(*LØST*) MSN-virus... Som så mange andre :(

[Breidablik]

Jaja, har selvfølgelig klart å trykke på denne linken då (Youtube-link) og no er maskina mi infisert!

 

Nokon som kan sjå over combofix-loggen min?

 

 

 

ComboFix 08-06-05.3 - Torje Breidablik 2008-06-06 15:41:04.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1395 [GMT 2:00]

Running from: C:\Documents and Settings\Torje Breidablik\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Programdata\Adsl Software Limited

C:\Documents and Settings\All Users\Programdata\Adsl Software Limited\MalWarrior 2007\program.id

C:\Documents and Settings\Torje Breidablik\Lokale innstillinger\Temporary Internet Files\ijjistarter_verinfo.dat

C:\Documents and Settings\Torje Breidablik\Programdata\Adsl Software Limited

C:\Documents and Settings\Torje Breidablik\Programdata\Adsl Software Limited\MalWarrior 2007\BASE\vbase.dat

C:\Documents and Settings\Torje Breidablik\Programdata\Adsl Software Limited\MalWarrior 2007\LOG\20080408173825296.log

C:\Documents and Settings\Torje Breidablik\Programdata\Adsl Software Limited\MalWarrior 2007\LOG\20080408200433171.log

C:\Documents and Settings\Torje Breidablik\Programdata\Adsl Software Limited\MalWarrior 2007\Malwarrior.exe

C:\Documents and Settings\Torje Breidablik\Programdata\Adsl Software Limited\MalWarrior 2007\program.ini

C:\WINDOWS\059573.exe

C:\WINDOWS\203932.exe

C:\WINDOWS\203937.exe

C:\WINDOWS\images.zip

C:\WINDOWS\scvhost.exe

C:\WINDOWS\system32\pskill.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))

.

 

2008-06-06 14:47 . 2008-06-06 15:43 53,252 --a------ C:\tasksmgr.exe

2008-06-05 14:50 . 2008-06-05 15:08 53,252 --a------ C:\Loveits.exe

2008-06-03 20:57 . 2008-06-03 20:57 61,444 --a------ C:\WINDOWS\scvhosted.exe

2008-06-03 19:10 . 2008-06-03 21:19 417,792 --a------ C:\WINDOWS\39382.got

2008-06-03 15:19 . 2008-06-03 15:19 174,592 --a------ C:\WINDOWS\sysutili.exe

2008-06-03 15:19 . 2008-06-03 15:19 61,444 --a------ C:\WINDOWS\ssehost.exe

2008-06-03 15:02 . 2008-06-03 16:32 <DIR> d-------- C:\Programfiler\Windows Sidebar

2008-06-03 15:01 . 2008-06-03 15:01 <DIR> d-------- C:\Programfiler\Alky for Applications

2008-06-03 14:40 . 2008-06-03 14:40 61,444 --a------ C:\WINDOWS\sshost.exe

2008-06-02 22:46 . 2008-06-02 22:47 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-06-02 22:34 . 2008-06-02 22:34 <DIR> d-------- C:\Programfiler\TrueTransparency

2008-06-02 21:52 . 2008-06-02 15:09 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup

2008-06-02 19:52 . 2008-06-02 19:52 53,252 --------- C:\WINDOWS\ehSched.exe

2008-06-02 15:36 . 2008-06-06 13:42 <DIR> d-------- C:\Programfiler\ViStart

2008-06-02 15:09 . 2008-06-02 22:47 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-06-02 15:09 . 2008-06-02 22:47 70,424 --a------ C:\WINDOWS\BricoPackUninst.cmd

2008-06-02 15:07 . 2008-06-02 22:45 <DIR> d-------- C:\WINDOWS\BricoPacks

2008-06-01 20:56 . 2008-06-01 20:56 <DIR> d-------- C:\WINDOWS\system32\VIRepair

2008-06-01 19:28 . 2008-06-01 19:28 76,214 --a------ C:\WINDOWS\Icon_2.ico

2008-06-01 18:42 . 2008-06-01 18:43 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\ViStart

2008-06-01 18:40 . 2008-06-01 18:40 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\Styler

2008-06-01 18:39 . 2008-06-01 20:19 <DIR> d-------- C:\Programfiler\WinFlip

2008-06-01 18:39 . 2008-06-01 20:56 <DIR> d-------- C:\Programfiler\Styler

2008-06-01 18:37 . 2008-06-01 20:57 <DIR> d-------- C:\WINDOWS\system32\VITrans

2008-06-01 18:37 . 2008-06-01 19:31 <DIR> d-------- C:\VTPFiles

2008-06-01 18:37 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe

2008-06-01 18:37 . 2008-06-01 18:37 78,942 --a------ C:\WINDOWS\Icon_1.ico

2008-06-01 18:37 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe

2008-06-01 18:37 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe

2008-06-01 18:37 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe

2008-06-01 18:22 . 2008-06-01 18:27 <DIR> d-------- C:\Programfiler\HMSoft

2008-05-31 11:48 . 2008-05-31 11:48 <DIR> d-------- C:\WINDOWS\system32\no

2008-05-31 11:48 . 2008-05-31 11:48 <DIR> d-------- C:\WINDOWS\system32\bits

2008-05-31 11:48 . 2008-05-31 11:48 <DIR> d-------- C:\WINDOWS\l2schemas

2008-05-31 11:46 . 2008-05-31 11:46 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-05-31 11:36 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys

2008-05-31 11:36 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys

2008-05-27 16:13 . 2008-04-14 17:50 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-05-23 21:05 . 2008-05-23 21:05 <DIR> d-------- C:\Programfiler\NeoPaint for Windows

2008-05-22 18:32 . 2008-05-22 18:47 <DIR> d-------- C:\WINDOWS\NV29323624.TMP

2008-05-14 16:12 . 2008-05-14 16:14 <DIR> d-------- C:\WINDOWS\NV31923068.TMP

2008-05-14 16:12 . 2008-05-14 16:12 <DIR> d-------- C:\NVIDIA

2008-05-14 16:12 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-05-14 16:12 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-05-11 10:45 . 2008-05-11 12:39 <DIR> d-------- C:\Programfiler\RivaTuner v2.09

2008-05-10 15:39 . 2008-05-10 15:39 <DIR> d-------- C:\Programfiler\Lavalys

2008-05-10 14:13 . 2008-05-22 18:32 <DIR> d-------- C:\WINDOWS\nvidia icons

2008-05-10 14:13 . 2008-05-10 14:15 <DIR> d-------- C:\WINDOWS\NV4402792.TMP

2008-05-10 13:08 . 2008-05-10 13:10 <DIR> d-------- C:\WINDOWS\NV244280.TMP

2008-05-07 15:30 . 2008-05-14 16:11 <DIR> d-------- C:\Programfiler\Project64 1.6

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-06 11:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\Google Updater

2008-06-06 11:48 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\Skype

2008-06-06 11:38 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\skypePM

2008-06-05 18:36 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\LimeWire

2008-06-03 18:18 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-06-02 19:56 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\Xfire

2008-06-02 13:09 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-05-29 06:34 --------- d-s---w C:\Programfiler\Xfire

2008-05-26 19:37 --------- d-----w C:\Programfiler\Opera

2008-05-25 19:32 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-25 19:32 --------- d-----w C:\Programfiler\Google

2008-05-23 20:55 --------- d-----w C:\Programfiler\Prime95

2008-05-16 13:51 --------- d-----w C:\Programfiler\Raptor

2008-05-16 13:50 --------- d-----w C:\Programfiler\EA Sports

2008-05-16 13:48 --------- d-----w C:\Programfiler\Winamp

2008-05-16 13:47 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment

2008-05-03 07:47 --------- d-----w C:\Programfiler\Unity

2008-05-03 07:15 --------- d-----w C:\Programfiler\VideoLAN

2008-05-03 07:15 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\dvdcss

2008-05-03 07:11 --------- d-----w C:\Programfiler\AVI Codec Pack

2008-05-02 20:19 --------- d-----w C:\Programfiler\XviD

2008-05-02 08:35 --------- d-----w C:\Programfiler\Fellesfiler\Skype

2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2008-04-28 14:21 --------- d-----w C:\Programfiler\LimeWire

2008-04-27 11:49 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-04-27 07:40 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-04-27 07:40 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-04-27 07:39 --------- d-----w C:\Programfiler\Futuremark

2008-04-26 09:38 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\AVGTOOLBAR

2008-04-26 09:18 --------- d-----w C:\Programfiler\AbsoluteTransfer

2008-04-26 09:13 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-04-26 09:13 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-04-26 09:13 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-04-26 09:13 --------- d-----w C:\Programfiler\AVG

2008-04-26 09:13 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8

2008-04-23 16:06 --------- d-----w C:\Documents and Settings\LocalService\Programdata\skypePM

2008-04-21 14:56 --------- d-----w C:\Programfiler\OCCT

2008-04-20 14:03 --------- d-----w C:\Programfiler\Paint.NET

2008-04-20 11:06 --------- d-----w C:\Programfiler\id Software

2008-04-20 11:03 --------- d-----w C:\Programfiler\Warblade

2008-04-20 10:19 --------- d-----w C:\Programfiler\Motherboard Monitor 5

2008-04-20 06:01 --------- d-----w C:\Programfiler\ATITool

2008-04-20 05:32 --------- d-----w C:\Programfiler\Fellesfiler\Futuremark Shared

2008-04-19 19:08 90,112 ----a-w C:\WINDOWS\DUMP66f7.tmp

2008-04-19 14:17 --------- d-----w C:\Programfiler\PowerStrip

2008-04-19 10:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\Valve

2008-04-18 19:16 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-04-18 19:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-18 19:16 22,328 ----a-w C:\Documents and Settings\Torje Breidablik\Programdata\PnkBstrK.sys

2008-04-18 19:16 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-04-18 13:44 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\Winamp

2008-04-18 13:40 --------- d-----w C:\Programfiler\Winamp Toolbar

2008-04-18 13:40 --------- d-----w C:\Documents and Settings\All Users\Programdata\Winamp Toolbar

2008-04-16 16:29 --------- d--h--w C:\Documents and Settings\Torje Breidablik\Programdata\ijjigame

2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 16:22 98,816 ----a-w C:\WINDOWS\system32\winscard.dll

2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll

2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 16:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 15:47 673,280 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

.

 

------- Sigcheck -------

 

2007-10-11 01:42 825344 06fb7a0d18f4546f120af73ae24354c8 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

2007-12-07 04:00 825344 5b32804f6adaea2d9615637a353b1c82 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

2008-03-01 14:49 827392 49f00b84be5a82d0de6ab10b1fa93c32 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

2006-03-02 14:00 655872 10f493204ebe9eaad8664819e97c36cf C:\WINDOWS\ie7\wininet.dll

2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll

2007-10-11 01:54 824832 58bb40542f013c10d21af514a6380209 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll

2007-12-07 04:17 824832 b55fe0db96700d41313e0c613a1adb16 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll

2008-03-01 15:05 817152 b44f2446e38694da3b8cb77b3b405b8a C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2007-12-07 03:08 658944 709671f9a2afbc2a4cbcf5134b558ba1 C:\WINDOWS\SoftwareDistribution\Download\61651e5b788f9157d28154653d8042e9\sp2gdr\wininet.dll

2007-12-07 02:47 665600 989f1c62837e38578950f141cc13238f C:\WINDOWS\SoftwareDistribution\Download\61651e5b788f9157d28154653d8042e9\sp2qfe\wininet.dll

2008-04-14 18:22 665600 3b22bd33306298210ccba8541dfe94b5 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\wininet.dll

2008-03-01 15:05 817152 b44f2446e38694da3b8cb77b3b405b8a C:\WINDOWS\system32\wininet.dll

2008-03-01 15:05 826368 5ba67869f780094ab4dbda4e336c7705 C:\WINDOWS\system32\dllcache\wininet.dll

 

2008-04-14 18:22 976384 9e5bc741765c907f017e0b8b21052228 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1033216 1a8e8cace017e1b143de91e11987ed39 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 15:24 1033216 2964b3f5e59f5d989252e2564a21a4c1 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2006-03-02 14:00 1032192 0b4a898de1aa20d133c91ba260e7a8a1 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2008-04-14 18:22 976384 9e5bc741765c907f017e0b8b21052228 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2008-04-14 18:22 1033728 8059c34b6f4758f678e975665eadfd87 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]

C:\Programfiler\AbsoluteTransfer\AbsoluteTransfer.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2008-03-20 00:36 1267040 --a------ C:\Programfiler\Winamp Toolbar\winamptb.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2008-03-16 11:25 398776 --a------ C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

2008-04-26 11:13 2050816 --a------ C:\Programfiler\AVG\AVG8\avgtoolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3AB99368-48AF-4A01-B845-2904204948B5}"= "C:\WINDOWS\vnbptxlf.dll" [ ]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programfiler\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\Programfiler\AVG\AVG8\avgtoolbar.dll" [2008-04-26 11:13 2050816]

 

[HKEY_CLASSES_ROOT\clsid\{3ab99368-48af-4a01-b845-2904204948b5}]

[HKEY_CLASSES_ROOT\vnbptxlf.1]

[HKEY_CLASSES_ROOT\TypeLib\{E814C71C-7BB7-4FBE-8E61-8047F0956BF1}]

[HKEY_CLASSES_ROOT\vnbptxlf]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programfiler\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\Programfiler\AVG\AVG8\avgtoolbar.dll [2008-04-26 11:13 2050816]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CamTray.exe" [2005-10-27 12:00 299008]

"LightScribe Control Panel"="C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe" [2007-08-23 18:36 455968]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]

"RollerCoasterTycoon.exe"="C:\DOCUME~1\TORJEB~1\PROGRA~1\Opera\Opera\profile\cache4\TEMPOR~1\ROLLER~1.exe" [ ]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"LClock"="C:\Programfiler\LClock\LClock.exe" [ ]

"Vista Sidebar"="C:\Programfiler\Vista Sidebar\sidebar.exe" [ ]

"ViOrb"="C:\Programfiler\ViOrb\ViOrb.exe" [ ]

"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]

"ViStart"="C:\Programfiler\ViStart\ViStart" [ ]

"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 09:43 180224]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.EXE]

"Gainward"="C:\Programfiler\Vtune\TBPanel.exe" [2007-06-26 16:08 2158592]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"InCD"="C:\Programfiler\Nero\Nero 7\InCD\InCD.exe" [2007-09-26 14:31 1057064]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 20:49 36352]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-26 11:13 1177368]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]

"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]

"Windows UDP Control Center"="ehSched.exe" [2008-06-02 19:52 53252 C:\WINDOWS\ehSched.exe]

"Nod32 Runtime"="sysregi.exe" [2008-04-14 18:22 174592 C:\WINDOWS\system32\sysregi.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Nod32 Runtime"="sysregi.exe" [2008-04-14 18:22 174592 C:\WINDOWS\system32\sysregi.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

 

C:\Documents and Settings\Torje Breidablik\Start-meny\Programmer\Oppstart\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Google Updater.lnk - C:\Programfiler\Google\Google Updater\GoogleUpdater.exe [2008-04-17 16:00:21 124400]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"DrvSys"= {bcfdb80d-c159-4cd9-b7d0-7767e68e622f} - C:\WINDOWS\Resources\DrvSys.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Xfire\\xfire.exe"=

"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"C:\\Programfiler\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\WINDOWS\\system32\\dxdiag.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\Programfiler\\BearShare Applications\\BearShare\\BearShare.exe"=

"C:\\Programfiler\\Opera\\Opera.exe"=

"C:\\Programfiler\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=

"C:\\ijji\\ENGLISH\\u_gunz.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqw.exe"=

"C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqwded.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-26 11:13]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-26 11:13]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 11:13]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-26 11:13]

R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 03:37]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Programfiler\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 00:00]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]

S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]

S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]

S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]

S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]

S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 00:45]

 

*Newly Created Service* - CATCHME

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Programfiler\Fellesfiler\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

"2008-06-06 13:04:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-06 15:43:44

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\C:\Programfiler\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

.

Completion time: 2008-06-06 15:45:10

ComboFix-quarantined-files.txt 2008-06-06 13:44:54

 

Pre-Run: 367,747,010,560 byte ledig

Post-Run: 461,705,183,232 byte ledig

 

347 --- E O F --- 2008-05-28 06:44:03

 

 

 

 

Har sett på ein del andre trådar, men det ser ut som det er forskjellige ting som skal gjerast for kvar enkelt maskin...?

 

Blir glad om nokon kan komme med nokon råd

Endret 6. juni 2008 av Breidablik

[Sovende Panda]

Eg kan ikkje noko med logg greiene. Men eg hadde eit msn-virus og kjørte programet MSNFix og det hjalp litt. Kanskje du skulle prøve det, så kan nokre andre sjå på loggen din.

[norbat]

Det ligger flere filer som skal bort.

Jeg ønsker å bruke deg som en testkanin og vil be deg om å kjøre en quick scan med gratisversjonen til SAS. Dette for å se om ikke de siste oppdateringene til dette programmet tar infeksjonen.

 

Hvis dette ikke hjelper, tar vi filene manuelt

[Breidablik]

Hehe, jaja eg kan godt vere prøvekanin...

 

(\_/)

(o.o)

(> <)

 

Skal eg laste ned "FREE trial professional" eller "FREE VERSION Home Users"?

Endret 6. juni 2008 av Breidablik

[norbat]

Free V. Home User

 

Og takk for at du ofrer deg for saken

[Breidablik]

Då var eg ferdig med eit søk, og eg fekk sletta ein heil haug filer. (Åt middag imens, så det tok litt tid...)

 

Skal eg berre køyre Combofix igjen og laste opp loggen?

Endret 6. juni 2008 av Breidablik

[snippsat]

Nei nå vil norbat ha loggen fra SAS,ikke gjøre noe før du får beskjed om det.

 

Post loggen fra SAS (preferences->statistics/logs)

Endret 6. juni 2008 av SNIPPSAT

[Breidablik]

Her har du loggen, norbat:

 

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/06/2008 at 05:31 PM

 

Application Version : 4.15.1000

 

Core Rules Database Version : 3476

Trace Rules Database Version: 1467

 

Scan type : Quick Scan

Total Scan Time : 00:04:29

 

Memory items scanned : 404

Memory threats detected : 0

Registry items scanned : 398

Registry threats detected : 12

File items scanned : 6421

File threats detected : 71

 

Trojan.Net-DamnUA/A

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}

HKCR\CLSID\{18CB1A7B-94CD-4582-8022-ADA16851E44B}

HKCR\CLSID\{18CB1A7B-94CD-4582-8022-ADA16851E44B}

HKCR\CLSID\{18CB1A7B-94CD-4582-8022-ADA16851E44B}\InprocServer32

HKCR\CLSID\{18CB1A7B-94CD-4582-8022-ADA16851E44B}\InprocServer32#ThreadingModel

HKCR\CLSID\{18CB1A7B-94CD-4582-8022-ADA16851E44B}\ProgID

HKCR\CLSID\{18CB1A7B-94CD-4582-8022-ADA16851E44B}\Programmable

HKCR\CLSID\{18CB1A7B-94CD-4582-8022-ADA16851E44B}\TypeLib

HKCR\CLSID\{18CB1A7B-94CD-4582-8022-ADA16851E44B}\VersionIndependentProgID

C:\PROGRAMFILER\ABSOLUTETRANSFER\ABSOLUTETRANSFER.DLL

 

Adware.Tracking Cookie

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@overture[2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@linksynergy[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@casalemedia[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@revsci[2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@revenue[2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@2o7[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@redorbit[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@enhance[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@advertising[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@zedo[2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@apmebf[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@doubleclick[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@atdmt[2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@statcounter[2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@adtech[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@clickbank[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@introduction-find[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@anime-media[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@tacoda[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@mediaplex[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@tribalfusion[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@kontera[2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@adbrite[2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@hitbox[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@arpexmedia[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@realmedia[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@pro-market[2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@imrworldwide[2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@serving-sys[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@nightfind[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@burstnet[2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][3].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@tradedoubler[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@clicksor[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@dealtime[1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@specificclick[2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][1].txt

C:\Documents and Settings\Torje Breidablik\Cookies\[email protected][2].txt

C:\Documents and Settings\Torje Breidablik\Cookies\torje_breidablik@fastclick[1].txt

.atdmt.com [ C:\Documents and Settings\Torje Breidablik\Programdata\Mozilla\Firefox\Profiles\52af8d39.default\cookies.txt ]

.2o7.net [ C:\Documents and Settings\Torje Breidablik\Programdata\Mozilla\Firefox\Profiles\52af8d39.default\cookies.txt ]

.doubleclick.net [ C:\Documents and Settings\Torje Breidablik\Programdata\Mozilla\Firefox\Profiles\52af8d39.default\cookies.txt ]

.tribalfusion.com [ C:\Documents and Settings\Torje Breidablik\Programdata\Mozilla\Firefox\Profiles\52af8d39.default\cookies.txt ]

.adlegend.com [ C:\Documents and Settings\Torje Breidablik\Programdata\Mozilla\Firefox\Profiles\52af8d39.default\cookies.txt ]

.hitbox.com [ C:\Documents and Settings\Torje Breidablik\Programdata\Mozilla\Firefox\Profiles\52af8d39.default\cookies.txt ]

.ehg-globalgamingleague.hitbox.com [ C:\Documents and Settings\Torje Breidablik\Programdata\Mozilla\Firefox\Profiles\52af8d39.default\cookies.txt ]

.ehg-globalgamingleague.hitbox.com [ C:\Documents and Settings\Torje Breidablik\Programdata\Mozilla\Firefox\Profiles\52af8d39.default\cookies.txt ]

 

Rogue.MalWarrior

HKLM\Software\Adsl Software Limited

HKLM\Software\Adsl Software Limited\Installer

HKLM\Software\Adsl Software Limited\Installer#InstallDate

 

 

Endret 6. juni 2008 av Breidablik

[Christofferaa]

Jeg har også fått dette viruset... er det virkelig ingen inne på hw.no som har mere peiling? jeg trodde dette var kjrnen av pc nerds... xD

 

Takk for hjelp uansett!

[snippsat]

Jeg har også fått dette viruset... er det virkelig ingen inne på hw.no som har mere peiling?

Hva mener du med det?

Har du problemer lager du en ny post,så ordener vi opp i det.

 

Norbat er kansje den som kan mest om dette feltet i norge.

Post logger han ber om her.

https://www.diskusjon.no/index.php?showtopic=962315&hl=

[Christofferaa]

Jeg har også fått dette viruset... er det virkelig ingen inne på hw.no som har mere peiling?

Hva mener du med det?

Har du problemer lager du en ny post,så ordener vi opp i det.

 

Norbat er kansje den som kan mest om dette feltet i norge.

Post logger han ber om her.

https://www.diskusjon.no/index.php?showtopic=962315&hl=

 

Sorry... jeg blir bare så stressa^^

Håper jeg får kontakt med denne.. Norbat;)

[snippsat]

Helt ok

 

Jeg har postet i den andre posten din.

Gjør det så får du ordnet opp i det.

[norbat]

Da er vi på nett igjen...

 

Breidablik:

Det ser ikke ut som om SAS har de aktuelle filene i sine oppdateringer ennå, så da fortsetter du med følgende:

 

Last ned MAM (Malwarebytes Anti-Malware) til skrivebordet.

Kjør fila og installer programmet.

La programmet oppdatere seg og velg å kjør en quick scan.

 

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Show Results-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

 

Klikk så på Remove Selected -knappen for å fjerne malwaren som evt. ble funnet.

 

Når MAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den kopiere du og poste.

 

(Håper du er med fortsatt - si ifra om du vil ha de fjernet med en gang eller så tar vi denne ekstra runden )

Endret 6. juni 2008 av norbat

[Breidablik]

Nei, eg la merke til at det ikkje virka... Eg sendte viruset vidare til fleire forskjellige av kontaktene mine mest du var avlogga...

 

Uansett, her er loggen:

 

 

Malwarebytes' Anti-Malware 1.15

Database versjon: 834

 

20:18:31 06.06.2008

mbam-log-6-6-2008 (20-18-31).txt

 

Skann type: Rask Skann

Objekter skannet: 36390

Tid tilbakelagt: 2 minute(s), 50 second(s)

 

Minneprosesser infisert: 1

Minnemoduler infisert: 0

Registernøkler infisert: 7

Registerverdier infisert: 3

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 3

 

Minneprosesser infisert:

C:\WINDOWS\ehSched.exe (Backdoor.Bot) -> Failed to unload process.

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\absolutetransfer.absolutetransfer (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\absolutetransfer.absolutetransfer.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Drivers (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\vnbptxlf.bspe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Nod32 Runtime (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\DrvSys (Trojan.Clicker) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\sysregi.exe (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\ehSched.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\sysutili.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

 

 

Programmet fann forresten 14 "spywares"

 

Skal eg berre gjere som den seier, og restarte maskina?

Endret 6. juni 2008 av Breidablik

[norbat]

Fint, den renset litt opp. Ja, gjør som den sier.

 

Kjør combofix igjen og post loggen, så tar vi resten derfra.

Endret 6. juni 2008 av norbat

[Breidablik]

ja, då var det gjort... Her har du loggen:

 

 

ComboFix 08-06-06.2 - Torje Breidablik 2008-06-06 20:29:25.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1454 [GMT 2:00]

Running from: C:\Documents and Settings\Torje Breidablik\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))

.

 

2008-06-06 20:14 . 2008-06-06 20:14 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-06-06 20:14 . 2008-06-06 20:14 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\Malwarebytes

2008-06-06 20:14 . 2008-06-06 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-06-06 20:14 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-06 20:14 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-06 17:24 . 2008-06-06 17:24 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-06-06 17:24 . 2008-06-06 17:24 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\SUPERAntiSpyware.com

2008-06-06 17:24 . 2008-06-06 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-06-06 17:13 . 2008-06-06 17:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-06-06 14:47 . 2008-06-06 16:23 53,252 --a------ C:\tasksmgr.exe

2008-06-05 14:50 . 2008-06-05 15:08 53,252 --a------ C:\Loveits.exe

2008-06-03 19:10 . 2008-06-03 21:19 417,792 --a------ C:\WINDOWS\39382.got

2008-06-03 15:02 . 2008-06-03 16:32 <DIR> d-------- C:\Programfiler\Windows Sidebar

2008-06-03 15:01 . 2008-06-03 15:01 <DIR> d-------- C:\Programfiler\Alky for Applications

2008-06-02 22:46 . 2008-06-02 22:47 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-06-02 22:34 . 2008-06-02 22:34 <DIR> d-------- C:\Programfiler\TrueTransparency

2008-06-02 21:52 . 2008-06-02 15:09 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup

2008-06-02 15:36 . 2008-06-06 20:24 <DIR> d-------- C:\Programfiler\ViStart

2008-06-02 15:09 . 2008-06-02 22:47 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-06-02 15:09 . 2008-06-02 22:47 70,424 --a------ C:\WINDOWS\BricoPackUninst.cmd

2008-06-02 15:07 . 2008-06-02 22:45 <DIR> d-------- C:\WINDOWS\BricoPacks

2008-06-01 20:56 . 2008-06-01 20:56 <DIR> d-------- C:\WINDOWS\system32\VIRepair

2008-06-01 19:28 . 2008-06-01 19:28 76,214 --a------ C:\WINDOWS\Icon_2.ico

2008-06-01 18:42 . 2008-06-01 18:43 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\ViStart

2008-06-01 18:40 . 2008-06-01 18:40 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\Styler

2008-06-01 18:39 . 2008-06-01 20:19 <DIR> d-------- C:\Programfiler\WinFlip

2008-06-01 18:39 . 2008-06-01 20:56 <DIR> d-------- C:\Programfiler\Styler

2008-06-01 18:37 . 2008-06-01 20:57 <DIR> d-------- C:\WINDOWS\system32\VITrans

2008-06-01 18:37 . 2008-06-01 19:31 <DIR> d-------- C:\VTPFiles

2008-06-01 18:37 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe

2008-06-01 18:37 . 2008-06-01 18:37 78,942 --a------ C:\WINDOWS\Icon_1.ico

2008-06-01 18:37 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe

2008-06-01 18:37 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe

2008-06-01 18:37 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe

2008-06-01 18:22 . 2008-06-01 18:27 <DIR> d-------- C:\Programfiler\HMSoft

2008-05-31 11:48 . 2008-05-31 11:48 <DIR> d-------- C:\WINDOWS\system32\no

2008-05-31 11:48 . 2008-05-31 11:48 <DIR> d-------- C:\WINDOWS\system32\bits

2008-05-31 11:48 . 2008-05-31 11:48 <DIR> d-------- C:\WINDOWS\l2schemas

2008-05-31 11:46 . 2008-05-31 11:46 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-05-31 11:36 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys

2008-05-31 11:36 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys

2008-05-27 16:13 . 2008-04-14 17:50 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-05-23 21:05 . 2008-05-23 21:05 <DIR> d-------- C:\Programfiler\NeoPaint for Windows

2008-05-22 18:32 . 2008-05-22 18:47 <DIR> d-------- C:\WINDOWS\NV29323624.TMP

2008-05-14 16:12 . 2008-05-14 16:14 <DIR> d-------- C:\WINDOWS\NV31923068.TMP

2008-05-14 16:12 . 2008-05-14 16:12 <DIR> d-------- C:\NVIDIA

2008-05-14 16:12 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-05-14 16:12 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-05-11 10:45 . 2008-05-11 12:39 <DIR> d-------- C:\Programfiler\RivaTuner v2.09

2008-05-10 15:39 . 2008-05-10 15:39 <DIR> d-------- C:\Programfiler\Lavalys

2008-05-10 14:13 . 2008-05-22 18:32 <DIR> d-------- C:\WINDOWS\nvidia icons

2008-05-10 14:13 . 2008-05-10 14:15 <DIR> d-------- C:\WINDOWS\NV4402792.TMP

2008-05-10 13:08 . 2008-05-10 13:10 <DIR> d-------- C:\WINDOWS\NV244280.TMP

2008-05-07 15:30 . 2008-05-14 16:11 <DIR> d-------- C:\Programfiler\Project64 1.6

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-06 18:25 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\skypePM

2008-06-06 18:25 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\Skype

2008-06-06 11:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\Google Updater

2008-06-05 18:36 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\LimeWire

2008-06-03 18:18 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-06-02 19:56 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\Xfire

2008-06-02 13:09 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-05-29 06:34 --------- d-s---w C:\Programfiler\Xfire

2008-05-26 19:37 --------- d-----w C:\Programfiler\Opera

2008-05-25 19:32 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-25 19:32 --------- d-----w C:\Programfiler\Google

2008-05-23 20:55 --------- d-----w C:\Programfiler\Prime95

2008-05-16 13:51 --------- d-----w C:\Programfiler\Raptor

2008-05-16 13:50 --------- d-----w C:\Programfiler\EA Sports

2008-05-16 13:48 --------- d-----w C:\Programfiler\Winamp

2008-05-16 13:47 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment

2008-05-03 07:47 --------- d-----w C:\Programfiler\Unity

2008-05-03 07:15 --------- d-----w C:\Programfiler\VideoLAN

2008-05-03 07:15 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\dvdcss

2008-05-03 07:11 --------- d-----w C:\Programfiler\AVI Codec Pack

2008-05-02 20:19 --------- d-----w C:\Programfiler\XviD

2008-05-02 08:35 --------- d-----w C:\Programfiler\Fellesfiler\Skype

2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2008-04-28 14:21 --------- d-----w C:\Programfiler\LimeWire

2008-04-27 11:49 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-04-27 07:40 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-04-27 07:40 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-04-27 07:39 --------- d-----w C:\Programfiler\Futuremark

2008-04-26 09:38 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\AVGTOOLBAR

2008-04-26 09:18 --------- d-----w C:\Programfiler\AbsoluteTransfer

2008-04-26 09:13 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-04-26 09:13 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-04-26 09:13 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-04-26 09:13 --------- d-----w C:\Programfiler\AVG

2008-04-26 09:13 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8

2008-04-23 16:06 --------- d-----w C:\Documents and Settings\LocalService\Programdata\skypePM

2008-04-21 14:56 --------- d-----w C:\Programfiler\OCCT

2008-04-20 14:03 --------- d-----w C:\Programfiler\Paint.NET

2008-04-20 11:06 --------- d-----w C:\Programfiler\id Software

2008-04-20 11:03 --------- d-----w C:\Programfiler\Warblade

2008-04-20 10:19 --------- d-----w C:\Programfiler\Motherboard Monitor 5

2008-04-20 06:01 --------- d-----w C:\Programfiler\ATITool

2008-04-20 05:32 --------- d-----w C:\Programfiler\Fellesfiler\Futuremark Shared

2008-04-19 19:08 90,112 ----a-w C:\WINDOWS\DUMP66f7.tmp

2008-04-19 14:17 --------- d-----w C:\Programfiler\PowerStrip

2008-04-19 10:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\Valve

2008-04-18 19:16 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-04-18 19:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-18 19:16 22,328 ----a-w C:\Documents and Settings\Torje Breidablik\Programdata\PnkBstrK.sys

2008-04-18 19:16 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-04-18 13:44 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\Winamp

2008-04-18 13:40 --------- d-----w C:\Programfiler\Winamp Toolbar

2008-04-18 13:40 --------- d-----w C:\Documents and Settings\All Users\Programdata\Winamp Toolbar

2008-04-16 16:29 --------- d--h--w C:\Documents and Settings\Torje Breidablik\Programdata\ijjigame

2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 16:22 98,816 ----a-w C:\WINDOWS\system32\winscard.dll

2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll

2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 16:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 15:47 673,280 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

.

 

------- Sigcheck -------

 

2007-10-11 01:42 825344 06fb7a0d18f4546f120af73ae24354c8 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

2007-12-07 04:00 825344 5b32804f6adaea2d9615637a353b1c82 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

2008-03-01 14:49 827392 49f00b84be5a82d0de6ab10b1fa93c32 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

2006-03-02 14:00 655872 10f493204ebe9eaad8664819e97c36cf C:\WINDOWS\ie7\wininet.dll

2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll

2007-10-11 01:54 824832 58bb40542f013c10d21af514a6380209 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll

2007-12-07 04:17 824832 b55fe0db96700d41313e0c613a1adb16 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll

2008-03-01 15:05 817152 b44f2446e38694da3b8cb77b3b405b8a C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2007-12-07 03:08 658944 709671f9a2afbc2a4cbcf5134b558ba1 C:\WINDOWS\SoftwareDistribution\Download\61651e5b788f9157d28154653d8042e9\sp2gdr\wininet.dll

2007-12-07 02:47 665600 989f1c62837e38578950f141cc13238f C:\WINDOWS\SoftwareDistribution\Download\61651e5b788f9157d28154653d8042e9\sp2qfe\wininet.dll

2008-04-14 18:22 665600 3b22bd33306298210ccba8541dfe94b5 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\wininet.dll

2008-03-01 15:05 817152 b44f2446e38694da3b8cb77b3b405b8a C:\WINDOWS\system32\wininet.dll

2008-03-01 15:05 826368 5ba67869f780094ab4dbda4e336c7705 C:\WINDOWS\system32\dllcache\wininet.dll

 

2008-04-14 18:22 976384 9e5bc741765c907f017e0b8b21052228 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1033216 1a8e8cace017e1b143de91e11987ed39 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 15:24 1033216 2964b3f5e59f5d989252e2564a21a4c1 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2006-03-02 14:00 1032192 0b4a898de1aa20d133c91ba260e7a8a1 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2008-04-14 18:22 976384 9e5bc741765c907f017e0b8b21052228 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2008-04-14 18:22 1033728 8059c34b6f4758f678e975665eadfd87 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-06-06_15.44.49,31 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-06 11:42:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-06 18:24:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-06 15:24:29 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-06-06 15:24:29 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

- 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

- 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-03-19 16:06:28 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

+ 2008-06-06 18:25:52 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2008-03-20 00:36 1267040 --a------ C:\Programfiler\Winamp Toolbar\winamptb.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2008-03-16 11:25 398776 --a------ C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

2008-04-26 11:13 2050816 --a------ C:\Programfiler\AVG\AVG8\avgtoolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3AB99368-48AF-4A01-B845-2904204948B5}"= "C:\WINDOWS\vnbptxlf.dll" [ ]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programfiler\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\Programfiler\AVG\AVG8\avgtoolbar.dll" [2008-04-26 11:13 2050816]

 

[HKEY_CLASSES_ROOT\clsid\{3ab99368-48af-4a01-b845-2904204948b5}]

[HKEY_CLASSES_ROOT\vnbptxlf.1]

[HKEY_CLASSES_ROOT\TypeLib\{E814C71C-7BB7-4FBE-8E61-8047F0956BF1}]

[HKEY_CLASSES_ROOT\vnbptxlf]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programfiler\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\Programfiler\AVG\AVG8\avgtoolbar.dll [2008-04-26 11:13 2050816]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CamTray.exe" [2005-10-27 12:00 299008]

"LightScribe Control Panel"="C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe" [2007-08-23 18:36 455968]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]

"RollerCoasterTycoon.exe"="C:\DOCUME~1\TORJEB~1\PROGRA~1\Opera\Opera\profile\cache4\TEMPOR~1\ROLLER~1.exe" [ ]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"LClock"="C:\Programfiler\LClock\LClock.exe" [ ]

"Vista Sidebar"="C:\Programfiler\Vista Sidebar\sidebar.exe" [ ]

"ViOrb"="C:\Programfiler\ViOrb\ViOrb.exe" [ ]

"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]

"ViStart"="C:\Programfiler\ViStart\ViStart" [ ]

"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 09:43 180224]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.EXE]

"Gainward"="C:\Programfiler\Vtune\TBPanel.exe" [2007-06-26 16:08 2158592]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"InCD"="C:\Programfiler\Nero\Nero 7\InCD\InCD.exe" [2007-09-26 14:31 1057064]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 20:49 36352]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-26 11:13 1177368]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]

"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Nod32 Runtime"="sysregi.exe" []

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

 

C:\Documents and Settings\Torje Breidablik\Start-meny\Programmer\Oppstart\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Google Updater.lnk - C:\Programfiler\Google\Google Updater\GoogleUpdater.exe [2008-04-17 16:00:21 124400]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Xfire\\xfire.exe"=

"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"C:\\Programfiler\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\WINDOWS\\system32\\dxdiag.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\Programfiler\\BearShare Applications\\BearShare\\BearShare.exe"=

"C:\\Programfiler\\Opera\\Opera.exe"=

"C:\\Programfiler\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=

"C:\\ijji\\ENGLISH\\u_gunz.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqw.exe"=

"C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqwded.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-26 11:13]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-26 11:13]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 11:13]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-26 11:13]

R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 03:37]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Programfiler\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 00:00]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]

S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]

S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]

S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]

S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]

S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 00:45]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Programfiler\Fellesfiler\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

"2008-06-06 18:04:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-06 20:30:48

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\C:\Programfiler\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

.

Completion time: 2008-06-06 20:31:40

ComboFix-quarantined-files.txt 2008-06-06 18:31:38

ComboFix2.txt 2008-06-06 14:03:54

ComboFix3.txt 2008-06-06 13:45:10

 

Pre-Run: 462,197,936,128 byte ledig

Post-Run: 462,191,869,952 byte ledig

 

346 --- E O F --- 2008-05-28 06:44:03

 

 

[norbat]

Før du gjør det som står under ang. CFScript-fila, så vil jeg be deg om å gå ut i registeret og slette noe der. VIKTIG: Dobbeltsjekk at du er på riktig plass og at du sletter kun det som er nevnt under

 

Klikk: Start->Kjør

Skriv: regedit

 

Gå til følgende plass:

 

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

(HKLM = HKEY_LOCAL_MACHINE)

 

Høyreklikk på List og velg å eksporter (ta backup). Lagre backupen en plass du finner igjen. Deretter gjør du følgende:

 

Når du har klikket på List, vil du i høyre felt få opp en del oppføringer. Slett oppføringen som har dette som tekst:

"DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ"=

 

 

Så fjerner vi resten av de infiserte filene:

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

 

 

File::

C:\tasksmgr.exe

C:\Loveits.exe

C:\WINDOWS\39382.got

C:\WINDOWS\DUMP66f7.tmp

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3AB99368-48AF-4A01-B845-2904204948B5}"=-

[-HKEY_CLASSES_ROOT\clsid\{3ab99368-48af-4a01-b845-2904204948b5}]

[-HKEY_CLASSES_ROOT\vnbptxlf.1]

[-HKEY_CLASSES_ROOT\TypeLib\{E814C71C-7BB7-4FBE-8E61-8047F0956BF1}]

[-HKEY_CLASSES_ROOT\vnbptxlf]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RollerCoasterTycoon.exe"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Nod32 Runtime"=-

 

Post combofix-loggen

Endret 6. juni 2008 av norbat

[Breidablik]

Ja, der var det gjort, eg fekk sletta fila i registeret, og her har du Combofix-loggen:

 

 

ComboFix 08-06-06.2 - Torje Breidablik 2008-06-06 21:05:04.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1407 [GMT 2:00]

Running from: C:\Documents and Settings\Torje Breidablik\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

Command switches used :: C:\Documents and Settings\Torje Breidablik\Skrivebord\CFScript.txt..txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))

.

 

2008-06-06 20:14 . 2008-06-06 20:14 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-06-06 20:14 . 2008-06-06 20:14 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\Malwarebytes

2008-06-06 20:14 . 2008-06-06 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-06-06 20:14 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-06 20:14 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-06 17:24 . 2008-06-06 17:24 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-06-06 17:24 . 2008-06-06 17:24 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\SUPERAntiSpyware.com

2008-06-06 17:24 . 2008-06-06 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-06-06 17:13 . 2008-06-06 17:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-06-06 14:47 . 2008-06-06 16:23 53,252 --a------ C:\tasksmgr.exe

2008-06-05 14:50 . 2008-06-05 15:08 53,252 --a------ C:\Loveits.exe

2008-06-03 19:10 . 2008-06-03 21:19 417,792 --a------ C:\WINDOWS\39382.got

2008-06-03 15:02 . 2008-06-03 16:32 <DIR> d-------- C:\Programfiler\Windows Sidebar

2008-06-03 15:01 . 2008-06-03 15:01 <DIR> d-------- C:\Programfiler\Alky for Applications

2008-06-02 22:46 . 2008-06-02 22:47 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-06-02 22:34 . 2008-06-02 22:34 <DIR> d-------- C:\Programfiler\TrueTransparency

2008-06-02 21:52 . 2008-06-02 15:09 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup

2008-06-02 15:36 . 2008-06-06 20:24 <DIR> d-------- C:\Programfiler\ViStart

2008-06-02 15:09 . 2008-06-02 22:47 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-06-02 15:09 . 2008-06-02 22:47 70,424 --a------ C:\WINDOWS\BricoPackUninst.cmd

2008-06-02 15:07 . 2008-06-02 22:45 <DIR> d-------- C:\WINDOWS\BricoPacks

2008-06-01 20:56 . 2008-06-01 20:56 <DIR> d-------- C:\WINDOWS\system32\VIRepair

2008-06-01 19:28 . 2008-06-01 19:28 76,214 --a------ C:\WINDOWS\Icon_2.ico

2008-06-01 18:42 . 2008-06-01 18:43 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\ViStart

2008-06-01 18:40 . 2008-06-01 18:40 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\Styler

2008-06-01 18:39 . 2008-06-01 20:19 <DIR> d-------- C:\Programfiler\WinFlip

2008-06-01 18:39 . 2008-06-01 20:56 <DIR> d-------- C:\Programfiler\Styler

2008-06-01 18:37 . 2008-06-01 20:57 <DIR> d-------- C:\WINDOWS\system32\VITrans

2008-06-01 18:37 . 2008-06-01 19:31 <DIR> d-------- C:\VTPFiles

2008-06-01 18:37 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe

2008-06-01 18:37 . 2008-06-01 18:37 78,942 --a------ C:\WINDOWS\Icon_1.ico

2008-06-01 18:37 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe

2008-06-01 18:37 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe

2008-06-01 18:37 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe

2008-06-01 18:22 . 2008-06-01 18:27 <DIR> d-------- C:\Programfiler\HMSoft

2008-05-31 11:48 . 2008-05-31 11:48 <DIR> d-------- C:\WINDOWS\system32\no

2008-05-31 11:48 . 2008-05-31 11:48 <DIR> d-------- C:\WINDOWS\system32\bits

2008-05-31 11:48 . 2008-05-31 11:48 <DIR> d-------- C:\WINDOWS\l2schemas

2008-05-31 11:46 . 2008-05-31 11:46 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-05-31 11:36 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys

2008-05-31 11:36 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys

2008-05-27 16:13 . 2008-04-14 17:50 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-05-23 21:05 . 2008-05-23 21:05 <DIR> d-------- C:\Programfiler\NeoPaint for Windows

2008-05-22 18:32 . 2008-05-22 18:47 <DIR> d-------- C:\WINDOWS\NV29323624.TMP

2008-05-14 16:12 . 2008-05-14 16:14 <DIR> d-------- C:\WINDOWS\NV31923068.TMP

2008-05-14 16:12 . 2008-05-14 16:12 <DIR> d-------- C:\NVIDIA

2008-05-14 16:12 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-05-14 16:12 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-05-11 10:45 . 2008-05-11 12:39 <DIR> d-------- C:\Programfiler\RivaTuner v2.09

2008-05-10 15:39 . 2008-05-10 15:39 <DIR> d-------- C:\Programfiler\Lavalys

2008-05-10 14:13 . 2008-05-22 18:32 <DIR> d-------- C:\WINDOWS\nvidia icons

2008-05-10 14:13 . 2008-05-10 14:15 <DIR> d-------- C:\WINDOWS\NV4402792.TMP

2008-05-10 13:08 . 2008-05-10 13:10 <DIR> d-------- C:\WINDOWS\NV244280.TMP

2008-05-07 15:30 . 2008-05-14 16:11 <DIR> d-------- C:\Programfiler\Project64 1.6

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-06 18:25 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\skypePM

2008-06-06 18:25 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\Skype

2008-06-06 11:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\Google Updater

2008-06-05 18:36 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\LimeWire

2008-06-03 18:18 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-06-02 19:56 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\Xfire

2008-06-02 13:09 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-05-29 06:34 --------- d-s---w C:\Programfiler\Xfire

2008-05-26 19:37 --------- d-----w C:\Programfiler\Opera

2008-05-25 19:32 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-25 19:32 --------- d-----w C:\Programfiler\Google

2008-05-23 20:55 --------- d-----w C:\Programfiler\Prime95

2008-05-16 13:51 --------- d-----w C:\Programfiler\Raptor

2008-05-16 13:50 --------- d-----w C:\Programfiler\EA Sports

2008-05-16 13:48 --------- d-----w C:\Programfiler\Winamp

2008-05-16 13:47 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment

2008-05-03 07:47 --------- d-----w C:\Programfiler\Unity

2008-05-03 07:15 --------- d-----w C:\Programfiler\VideoLAN

2008-05-03 07:15 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\dvdcss

2008-05-03 07:11 --------- d-----w C:\Programfiler\AVI Codec Pack

2008-05-02 20:19 --------- d-----w C:\Programfiler\XviD

2008-05-02 08:35 --------- d-----w C:\Programfiler\Fellesfiler\Skype

2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2008-04-28 14:21 --------- d-----w C:\Programfiler\LimeWire

2008-04-27 11:49 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-04-27 07:40 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-04-27 07:40 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-04-27 07:39 --------- d-----w C:\Programfiler\Futuremark

2008-04-26 09:38 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\AVGTOOLBAR

2008-04-26 09:18 --------- d-----w C:\Programfiler\AbsoluteTransfer

2008-04-26 09:13 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-04-26 09:13 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-04-26 09:13 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-04-26 09:13 --------- d-----w C:\Programfiler\AVG

2008-04-26 09:13 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8

2008-04-23 16:06 --------- d-----w C:\Documents and Settings\LocalService\Programdata\skypePM

2008-04-21 14:56 --------- d-----w C:\Programfiler\OCCT

2008-04-20 14:03 --------- d-----w C:\Programfiler\Paint.NET

2008-04-20 11:06 --------- d-----w C:\Programfiler\id Software

2008-04-20 11:03 --------- d-----w C:\Programfiler\Warblade

2008-04-20 10:19 --------- d-----w C:\Programfiler\Motherboard Monitor 5

2008-04-20 06:01 --------- d-----w C:\Programfiler\ATITool

2008-04-20 05:32 --------- d-----w C:\Programfiler\Fellesfiler\Futuremark Shared

2008-04-19 19:08 90,112 ----a-w C:\WINDOWS\DUMP66f7.tmp

2008-04-19 14:17 --------- d-----w C:\Programfiler\PowerStrip

2008-04-19 10:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\Valve

2008-04-18 19:16 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-04-18 19:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-18 19:16 22,328 ----a-w C:\Documents and Settings\Torje Breidablik\Programdata\PnkBstrK.sys

2008-04-18 19:16 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-04-18 13:44 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\Winamp

2008-04-18 13:40 --------- d-----w C:\Programfiler\Winamp Toolbar

2008-04-18 13:40 --------- d-----w C:\Documents and Settings\All Users\Programdata\Winamp Toolbar

2008-04-16 16:29 --------- d--h--w C:\Documents and Settings\Torje Breidablik\Programdata\ijjigame

2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 16:22 98,816 ----a-w C:\WINDOWS\system32\winscard.dll

2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll

2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 16:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 15:47 673,280 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

.

 

------- Sigcheck -------

 

2007-10-11 01:42 825344 06fb7a0d18f4546f120af73ae24354c8 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

2007-12-07 04:00 825344 5b32804f6adaea2d9615637a353b1c82 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

2008-03-01 14:49 827392 49f00b84be5a82d0de6ab10b1fa93c32 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

2006-03-02 14:00 655872 10f493204ebe9eaad8664819e97c36cf C:\WINDOWS\ie7\wininet.dll

2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll

2007-10-11 01:54 824832 58bb40542f013c10d21af514a6380209 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll

2007-12-07 04:17 824832 b55fe0db96700d41313e0c613a1adb16 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll

2008-03-01 15:05 817152 b44f2446e38694da3b8cb77b3b405b8a C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2007-12-07 03:08 658944 709671f9a2afbc2a4cbcf5134b558ba1 C:\WINDOWS\SoftwareDistribution\Download\61651e5b788f9157d28154653d8042e9\sp2gdr\wininet.dll

2007-12-07 02:47 665600 989f1c62837e38578950f141cc13238f C:\WINDOWS\SoftwareDistribution\Download\61651e5b788f9157d28154653d8042e9\sp2qfe\wininet.dll

2008-04-14 18:22 665600 3b22bd33306298210ccba8541dfe94b5 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\wininet.dll

2008-03-01 15:05 817152 b44f2446e38694da3b8cb77b3b405b8a C:\WINDOWS\system32\wininet.dll

2008-03-01 15:05 826368 5ba67869f780094ab4dbda4e336c7705 C:\WINDOWS\system32\dllcache\wininet.dll

 

2008-04-14 18:22 976384 9e5bc741765c907f017e0b8b21052228 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1033216 1a8e8cace017e1b143de91e11987ed39 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 15:24 1033216 2964b3f5e59f5d989252e2564a21a4c1 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2006-03-02 14:00 1032192 0b4a898de1aa20d133c91ba260e7a8a1 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2008-04-14 18:22 976384 9e5bc741765c907f017e0b8b21052228 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2008-04-14 18:22 1033728 8059c34b6f4758f678e975665eadfd87 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-06-06_15.44.49,31 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-06 11:42:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-06 18:24:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-06 15:24:29 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-06-06 15:24:29 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

- 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

- 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-03-19 16:06:28 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

+ 2008-06-06 18:25:52 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2008-03-20 00:36 1267040 --a------ C:\Programfiler\Winamp Toolbar\winamptb.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2008-03-16 11:25 398776 --a------ C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

2008-04-26 11:13 2050816 --a------ C:\Programfiler\AVG\AVG8\avgtoolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3AB99368-48AF-4A01-B845-2904204948B5}"= "C:\WINDOWS\vnbptxlf.dll" [ ]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programfiler\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\Programfiler\AVG\AVG8\avgtoolbar.dll" [2008-04-26 11:13 2050816]

 

[HKEY_CLASSES_ROOT\clsid\{3ab99368-48af-4a01-b845-2904204948b5}]

[HKEY_CLASSES_ROOT\vnbptxlf.1]

[HKEY_CLASSES_ROOT\TypeLib\{E814C71C-7BB7-4FBE-8E61-8047F0956BF1}]

[HKEY_CLASSES_ROOT\vnbptxlf]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programfiler\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\Programfiler\AVG\AVG8\avgtoolbar.dll [2008-04-26 11:13 2050816]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CamTray.exe" [2005-10-27 12:00 299008]

"LightScribe Control Panel"="C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe" [2007-08-23 18:36 455968]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]

"RollerCoasterTycoon.exe"="C:\DOCUME~1\TORJEB~1\PROGRA~1\Opera\Opera\profile\cache4\TEMPOR~1\ROLLER~1.exe" [ ]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"LClock"="C:\Programfiler\LClock\LClock.exe" [ ]

"Vista Sidebar"="C:\Programfiler\Vista Sidebar\sidebar.exe" [ ]

"ViOrb"="C:\Programfiler\ViOrb\ViOrb.exe" [ ]

"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]

"ViStart"="C:\Programfiler\ViStart\ViStart" [ ]

"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 09:43 180224]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.EXE]

"Gainward"="C:\Programfiler\Vtune\TBPanel.exe" [2007-06-26 16:08 2158592]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"InCD"="C:\Programfiler\Nero\Nero 7\InCD\InCD.exe" [2007-09-26 14:31 1057064]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 20:49 36352]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-26 11:13 1177368]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]

"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Nod32 Runtime"="sysregi.exe" []

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

 

C:\Documents and Settings\Torje Breidablik\Start-meny\Programmer\Oppstart\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Google Updater.lnk - C:\Programfiler\Google\Google Updater\GoogleUpdater.exe [2008-04-17 16:00:21 124400]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Xfire\\xfire.exe"=

"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"C:\\Programfiler\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\WINDOWS\\system32\\dxdiag.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\Programfiler\\BearShare Applications\\BearShare\\BearShare.exe"=

"C:\\Programfiler\\Opera\\Opera.exe"=

"C:\\Programfiler\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=

"C:\\ijji\\ENGLISH\\u_gunz.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqw.exe"=

"C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqwded.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-26 11:13]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-26 11:13]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 11:13]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-26 11:13]

R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 03:37]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Programfiler\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 00:00]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]

S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]

S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]

S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]

S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]

S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 00:45]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Programfiler\Fellesfiler\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

"2008-06-06 19:04:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-06 21:05:30

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\C:\Programfiler\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

.

Completion time: 2008-06-06 21:06:18

ComboFix-quarantined-files.txt 2008-06-06 19:06:04

ComboFix2.txt 2008-06-06 18:31:40

ComboFix3.txt 2008-06-06 14:03:54

ComboFix4.txt 2008-06-06 13:45:10

 

Pre-Run: 462,179,307,520 byte ledig

Post-Run: 462,161,604,608 byte ledig

 

347 --- E O F --- 2008-05-28 06:44:03

 

 

 

PS. Eg både dobbel- og trippelsjekka at eg var på rett plass i registeret...

Endret 6. juni 2008 av Breidablik

[norbat]

Du må nok kjøre CFScript-prosessen en gang til.

 

Når du lagrer fila, skriver du bare CFScript

Endelsen .txt kommer automatisk.

 

Følgende innhold skal altså ligge i fila:

 

File::

C:\tasksmgr.exe

C:\Loveits.exe

C:\WINDOWS\39382.got

C:\WINDOWS\DUMP66f7.tmp

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3AB99368-48AF-4A01-B845-2904204948B5}"=-

[-HKEY_CLASSES_ROOT\clsid\{3ab99368-48af-4a01-b845-2904204948b5}]

[-HKEY_CLASSES_ROOT\vnbptxlf.1]

[-HKEY_CLASSES_ROOT\TypeLib\{E814C71C-7BB7-4FBE-8E61-8047F0956BF1}]

[-HKEY_CLASSES_ROOT\vnbptxlf]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RollerCoasterTycoon.exe"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Nod32 Runtime"=-

Endret 6. juni 2008 av norbat

[Breidablik]

Yup, her er altså loggen...: (Eg føler eg har skrive det gaaanske mange gongar no... )

 

 

ComboFix 08-06-06.2 - Torje Breidablik 2008-06-06 21:16:44.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1397 [GMT 2:00]

Running from: C:\Documents and Settings\Torje Breidablik\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

Command switches used :: C:\Documents and Settings\Torje Breidablik\Skrivebord\CFSCript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\Loveits.exe

C:\tasksmgr.exe

C:\WINDOWS\39382.got

C:\WINDOWS\DUMP66f7.tmp

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Loveits.exe

C:\tasksmgr.exe

C:\WINDOWS\39382.got

C:\WINDOWS\DUMP66f7.tmp

 

.

((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))

.

 

2008-06-06 20:14 . 2008-06-06 20:14 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-06-06 20:14 . 2008-06-06 20:14 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\Malwarebytes

2008-06-06 20:14 . 2008-06-06 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-06-06 20:14 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-06 20:14 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-06 17:24 . 2008-06-06 17:24 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-06-06 17:24 . 2008-06-06 17:24 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\SUPERAntiSpyware.com

2008-06-06 17:24 . 2008-06-06 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-06-06 17:13 . 2008-06-06 17:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-06-03 15:02 . 2008-06-03 16:32 <DIR> d-------- C:\Programfiler\Windows Sidebar

2008-06-03 15:01 . 2008-06-03 15:01 <DIR> d-------- C:\Programfiler\Alky for Applications

2008-06-02 22:46 . 2008-06-02 22:47 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-06-02 22:34 . 2008-06-02 22:34 <DIR> d-------- C:\Programfiler\TrueTransparency

2008-06-02 21:52 . 2008-06-02 15:09 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup

2008-06-02 15:36 . 2008-06-06 20:24 <DIR> d-------- C:\Programfiler\ViStart

2008-06-02 15:09 . 2008-06-02 22:47 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-06-02 15:09 . 2008-06-02 22:47 70,424 --a------ C:\WINDOWS\BricoPackUninst.cmd

2008-06-02 15:07 . 2008-06-02 22:45 <DIR> d-------- C:\WINDOWS\BricoPacks

2008-06-01 20:56 . 2008-06-01 20:56 <DIR> d-------- C:\WINDOWS\system32\VIRepair

2008-06-01 19:28 . 2008-06-01 19:28 76,214 --a------ C:\WINDOWS\Icon_2.ico

2008-06-01 18:42 . 2008-06-01 18:43 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\ViStart

2008-06-01 18:40 . 2008-06-01 18:40 <DIR> d-------- C:\Documents and Settings\Torje Breidablik\Programdata\Styler

2008-06-01 18:39 . 2008-06-01 20:19 <DIR> d-------- C:\Programfiler\WinFlip

2008-06-01 18:39 . 2008-06-01 20:56 <DIR> d-------- C:\Programfiler\Styler

2008-06-01 18:37 . 2008-06-01 20:57 <DIR> d-------- C:\WINDOWS\system32\VITrans

2008-06-01 18:37 . 2008-06-01 19:31 <DIR> d-------- C:\VTPFiles

2008-06-01 18:37 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe

2008-06-01 18:37 . 2008-06-01 18:37 78,942 --a------ C:\WINDOWS\Icon_1.ico

2008-06-01 18:37 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe

2008-06-01 18:37 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe

2008-06-01 18:37 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe

2008-06-01 18:22 . 2008-06-01 18:27 <DIR> d-------- C:\Programfiler\HMSoft

2008-05-31 11:48 . 2008-05-31 11:48 <DIR> d-------- C:\WINDOWS\system32\no

2008-05-31 11:48 . 2008-05-31 11:48 <DIR> d-------- C:\WINDOWS\system32\bits

2008-05-31 11:48 . 2008-05-31 11:48 <DIR> d-------- C:\WINDOWS\l2schemas

2008-05-31 11:46 . 2008-05-31 11:46 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-05-31 11:36 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys

2008-05-31 11:36 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys

2008-05-27 16:13 . 2008-04-14 17:50 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-05-23 21:05 . 2008-05-23 21:05 <DIR> d-------- C:\Programfiler\NeoPaint for Windows

2008-05-22 18:32 . 2008-05-22 18:47 <DIR> d-------- C:\WINDOWS\NV29323624.TMP

2008-05-14 16:12 . 2008-05-14 16:14 <DIR> d-------- C:\WINDOWS\NV31923068.TMP

2008-05-14 16:12 . 2008-05-14 16:12 <DIR> d-------- C:\NVIDIA

2008-05-14 16:12 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-05-14 16:12 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-05-11 10:45 . 2008-05-11 12:39 <DIR> d-------- C:\Programfiler\RivaTuner v2.09

2008-05-10 15:39 . 2008-05-10 15:39 <DIR> d-------- C:\Programfiler\Lavalys

2008-05-10 14:13 . 2008-05-22 18:32 <DIR> d-------- C:\WINDOWS\nvidia icons

2008-05-10 14:13 . 2008-05-10 14:15 <DIR> d-------- C:\WINDOWS\NV4402792.TMP

2008-05-10 13:08 . 2008-05-10 13:10 <DIR> d-------- C:\WINDOWS\NV244280.TMP

2008-05-07 15:30 . 2008-05-14 16:11 <DIR> d-------- C:\Programfiler\Project64 1.6

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-06 18:25 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\skypePM

2008-06-06 18:25 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\Skype

2008-06-06 11:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\Google Updater

2008-06-05 18:36 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\LimeWire

2008-06-03 18:18 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-06-02 19:56 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\Xfire

2008-06-02 13:09 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-05-29 06:34 --------- d-s---w C:\Programfiler\Xfire

2008-05-26 19:37 --------- d-----w C:\Programfiler\Opera

2008-05-25 19:32 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-25 19:32 --------- d-----w C:\Programfiler\Google

2008-05-23 20:55 --------- d-----w C:\Programfiler\Prime95

2008-05-16 13:51 --------- d-----w C:\Programfiler\Raptor

2008-05-16 13:50 --------- d-----w C:\Programfiler\EA Sports

2008-05-16 13:48 --------- d-----w C:\Programfiler\Winamp

2008-05-16 13:47 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment

2008-05-03 07:47 --------- d-----w C:\Programfiler\Unity

2008-05-03 07:15 --------- d-----w C:\Programfiler\VideoLAN

2008-05-03 07:15 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\dvdcss

2008-05-03 07:11 --------- d-----w C:\Programfiler\AVI Codec Pack

2008-05-02 20:19 --------- d-----w C:\Programfiler\XviD

2008-05-02 08:35 --------- d-----w C:\Programfiler\Fellesfiler\Skype

2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2008-04-28 14:21 --------- d-----w C:\Programfiler\LimeWire

2008-04-27 11:49 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-04-27 07:40 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-04-27 07:40 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-04-27 07:39 --------- d-----w C:\Programfiler\Futuremark

2008-04-26 09:38 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\AVGTOOLBAR

2008-04-26 09:18 --------- d-----w C:\Programfiler\AbsoluteTransfer

2008-04-26 09:13 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-04-26 09:13 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-04-26 09:13 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-04-26 09:13 --------- d-----w C:\Programfiler\AVG

2008-04-26 09:13 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8

2008-04-23 16:06 --------- d-----w C:\Documents and Settings\LocalService\Programdata\skypePM

2008-04-21 14:56 --------- d-----w C:\Programfiler\OCCT

2008-04-20 14:03 --------- d-----w C:\Programfiler\Paint.NET

2008-04-20 11:06 --------- d-----w C:\Programfiler\id Software

2008-04-20 11:03 --------- d-----w C:\Programfiler\Warblade

2008-04-20 10:19 --------- d-----w C:\Programfiler\Motherboard Monitor 5

2008-04-20 06:01 --------- d-----w C:\Programfiler\ATITool

2008-04-20 05:32 --------- d-----w C:\Programfiler\Fellesfiler\Futuremark Shared

2008-04-19 14:17 --------- d-----w C:\Programfiler\PowerStrip

2008-04-19 10:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\Valve

2008-04-18 19:16 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-04-18 19:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-18 19:16 22,328 ----a-w C:\Documents and Settings\Torje Breidablik\Programdata\PnkBstrK.sys

2008-04-18 19:16 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-04-18 13:44 --------- d-----w C:\Documents and Settings\Torje Breidablik\Programdata\Winamp

2008-04-18 13:40 --------- d-----w C:\Programfiler\Winamp Toolbar

2008-04-18 13:40 --------- d-----w C:\Documents and Settings\All Users\Programdata\Winamp Toolbar

2008-04-16 16:29 --------- d--h--w C:\Documents and Settings\Torje Breidablik\Programdata\ijjigame

2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 16:22 98,816 ----a-w C:\WINDOWS\system32\winscard.dll

2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll

2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 16:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 15:47 673,280 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-14 07:23 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

.

 

------- Sigcheck -------

 

2007-10-11 01:42 825344 06fb7a0d18f4546f120af73ae24354c8 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

2007-12-07 04:00 825344 5b32804f6adaea2d9615637a353b1c82 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

2008-03-01 14:49 827392 49f00b84be5a82d0de6ab10b1fa93c32 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

2006-03-02 14:00 655872 10f493204ebe9eaad8664819e97c36cf C:\WINDOWS\ie7\wininet.dll

2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll

2007-10-11 01:54 824832 58bb40542f013c10d21af514a6380209 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll

2007-12-07 04:17 824832 b55fe0db96700d41313e0c613a1adb16 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll

2008-03-01 15:05 817152 b44f2446e38694da3b8cb77b3b405b8a C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2007-12-07 03:08 658944 709671f9a2afbc2a4cbcf5134b558ba1 C:\WINDOWS\SoftwareDistribution\Download\61651e5b788f9157d28154653d8042e9\sp2gdr\wininet.dll

2007-12-07 02:47 665600 989f1c62837e38578950f141cc13238f C:\WINDOWS\SoftwareDistribution\Download\61651e5b788f9157d28154653d8042e9\sp2qfe\wininet.dll

2008-04-14 18:22 665600 3b22bd33306298210ccba8541dfe94b5 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\wininet.dll

2008-03-01 15:05 817152 b44f2446e38694da3b8cb77b3b405b8a C:\WINDOWS\system32\wininet.dll

2008-03-01 15:05 826368 5ba67869f780094ab4dbda4e336c7705 C:\WINDOWS\system32\dllcache\wininet.dll

 

2008-04-14 18:22 976384 9e5bc741765c907f017e0b8b21052228 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1033216 1a8e8cace017e1b143de91e11987ed39 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 15:24 1033216 2964b3f5e59f5d989252e2564a21a4c1 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2006-03-02 14:00 1032192 0b4a898de1aa20d133c91ba260e7a8a1 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2008-04-14 18:22 976384 9e5bc741765c907f017e0b8b21052228 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2008-04-14 18:22 1033728 8059c34b6f4758f678e975665eadfd87 C:\WINDOWS\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-06-06_15.44.49,31 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-06 11:42:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-06 18:24:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-06 15:24:29 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-06-06 15:24:29 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

- 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

- 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-03-19 16:06:28 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

+ 2008-06-06 18:25:52 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2008-03-20 00:36 1267040 --a------ C:\Programfiler\Winamp Toolbar\winamptb.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2008-03-16 11:25 398776 --a------ C:\Programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

2008-04-26 11:13 2050816 --a------ C:\Programfiler\AVG\AVG8\avgtoolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programfiler\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\Programfiler\AVG\AVG8\avgtoolbar.dll" [2008-04-26 11:13 2050816]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programfiler\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\Programfiler\AVG\AVG8\avgtoolbar.dll [2008-04-26 11:13 2050816]

 

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CamTray.exe" [2005-10-27 12:00 299008]

"LightScribe Control Panel"="C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe" [2007-08-23 18:36 455968]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"LClock"="C:\Programfiler\LClock\LClock.exe" [ ]

"Vista Sidebar"="C:\Programfiler\Vista Sidebar\sidebar.exe" [ ]

"ViOrb"="C:\Programfiler\ViOrb\ViOrb.exe" [ ]

"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]

"ViStart"="C:\Programfiler\ViStart\ViStart" [ ]

"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 09:43 180224]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.EXE]

"Gainward"="C:\Programfiler\Vtune\TBPanel.exe" [2007-06-26 16:08 2158592]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"InCD"="C:\Programfiler\Nero\Nero 7\InCD\InCD.exe" [2007-09-26 14:31 1057064]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 20:49 36352]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-26 11:13 1177368]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]

"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

 

C:\Documents and Settings\Torje Breidablik\Start-meny\Programmer\Oppstart\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Google Updater.lnk - C:\Programfiler\Google\Google Updater\GoogleUpdater.exe [2008-04-17 16:00:21 124400]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Xfire\\xfire.exe"=

"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"C:\\Programfiler\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\WINDOWS\\system32\\dxdiag.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\Programfiler\\BearShare Applications\\BearShare\\BearShare.exe"=

"C:\\Programfiler\\Opera\\Opera.exe"=

"C:\\Programfiler\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=

"C:\\ijji\\ENGLISH\\u_gunz.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqw.exe"=

"C:\\Programfiler\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqwded.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-26 11:13]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-26 11:13]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 11:13]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-26 11:13]

R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 03:37]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Programfiler\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 00:00]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 12:33]

S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 12:33]

S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 12:33]

S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 12:33]

S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 12:33]

S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 00:45]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Programfiler\Fellesfiler\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

"2008-06-06 19:04:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-06 21:17:11

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\C:\Programfiler\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"

.

Completion time: 2008-06-06 21:17:55

ComboFix-quarantined-files.txt 2008-06-06 19:17:32

ComboFix2.txt 2008-06-06 19:06:19

ComboFix3.txt 2008-06-06 18:31:40

ComboFix4.txt 2008-06-06 14:03:54

ComboFix5.txt 2008-06-06 13:45:10

 

Pre-Run: 462,149,832,704 byte ledig

Post-Run: 462,131,564,544 byte ledig

 

349 --- E O F --- 2008-05-28 06:44:03