny combofix-logg + gi tilbakemelding på ehSched.exe. Lenke til kommentar
slippern Skrevet 3. juni 2008 Forfatter Del Skrevet 3. juni 2008 Har du ikke så mye viktig "data" på den, så er nok Formatering det letteste... vil helst unngå å formatere den da. men mulig at problemet er løst da... fikk seff linken fra en venn jeg stoler på fra folk i msn listen som jeg sjelden får linker fra åpner jeg aldri da.. Lenke til kommentar
norbat Skrevet 3. juni 2008 Del Skrevet 3. juni 2008 Du skal slippe å formatere pga. dette. Men for å komme videre er det viktig at du gir tilbakemelding på bla C:\WINDOWS\ehSched.exe Lenke til kommentar
slippern Skrevet 3. juni 2008 Forfatter Del Skrevet 3. juni 2008 (endret) Trojanere i masse vis på ehSched.exe F-Secure Anti-Virus Found Trojan.Win32.VB.dcu Ikarus Found VirTool.Win32.VBInject.C Kaspersky Anti-Virus Found Trojan.Win32.VB.dcu C:\WINDOWS\seeshost.exe C:\WINDOWS\sshost.exe C:\WINDOWS\sysys.exe di tre filene er ok! Endret 3. juni 2008 av slippern Lenke til kommentar
norbat Skrevet 3. juni 2008 Del Skrevet 3. juni 2008 (endret) Fint, takk for tilbakemeldingen Da blir CFScript-fila slik: File:: C:\WINDOWS\seeshost.exe C:\WINDOWS\sshost.exe C:\WINDOWS\sysys.exe C:\WINDOWS\ehSched.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows UDP Control Center"=- "Nod32 Runtime"=- Endret 3. juni 2008 av norbat Lenke til kommentar
slippern Skrevet 3. juni 2008 Forfatter Del Skrevet 3. juni 2008 Har scannet med norman også. den sier at c:\a.bat er virus.. WinREG.A trojaner Lenke til kommentar
norbat Skrevet 3. juni 2008 Del Skrevet 3. juni 2008 Ja, hvia a.bat ligger på PC-en, så skal denne vekk (klarte ikke å se denne fila i loggen, men...) Uansett, lag CFScript-fila som nevnt over. De tre filene som du sier er ok, skal vekk! Lenke til kommentar
slippern Skrevet 3. juni 2008 Forfatter Del Skrevet 3. juni 2008 hva skal den filen lagre som? skal den lagres som .CFScript eller .CFS? File:: C:\WINDOWS\seeshost.exe C:\WINDOWS\sshost.exe C:\WINDOWS\sysys.exe C:\WINDOWS\ehSched.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows UDP Control Center"=- "Nod32 Runtime"=- Lenke til kommentar
norbat Skrevet 3. juni 2008 Del Skrevet 3. juni 2008 Når du lagrer fila med notisblokk, vil den hete CFScript.txt Lenke til kommentar
slippern Skrevet 3. juni 2008 Forfatter Del Skrevet 3. juni 2008 ja. men skal ikke scriptet kjøres eller? Lenke til kommentar
r2d290 Skrevet 3. juni 2008 Del Skrevet 3. juni 2008 (endret) Du skal gjøre som på bildet under. Flytte CFScript.txt bort til combofix, og da vil combofix starte, og hente info fra CFScript. ...også husker du å poste combofix-logg etterpå Endret 3. juni 2008 av r2d290 Lenke til kommentar
slippern Skrevet 3. juni 2008 Forfatter Del Skrevet 3. juni 2008 Sånn. ComboFix 08-06-01.6 - tord.kristensen 2008-06-03 14:12:40.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1306 [GMT 2:00] Running from: C:\Documents and Settings\tord.kristensen\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\tord.kristensen\Skrivebord\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\ehSched.exe C:\WINDOWS\seeshost.exe C:\WINDOWS\sshost.exe C:\WINDOWS\sysys.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\ehSched.exe C:\WINDOWS\images.zip C:\WINDOWS\scvhost.exe . ((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))) . 2008-06-03 13:49 . 2008-06-03 13:49 214 --a------ C:\home.reg 2008-06-03 12:07 . 2008-06-03 12:07 <DIR> d-------- C:\Documents and Settings\Administrator.FK15-12 2008-06-02 15:49 . 2008-06-02 15:49 <DIR> d-------- C:\Programfiler\Trend Micro 2008-06-02 15:48 . 2008-06-02 15:48 <DIR> d-------- C:\Documents and Settings\LocalService\Start-meny 2008-06-02 15:48 . 2008-02-11 14:56 19,512 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys 2008-06-02 15:44 . 2008-06-02 15:44 <DIR> d-------- C:\WINDOWS\PushWiz 2008-06-02 15:44 . 2008-06-03 13:42 <DIR> d-------- C:\NORMAN 2008-06-02 15:39 . 2008-06-02 15:39 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-02 15:39 . 2008-06-02 15:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab 2008-06-02 15:38 . 2008-06-02 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-02 15:37 . 2008-06-02 15:37 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-02 15:37 . 2008-06-02 15:37 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\SUPERAntiSpyware.com 2008-06-02 14:24 . 2008-06-02 14:55 <DIR> d-------- C:\Programfiler\BDD 2007 2008-06-02 11:32 . 2008-06-02 11:32 <DIR> d-------- C:\Programfiler\MSXML 6.0 2008-05-29 16:29 . 2008-05-29 16:31 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\VMware 2008-05-29 16:29 . 2008-05-29 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\VMware 2008-05-27 11:53 . 2008-05-27 11:53 73 --a------ C:\WINDOWS\EurekaLog.ini 2008-05-27 09:39 . 2008-05-27 09:39 <DIR> d-------- C:\Programfiler\Runtime Software 2008-05-26 08:58 . 2008-05-26 08:58 <DIR> d-------- C:\Programfiler\QuickTime 2008-05-26 08:09 . 2008-05-29 12:48 <DIR> d-------- C:\WINDOWS\AutoLogin 2008-05-26 08:08 . 2008-05-26 08:08 <DIR> d-------- C:\WINDOWS\FPSoftware 2008-05-23 12:14 . 2008-05-23 12:14 <DIR> d-------- C:\Programfiler\JGsoft 2008-05-23 12:14 . 2008-05-23 12:14 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\JGsoft 2008-05-23 12:14 . 2008-01-17 03:00 67,208 --a------ C:\WINDOWS\UnDeploy.exe 2008-05-21 11:13 . 2008-05-21 11:13 <DIR> d-------- C:\WINDOWS\Sun 2008-05-21 08:39 . 2008-05-21 08:39 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-05-21 08:39 . 2008-04-14 18:22 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-21 08:38 . 2008-05-21 08:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-05-21 08:38 . 2008-05-21 08:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-05-21 08:13 . 2008-04-25 19:41 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll 2008-05-20 13:52 . 1995-03-03 06:00 92,576 --a------ C:\WINDOWS\system\ODBCINST.DLL 2008-05-20 13:52 . 1995-03-03 06:00 56,240 --a------ C:\WINDOWS\system\ODBC.DLL 2008-05-20 13:52 . 2008-05-20 13:54 105 --a------ C:\WINDOWS\odbc.ini 2008-05-20 13:06 . 2008-06-02 12:21 9,906 --a------ C:\WINDOWS\IST.INI 2008-05-16 10:35 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-16 10:34 . 2008-05-16 10:35 <DIR> d-------- C:\Programfiler\Java 2008-05-16 10:34 . 2008-05-16 10:34 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-05-16 10:25 . 2008-05-16 10:25 62 --a------ C:\WINDOWS\ericsson.ini 2008-05-08 14:06 . 2008-05-08 14:06 51,300 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-05-08 10:11 . 2008-05-08 10:11 <DIR> d-------- C:\WINDOWS\system32\no 2008-05-08 10:11 . 2008-05-08 10:11 <DIR> d-------- C:\WINDOWS\system32\bits 2008-05-08 10:11 . 2008-05-08 10:11 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-08 10:10 . 2008-05-08 10:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-05-08 10:02 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-05-07 16:30 . 2008-05-22 15:14 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-05-07 12:31 . 2008-05-22 14:32 <DIR> d-------- C:\temp 2008-05-07 12:31 . 2008-05-22 14:32 652 --a------ C:\WINDOWS\concept.ini 2008-05-07 12:31 . 2008-05-07 12:33 351 --a------ C:\WINDOWS\UqAnsatt.ini 2008-05-06 03:00 . 2008-05-06 03:00 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-05-05 12:57 . 2008-05-05 12:57 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared 2008-05-05 12:57 . 2008-05-05 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Adobe Systems 2008-05-05 11:32 . 2008-05-05 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-05-05 11:25 . 2008-05-16 09:06 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\Ahead 2008-05-05 11:25 . 2008-05-05 11:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Ahead 2008-05-05 11:23 . 2008-05-05 11:24 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead 2008-05-05 11:23 . 2008-05-05 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2008-05-05 11:23 . 1998-03-10 01:00 42,496 --a------ C:\WINDOWS\ttuninst.exe 2008-05-05 11:01 . 2008-05-05 11:01 <DIR> d-------- C:\Programfiler\Bonjour 2008-05-05 10:58 . 2008-05-05 10:58 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2008-05-05 10:55 . 2008-06-02 09:33 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-05-05 10:39 . 2008-05-05 10:39 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\DAEMON Tools 2008-05-05 10:39 . 2008-05-05 10:39 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-03 10:04 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\mIRC 2008-06-03 06:25 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\uTorrent 2008-06-02 13:37 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-27 07:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-05-21 06:27 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-05-20 10:03 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\DameWare Development 2008-05-16 15:34 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\MySQL 2008-05-08 08:18 --------- d-----w C:\Programfiler\MSN Messenger 2008-04-30 13:10 --------- d-----w C:\Programfiler\Intel 2008-04-30 13:10 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\InstallShield 2008-04-25 17:41 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-04-25 10:00 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\Alt-N 2008-04-25 09:59 --------- d-----w C:\Programfiler\Alt-N Technologies 2008-04-25 08:22 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\Subversion 2008-04-25 08:01 --------- d--h--w C:\Programfiler\Zero G Registry 2008-04-25 07:15 --------- d-----w C:\Programfiler\uTorrent 2008-04-25 07:08 454,656 ----a-w C:\WINDOWS\system32\putty.exe 2008-04-23 14:51 --------- d-----w C:\Programfiler\MSBuild 2008-04-23 14:51 --------- d-----w C:\Programfiler\Microsoft Works 2008-04-23 14:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\TechSmith 2008-04-23 14:28 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\ComAgent 2008-04-23 13:33 --------- d-----w C:\Documents and Settings\administrator\Programdata\ComAgent 2008-04-23 11:30 --------- d-----w C:\Programfiler\Realtek 2008-04-23 11:30 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-04-23 11:21 --------- d-----w C:\Programfiler\ATI Technologies 2008-04-23 11:21 --------- d-----w C:\Programfiler\ATI 2008-04-23 10:20 --------- d-----w C:\Programfiler\microsoft frontpage 2008-04-23 10:19 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-04-23 10:18 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 16:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll 2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll 2008-04-14 16:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll 2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll 2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll 2008-04-14 16:19 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll 2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll 2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 15:50 14,592 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys 2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 15:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-14 07:23 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 07:22 987,136 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 07:22 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-03_ 8.15.01,31 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-26 07:04:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-03 11:42:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-01-15 20:12:38 312,680 ----a-w C:\WINDOWS\Downloaded Program Files\avsniff.dll + 2008-01-15 20:12:40 255,336 ----a-w C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll + 2008-05-27 23:00:00 2,504 ----a-w C:\WINDOWS\Downloaded Program Files\catalog.dat + 2008-01-15 20:02:44 42,112 ----a-w C:\WINDOWS\Downloaded Program Files\ecmldr32.dll + 2008-05-27 23:00:00 284,016 ----a-w C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll + 2008-01-15 20:02:58 201,896 ----a-w C:\WINDOWS\Downloaded Program Files\navapi32.dll + 2008-05-27 23:00:00 128,368 ----a-w C:\WINDOWS\Downloaded Program Files\naveng32.dll + 2008-05-27 23:00:00 943,472 ----a-w C:\WINDOWS\Downloaded Program Files\navex32a.dll + 2008-01-15 20:12:48 296,336 ----a-w C:\WINDOWS\Downloaded Program Files\rufsi.dll + 2008-05-27 23:00:00 97,776 ----a-w C:\WINDOWS\Downloaded Program Files\scrauth.dat + 2008-05-27 23:00:00 411,555 ----a-w C:\WINDOWS\Downloaded Program Files\tcdefs.dat + 2008-05-27 23:00:00 3,772,330 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan7.dat + 2008-05-27 23:00:00 482,537 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan8.dat + 2008-05-27 23:00:00 1,161,183 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan9.dat + 2008-05-27 23:00:00 1,957 ----a-w C:\WINDOWS\Downloaded Program Files\tinfl.dat + 2008-05-27 23:00:00 71,435 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1.dat + 2008-05-27 23:00:00 3,760 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1hd.dat + 2008-05-27 23:00:00 1,007,646 ----a-w C:\WINDOWS\Downloaded Program Files\virscan1.dat + 2008-05-27 23:00:00 571,362 ----a-w C:\WINDOWS\Downloaded Program Files\virscan2.dat + 2008-05-27 23:00:00 151,832 ----a-w C:\WINDOWS\Downloaded Program Files\virscan3.dat + 2008-05-27 23:00:00 320,253 ----a-w C:\WINDOWS\Downloaded Program Files\virscan4.dat + 2008-05-27 23:00:00 7,708,633 ----a-w C:\WINDOWS\Downloaded Program Files\virscan5.dat + 2008-05-27 23:00:00 393,782 ----a-w C:\WINDOWS\Downloaded Program Files\virscan6.dat + 2008-05-27 23:00:00 27,357,239 ----a-w C:\WINDOWS\Downloaded Program Files\virscan7.dat + 2008-05-27 23:00:00 2,040,460 ----a-w C:\WINDOWS\Downloaded Program Files\virscan8.dat + 2008-05-27 23:00:00 6,266,048 ----a-w C:\WINDOWS\Downloaded Program Files\virscan9.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "DAEMON Tools Lite"="D:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 14:27 16207872 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 12:46 135168] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 12:46 159744] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 12:46 131072] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "Norman ZANDA"="C:\NORMAN\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352] "DameWare MRC Agent"="C:\WINDOWS\system32\DWRCST.exe" [2008-02-19 15:40 78848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Nod32 Runtime"="sysregi.exe" [2008-04-14 18:22 174592 C:\WINDOWS\system32\sysregi.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] C:\Documents and Settings\tord.kristensen\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ ComAgent.lnk - D:\Programfiler\ComAgent\ComAgent.exe [2008-04-23 15:33:10 1236992] SnagIt 8.lnk - D:\Programfiler\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-16 18:40:52 6379080] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "ForceStartMenuLogOff"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1177238915-630328440-1801674531-3369\Scripts\Logon\0\0] "Script"=\\fauske.lokalt\SysVol\fauske.lokalt\scripts\logon.cmd [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "D:\\Programfiler\\mIRC\\mirc.exe"= "D:\\Programfiler\\Zend Studio\\ZendStudio.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~”ü"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;C:\WINDOWS\system32\DRIVERS\dwvkbd.sys [2007-02-15 20:00] R2 Ndiskio;Ndiskio;C:\NORMAN\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R3 DwMirror;DwMirror;C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [2007-02-07 20:00] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56] R3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\bin\nvcoas.exe [2007-12-12 11:45] R3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-03 14:14:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-03 14:16:02 ComboFix-quarantined-files.txt 2008-06-03 12:15:32 ComboFix2.txt 2008-06-03 06:15:14 Pre-Run: 5,768,339,456 byte ledig Post-Run: 5,785,698,304 byte ledig 296 --- E O F --- 2008-05-22 01:00:40 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå