qwerty1234 Skrevet 27. juni 2008 Del Skrevet 27. juni 2008 Ja, eg har hatt virus i det siste. Får ikke fjernet det. Kan noen se igjennom denne loggen? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:43:28, on 27.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\DriveHQ\DriveHQ Online Backup\Backupservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE C:\WINDOWS\system32\IoctlSvc.exe C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\DriveHQ\DriveHQ Online Backup\DriveHQRepository4.01.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DriveHQ\DriveHQ Online Backup\DrivehqBackup.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: SVC plugin - {7EA5E375-6136-496E-9616-E03B4F9EA1C0} - C:\WINDOWS\odsaxu.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DrivehqBackup] "C:\Program Files\DriveHQ\DriveHQ Online Backup\DrivehqBackup.exe" autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKLM\..\Policies\Explorer\Run: [] O4 - HKUS\S-1-5-21-2187244276-3354290037-2738799314-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Gry`s roterom') O4 - HKUS\S-1-5-21-2187244276-3354290037-2738799314-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Gry`s roterom') O4 - HKUS\S-1-5-21-2187244276-3354290037-2738799314-1008\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Gry`s roterom') O4 - HKUS\S-1-5-21-2187244276-3354290037-2738799314-1008\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'Gry`s roterom') O4 - S-1-5-21-2187244276-3354290037-2738799314-1008 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Gry`s roterom') O4 - S-1-5-21-2187244276-3354290037-2738799314-1008 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Gry`s roterom') O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Google-søk - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Koblinger bakover - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Lignende sider - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.fossebakken.com/controls/IlosoftImageUpload.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DriveHQ Backup Service - Drive Headquarter - C:\Program Files\DriveHQ\DriveHQ Online Backup\Backupservice.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 16733 bytes Lenke til kommentar
norbat Skrevet 27. juni 2008 Del Skrevet 27. juni 2008 Du har nylig kjørt SuperAntiSpyware? - hva fant det (loggen finnes på preferences->statistics/logs). Den poster du etter at du har gjort følgende: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
qwerty1234 Skrevet 27. juni 2008 Forfatter Del Skrevet 27. juni 2008 (endret) Slik. Her er loggen fra combofix; ComboFix 08-06-20.4 - Mika J 2008-06-27 22:59:04.3 - NTFSx86 Running from: C:\Documents and Settings\Mika J\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Gjester\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\smp.bat C:\WINDOWS\system32\28463 C:\WINDOWS\system32\28463\AKV.exe C:\WINDOWS\system32\28463\LEKW.001 C:\WINDOWS\system32\28463\LEKW.006 C:\WINDOWS\system32\28463\LEKW.007 C:\WINDOWS\system32\28463\LEKW.exe . ((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))) . 2008-06-26 20:36 . 2008-06-26 20:36 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero 2008-06-25 22:52 . 2008-06-25 22:52 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Acoustica 2008-06-25 22:51 . 2008-06-25 22:51 <DIR> d-------- C:\Program Files\Acoustica Shared Effects 2008-06-25 22:51 . 2007-08-07 11:32 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll 2008-06-25 22:39 . 2008-06-25 22:52 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 4 2008-06-25 22:39 . 2008-06-25 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acoustica 2008-06-25 22:29 . 2008-06-25 22:30 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Propellerhead Software 2008-06-25 22:29 . 2008-06-25 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software 2008-06-25 22:29 . 2008-06-25 22:29 368,640 --a------ C:\WINDOWS\system32\ReWire.dll 2008-06-25 22:29 . 2008-06-25 22:29 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll 2008-06-25 22:27 . 2008-06-25 22:27 <DIR> d-------- C:\Program Files\Propellerhead 2008-06-20 01:56 . 2008-06-25 04:36 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-06-19 22:29 . 2008-06-19 22:29 <DIR> d-------- C:\Documents and Settings\Gry`s roterom\Application Data\Nero 2008-06-19 16:30 . 2008-06-19 16:30 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Nero 2008-06-19 16:24 . 2008-06-19 16:24 <DIR> d-------- C:\Program Files\Nero 2008-06-19 16:24 . 2008-06-19 16:27 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-06-19 16:24 . 2008-06-19 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-06-11 15:27 . 2008-06-11 15:27 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\HP 2008-06-11 11:09 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 11:09 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 15:52 . 2008-06-10 15:52 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\AdobeUM 2008-06-08 21:45 . 2008-06-08 21:45 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\YAFSScreen 2008-06-06 15:08 . 2008-06-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-05 15:04 . 2008-06-05 15:04 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SUPERAntiSpyware.com 2008-06-04 13:42 . 2008-06-04 13:42 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Jasc Software Inc 2008-06-04 13:41 . 2008-06-04 13:41 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Sonic 2008-06-04 13:40 . 2008-06-04 13:40 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Leadertech 2008-06-03 15:58 . 2008-06-03 15:58 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\DriveHQ 2008-06-03 15:56 . 2008-06-03 15:56 <DIR> d-------- C:\Program Files\DriveHQ 2008-06-03 15:56 . 2008-06-19 16:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DriveHQ 2008-06-03 15:56 . 2008-06-27 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriveHQ 2008-06-03 15:55 . 2008-06-03 15:55 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\InstallShield 2008-06-03 15:42 . 2008-06-03 15:42 253,440 --a------ C:\WINDOWS\odsaxu.dll 2008-06-03 09:35 . 2003-07-06 14:07 372,736 --a------ C:\WINDOWS\system32\IJL_11.DLL 2008-06-03 09:35 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX 2008-06-03 09:35 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-06-03 00:36 . 2008-06-03 00:36 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\SUPERAntiSpyware.com 2008-06-03 00:24 . 2008-01-15 16:08 26,624 --a------ C:\Documents and Settings\Mika J\keygen.exe 2008-06-03 00:08 . 2008-06-03 00:08 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\HPQ 2008-06-02 23:57 . 2008-06-05 14:52 <DIR> d-------- C:\Program Files\PDM 2008-06-02 21:57 . 2008-06-02 21:57 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Template 2008-06-02 21:57 . 2008-06-19 11:43 740 --a------ C:\Documents and Settings\Mika J\Application Data\wklnhst.dat 2008-06-02 15:20 . 2008-06-02 15:20 2,392,064 --a------ C:\WINDOWS\system32\mqtgssvr.exe 2008-05-30 22:38 . 2008-05-30 22:38 <DIR> d-------- C:\Documents and Settings\Mika J\.gimp-2.4 2008-05-30 22:37 . 2008-06-27 22:32 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\LimeWire 2008-05-30 21:26 . 2008-06-03 15:05 <DIR> d-------- C:\Documents and Settings\Mika J\Contacts 2008-05-30 20:56 . 2008-05-30 20:56 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Teleca 2008-05-30 20:55 . 2006-01-03 01:12 <DIR> d-------- C:\Documents and Settings\Mika J\WINDOWS 2008-05-30 20:55 . 2008-05-30 20:55 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Sony Ericsson 2008-05-30 20:55 . 2008-06-20 11:01 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Apple Computer 2008-05-30 20:55 . 2008-06-25 15:36 <DIR> d-------- C:\Documents and Settings\Mika J . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-27 20:09 --------- d-----w C:\Documents and Settings\Gry`s roterom\Application Data\LimeWire 2008-06-27 11:28 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\DNA 2008-06-27 10:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-13 19:41 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\IMVU 2008-06-13 00:03 336 ----a-w C:\Documents and Settings\Gry`s roterom\Application Data\wklnhst.dat 2008-06-08 20:25 --------- d-----w C:\Program Files\YAFSScreen 2008-06-06 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Telenor 2008-06-06 13:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-05 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-06-05 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-06-03 13:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-03 07:27 --------- d-----w C:\Program Files\Common Files\Download Manager 2008-05-30 17:51 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire 2008-05-26 12:05 --------- d-----w C:\Program Files\Norton SystemWorks Basic Edition 2008-05-25 14:30 482 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat 2008-05-19 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-16 13:45 --------- d-----w C:\Program Files\Nattyware 2008-05-13 23:14 --------- d-----w C:\Program Files\Blender Foundation 2008-05-12 04:43 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\YAFSScreen 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-06 03:49 --------- d-----w C:\Program Files\IMVU 2008-05-04 15:30 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent 2008-05-04 15:30 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Azureus 2008-05-03 23:28 --------- d-----w C:\Program Files\DNA 2008-05-03 23:28 --------- d-----w C:\Program Files\BitTorrent 2008-05-03 23:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer 2008-05-03 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-05-03 21:21 --------- d-----w C:\Program Files\Azureus 2008-05-01 01:39 --------- d-----w C:\Program Files\LimeWire 2008-04-30 13:53 --------- d-----w C:\Program Files\Java 2008-04-28 21:12 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-04-28 20:42 --------- d-----w C:\Program Files\Sun 2008-01-18 18:28 732 ----a-w C:\Documents and Settings\Mimmi\Application Data\wklnhst.dat 2006-11-17 23:35 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EA5E375-6136-496E-9616-E03B4F9EA1C0}] 2008-06-03 15:42 253440 --a------ C:\WINDOWS\odsaxu.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 16:13 68856] "DrivehqBackup"="C:\Program Files\DriveHQ\DriveHQ Online Backup\DrivehqBackup.exe" [2008-05-27 19:05 1531904] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 15:35 7634944] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-03 01:06 180269] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 10:16:47 27136] C:\Documents and Settings\Mimmi\Start Menu\Programs\Startup\ IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2008-04-30 22:33:42 49408] LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 23:32:57 147456] C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2008-04-30 22:33:42 49408] C:\Documents and Settings\Mika Josefine\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-17 16:12:32 110592] C:\Documents and Settings\Gry`s roterom\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 23:32:57 147456] C:\Documents and Settings\Mika J\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 23:32:57 147456] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-17 16:12:32 110592] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-17 16:12:32 110592] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 19:40:44 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLogoff"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoFind"= 0 (0x0) "NoLogoff"= 0 (0x0) "NoSetFolders"= 0 (0x0) "NoViewContextMenu"= 0 (0x0) "Norun"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"= "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "C:\\Program Files\\Autodesk\\Backburner\\server.exe"= "C:\\Program Files\\Telenor\\Online Start\\Telenor.exe"= "C:\\Program Files\\backburner 2\\monitor.exe"= "C:\\Program Files\\backburner 2\\manager.exe"= "C:\\Program Files\\backburner 2\\server.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-18 19:37] R2 DriveHQ Backup Service;DriveHQ Backup Service;"C:\Program Files\DriveHQ\DriveHQ Online Backup\Backupservice.exe" [2008-05-27 19:01] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-02-15 04:07] R3 DUSBTAWAN;DrayTek USB NDISWAN Driver;C:\WINDOWS\system32\DRIVERS\musbwn2k.sys [2001-01-31 12:43] R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 19:44] S3 FakeWDMmdm;DWDMCOMM;C:\WINDOWS\system32\DRIVERS\dusbcomm.sys [2003-03-13 11:13] S3 mDTA128;miniVigor USB;C:\WINDOWS\system32\DRIVERS\musbta2kc.sys [2005-07-27 16:22] S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-01-03 06:32] S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-01-03 06:32] S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 17:16] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-06-21 21:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-23 18:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Kjør fullstendig systemsøk - HP_Administrator.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK: "2008-06-23 10:00:00 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job" - C:\Program Files\Norton SystemWorks Basic Edition\OBC.exe "2008-06-27 21:11:02 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-27 23:24:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-27 23:36:46 ComboFix-quarantined-files.txt 2008-06-27 21:36:40 Pre-Run: 25,414,553,600 bytes free Post-Run: 36,065,628,160 bytes free 241 --- E O F --- 2008-06-25 13:38:19 Her er SAS loggen; SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/07/2008 at 09:10 PM Application Version : 4.0.1154 Core Rules Database Version : 3412 Trace Rules Database Version: 1404 Scan type : Complete Scan Total Scan Time : 01:34:38 Memory items scanned : 862 Memory threats detected : 0 Registry items scanned : 8202 Registry threats detected : 6 File items scanned : 44012 File threats detected : 16 Adware.MyWebSearch HKU\S-1-5-21-2187244276-3354290037-2738799314-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKU\S-1-5-21-2187244276-3354290037-2738799314-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D} HKU\S-1-5-21-2187244276-3354290037-2738799314-1009\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D} HKU\S-1-5-21-2187244276-3354290037-2738799314-1010\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D} Adware.Tracking Cookie C:\Documents and Settings\Mika J\Cookies\[email protected][2].txt C:\Documents and Settings\Mika J\Cookies\mika_j@adtech[1].txt C:\Documents and Settings\Mika J\Cookies\mika_j@advertising[2].txt C:\Documents and Settings\Mika J\Cookies\[email protected][1].txt C:\Documents and Settings\Mika J\Cookies\mika_j@doubleclick[1].txt C:\Documents and Settings\Mika J\Cookies\mika_j@atdmt[2].txt C:\Documents and Settings\Mika J\Cookies\mika_j@2o7[2].txt C:\Documents and Settings\Mika J\Cookies\[email protected][2].txt C:\Documents and Settings\Mika J\Cookies\mika_j@tradedoubler[2].txt C:\Documents and Settings\Mika J\Cookies\mika_j@serving-sys[2].txt C:\Documents and Settings\Gry`s roterom\Cookies\gry`[email protected][2].txt C:\Documents and Settings\Gry`s roterom\Cookies\gry`s_roterom@adtech[1].txt C:\Documents and Settings\Gry`s roterom\Cookies\gry`[email protected][1].txt C:\Documents and Settings\HP_Administrator\Cookies\[email protected][2].txt C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\HP_Administrator\Cookies\[email protected][1].txt Adware.UpMedia/SearchTool HKU\S-1-5-21-2187244276-3354290037-2738799314-1010\Software\UpMedia HKU\S-1-5-21-2187244276-3354290037-2738799314-1010\Software\UptownInstaller Endret 27. juni 2008 av MikaJosefine Lenke til kommentar
norbat Skrevet 27. juni 2008 Del Skrevet 27. juni 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: (lukk nettleseren din før du klikke Fix checked) O2 - BHO: SVC plugin - {7EA5E375-6136-496E-9616-E03B4F9EA1C0} - C:\WINDOWS\odsaxu.dll O4 - HKLM\..\Policies\Explorer\Run: [] Bruk utforsker til å finne og fjerne følgende fil: C:\WINDOWS\odsaxu.dll Gå til nettstedet Jotti og last opp følgende to filer for sjekk (en i gangen) C:\Documents and Settings\Mika J\keygen.exe C:\WINDOWS\system32\mqtgssvr.exe Gi tilbakemelding på om det ble funnet noe på disse to filene Lenke til kommentar
qwerty1234 Skrevet 29. juni 2008 Forfatter Del Skrevet 29. juni 2008 Den fant ikke odsaxu noe sted.. :S C:\Documents and Settings\Mika J\keygen.exe var uten virus. C:\WINDOWS\system32\mqtgssvr.exe var tydeligvis et virus. Lenke til kommentar
norbat Skrevet 29. juni 2008 Del Skrevet 29. juni 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\mqtgssvr.exe C:\Documents and Settings\Mika J\keygen.exe C:\WINDOWS\odsaxu.dll Post loggen Lenke til kommentar
qwerty1234 Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 Den kommer straks Lenke til kommentar
qwerty1234 Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 Det kommer bare opp en error; Expired - 08-06-20.4 Current date is 01.07.2008. This copy of ComboFix has expired. Please download an updated copy Lenke til kommentar
norbat Skrevet 2. juli 2008 Del Skrevet 2. juli 2008 Da gjør du det - laster ned ny combofix Lenke til kommentar
qwerty1234 Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 ComboFix 08-07-01.5 - HP_Administrator 2008-07-02 19:08:59.5 - NTFSx86 Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Documents and Settings\Mika J\keygen.exe C:\WINDOWS\odsaxu.dll C:\WINDOWS\system32\mqtgssvr.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Rabio C:\Documents and Settings\Gry`s roterom\lsass.exe C:\Documents and Settings\Gry`s roterom\services.exe C:\Documents and Settings\HP_Administrator\lsass.exe C:\Documents and Settings\HP_Administrator\services.exe C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Deewoo.lnk C:\Documents and Settings\Mika J\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Mika J\lsass.exe C:\Documents and Settings\Mika J\Start Menu\Programs\Internet Speed Monitor C:\Documents and Settings\Mika J\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk C:\Documents and Settings\Mika J\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk C:\Documents and Settings\Mika J\Start Menu\Programs\Startup\Deewoo.lnk C:\Documents and Settings\Mika J\Start Menu\Programs\Startup\DW_Start.lnk C:\Program Files\ISM C:\Program Files\ISM\ism.exe C:\Program Files\ISM\Uninstall.exe C:\Program Files\VnrPack C:\Program Files\VnrPack\trgts.gz C:\Program Files\VnrPack\VnrPack17.exe C:\WINDOWS\84.exe C:\WINDOWS\cookies.ini C:\WINDOWS\Fonts\' C:\WINDOWS\Fonts\a.zip C:\WINDOWS\Fonts\Setup.exe C:\WINDOWS\Fonts\svchost.exe C:\WINDOWS\mrofinu1188.exe C:\WINDOWS\mrofinu1188.exe.tmp C:\WINDOWS\svchost.exe C:\WINDOWS\system32\byXNeCtt.dll C:\WINDOWS\system32\egrenvof.ini C:\WINDOWS\system32\fovnerge.dll C:\WINDOWS\system32\g48.exe C:\WINDOWS\system32\geBrrOfe.dll C:\WINDOWS\system32\hvydrtyt.dll C:\WINDOWS\system32\jkkIAPij.dll C:\WINDOWS\system32\kcntrtdm.exe C:\WINDOWS\system32\khfETJbY.dll C:\WINDOWS\system32\kljqyidy.dll C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\qercuxht.ini C:\WINDOWS\system32\rwwnw64d.exe C:\WINDOWS\system32\ttCeNXyb.ini C:\WINDOWS\system32\ttCeNXyb.ini2 C:\WINDOWS\system32\tuaxbxmf.ini C:\WINDOWS\system32\tytrdyvh.ini C:\WINDOWS\system32\vtUomMCt.dll C:\WINDOWS\system32\winpfz33.sys C:\WINDOWS\system32\ydiyqjlk.ini C:\WINDOWS\system32\zxdnt3d.cfg . ---- Previous Run ------- . C:\Documents and Settings\Mika J\keygen.exe C:\WINDOWS\system32\mqtgssvr.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSUPDATE -------\Service_msupdate ((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))) . 2008-07-02 21:20 . 2008-07-02 21:20 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVGTOOLBAR 2008-07-02 21:19 . 2008-07-02 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio 2008-07-02 16:26 . 2008-07-02 16:27 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR 2008-07-02 14:44 . 2008-07-02 14:44 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-02 13:43 . 2008-07-02 13:43 <DIR> d-------- C:\Documents and Settings\Gry`s roterom\Application Data\AVGTOOLBAR 2008-07-02 13:25 . 2008-07-02 13:25 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-02 13:25 . 2008-07-02 13:25 <DIR> d-------- C:\Program Files\AVG 2008-07-02 13:25 . 2008-07-02 19:20 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\AVGTOOLBAR 2008-07-02 13:25 . 2008-07-02 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-07-02 13:25 . 2008-07-02 13:25 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-02 13:25 . 2008-07-02 13:25 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-02 13:25 . 2008-07-02 13:25 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-02 12:44 . 2008-07-02 12:44 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-07-02 12:42 . 2008-07-02 12:41 29,760 --a------ C:\WINDOWS\system32\M8xwD2D1.exe 2008-07-02 12:42 . 2008-07-02 12:42 0 --a------ C:\WINDOWS\system32\M8xwD2D1.exe.a_a 2008-07-02 12:41 . 2008-07-02 12:43 <DIR> d-------- C:\Program Files\Plate 2008-07-02 12:41 . 2008-07-02 12:41 178,616 --a------ C:\WINDOWS\plate611.exe 2008-07-02 12:40 . 2008-07-02 16:25 <DIR> d-------- C:\WINDOWS\system32\modtrux18 2008-07-02 12:40 . 2008-07-02 12:40 <DIR> d-------- C:\temp\syschk3 2008-07-02 12:40 . 2008-07-02 12:40 223,076 --a------ C:\WINDOWS\ism611.exe 2008-07-02 12:40 . 2008-07-02 12:42 63,904 --a------ C:\WINDOWS\system32\{57087a65-0947-010e-6fb9-3c242847d5c9}.dll-uninst.exe 2008-07-02 12:40 . 2008-07-02 12:40 49,152 --a------ C:\WINDOWS\dw611.exe 2008-07-02 01:38 . 2008-07-02 01:38 <DIR> d-------- C:\Program Files\MagicISO 2008-06-30 16:32 . 2008-06-30 16:32 <DIR> dr-h----- C:\Documents and Settings\Mika J\Application Data\SecuROM 2008-06-30 15:13 . 2008-06-30 15:13 <DIR> d-------- C:\Documents and Settings\Mimmi\Application Data\Nero 2008-06-26 20:36 . 2008-06-26 20:36 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero 2008-06-25 22:52 . 2008-06-25 22:52 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Acoustica 2008-06-25 22:51 . 2008-06-25 22:51 <DIR> d-------- C:\Program Files\Acoustica Shared Effects 2008-06-25 22:51 . 2007-08-07 11:32 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll 2008-06-25 22:39 . 2008-06-25 22:52 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 4 2008-06-25 22:39 . 2008-06-25 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acoustica 2008-06-25 22:29 . 2008-06-25 22:30 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Propellerhead Software 2008-06-25 22:29 . 2008-06-25 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software 2008-06-25 22:29 . 2008-06-25 22:29 368,640 --a------ C:\WINDOWS\system32\ReWire.dll 2008-06-25 22:29 . 2008-06-25 22:29 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll 2008-06-25 22:27 . 2008-06-25 22:27 <DIR> d-------- C:\Program Files\Propellerhead 2008-06-20 01:56 . 2008-07-02 02:25 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-06-19 22:29 . 2008-06-19 22:29 <DIR> d-------- C:\Documents and Settings\Gry`s roterom\Application Data\Nero 2008-06-19 16:30 . 2008-06-19 16:30 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Nero 2008-06-19 16:24 . 2008-06-19 16:24 <DIR> d-------- C:\Program Files\Nero 2008-06-19 16:24 . 2008-06-19 16:27 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-06-19 16:24 . 2008-06-19 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-06-11 15:27 . 2008-06-11 15:27 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\HP 2008-06-11 11:09 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 11:09 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 15:52 . 2008-06-10 15:52 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\AdobeUM 2008-06-08 21:45 . 2008-06-08 21:45 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\YAFSScreen 2008-06-06 15:08 . 2008-06-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-05 15:04 . 2008-06-05 15:04 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SUPERAntiSpyware.com 2008-06-04 13:42 . 2008-06-04 13:42 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Jasc Software Inc 2008-06-04 13:41 . 2008-06-04 13:41 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Sonic 2008-06-04 13:40 . 2008-06-04 13:40 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Leadertech 2008-06-03 15:58 . 2008-06-03 15:58 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\DriveHQ 2008-06-03 15:56 . 2008-06-03 15:56 <DIR> d-------- C:\Program Files\DriveHQ 2008-06-03 15:56 . 2008-06-19 16:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DriveHQ 2008-06-03 15:56 . 2008-07-02 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriveHQ 2008-06-03 15:55 . 2008-06-03 15:55 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\InstallShield 2008-06-03 09:35 . 2003-07-06 14:07 372,736 --a------ C:\WINDOWS\system32\IJL_11.DLL 2008-06-03 09:35 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX 2008-06-03 09:35 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-06-03 00:36 . 2008-06-03 00:36 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\SUPERAntiSpyware.com 2008-06-03 00:08 . 2008-06-03 00:08 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\HPQ 2008-06-02 23:57 . 2008-06-05 14:52 <DIR> d-------- C:\Program Files\PDM 2008-06-02 21:57 . 2008-06-02 21:57 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Template 2008-06-02 21:57 . 2008-06-19 11:43 740 --a------ C:\Documents and Settings\Mika J\Application Data\wklnhst.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-02 17:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-07-02 17:32 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\DNA 2008-07-02 17:06 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\IMVU 2008-07-02 11:37 --------- d-----w C:\Documents and Settings\Gry`s roterom\Application Data\LimeWire 2008-07-02 11:12 --------- d-----w C:\Documents and Settings\Mika J\Application Data\LimeWire 2008-07-02 10:44 --------- d-----w C:\Program Files\LimeWire 2008-07-02 09:44 --------- d-----w C:\Program Files\EA GAMES 2008-07-01 17:58 --------- d-----w C:\Program Files\YAFSScreen 2008-06-30 13:14 --------- d-----w C:\Documents and Settings\Mimmi\Application Data\LimeWire 2008-06-20 09:01 --------- d-----w C:\Documents and Settings\Mika J\Application Data\Apple Computer 2008-06-13 00:03 336 ----a-w C:\Documents and Settings\Gry`s roterom\Application Data\wklnhst.dat 2008-06-06 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Telenor 2008-06-06 13:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-05 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-06-05 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-06-03 13:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-03 07:27 --------- d-----w C:\Program Files\Common Files\Download Manager 2008-05-30 18:56 --------- d-----w C:\Documents and Settings\Mika J\Application Data\Teleca 2008-05-30 18:55 --------- d-----w C:\Documents and Settings\Mika J\Application Data\Sony Ericsson 2008-05-30 17:51 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire 2008-05-26 12:05 --------- d-----w C:\Program Files\Norton SystemWorks Basic Edition 2008-05-25 14:30 482 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat 2008-05-19 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-16 13:45 --------- d-----w C:\Program Files\Nattyware 2008-05-13 23:14 --------- d-----w C:\Program Files\Blender Foundation 2008-05-12 04:43 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\YAFSScreen 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-06 03:49 --------- d-----w C:\Program Files\IMVU 2008-05-04 15:30 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent 2008-05-04 15:30 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Azureus 2008-05-03 23:28 --------- d-----w C:\Program Files\DNA 2008-05-03 23:28 --------- d-----w C:\Program Files\BitTorrent 2008-05-03 23:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer 2008-05-03 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-05-03 21:21 --------- d-----w C:\Program Files\Azureus 2008-01-18 18:28 732 ----a-w C:\Documents and Settings\Mimmi\Application Data\wklnhst.dat 2006-11-17 23:35 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-27_23.36.23,96 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-27 14:03:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-02 18:55:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-07-02 10:42:08 63,904 ----a-w C:\WINDOWS\system32\{57087a65-0947-010e-6fb9-3c242847d5c9}.dll-uninst.exe + 2008-05-26 12:21:16 365,056 ----a-w C:\WINDOWS\system32\{57087a65-0947-010e-6fb9-3c242847d5c9}.dll + 2008-07-02 11:25:49 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0617a870-f031-8403-0fe8-d84c001fad80}] 2008-05-26 14:21 365056 --a------ C:\WINDOWS\system32\{57087a65-0947-010e-6fb9-3c242847d5c9}.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A6041F1-6450-4F60-BD2E-1A778512F370}] 2008-02-21 13:17 413696 --a------ C:\Program Files\Plate\Plate.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 16:13 68856] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 18:49 307200] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 17:03 1481968] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 01:06 2321600] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-04 01:28 289088] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 15:35 7634944] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-03 01:06 180269] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "{2d091b0c-b92c-3bf9-510b-8abac591f5d0}"="C:\WINDOWS\system32\{57087a65-0947-010e-6fb9-3c242847d5c9}.dll" [2008-05-26 14:21 365056] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-02 13:25 1177368] C:\Documents and Settings\Mimmi\Start Menu\Programs\Startup\ IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2008-04-30 22:33:42 49408] LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 23:32:57 147456] C:\Documents and Settings\Gry`s roterom\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 23:32:57 147456] C:\Documents and Settings\Mika Josefine\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-17 16:12:32 110592] C:\Documents and Settings\Mika J\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 23:32:57 147456] Plate - Auto Update.lnk - C:\Program Files\Plate\Plate.exe [2008-07-02 12:41:05 178616] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-17 16:12:32 110592] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-17 16:12:32 110592] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 19:40:44 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLogoff"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoFind"= 0 (0x0) "NoLogoff"= 0 (0x0) "NoSetFolders"= 0 (0x0) "NoViewContextMenu"= 0 (0x0) "Norun"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"= "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "C:\\Program Files\\Autodesk\\Backburner\\server.exe"= "C:\\Program Files\\Telenor\\Online Start\\Telenor.exe"= "C:\\Program Files\\backburner 2\\monitor.exe"= "C:\\Program Files\\backburner 2\\manager.exe"= "C:\\Program Files\\backburner 2\\server.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-02 13:25] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-18 19:37] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-02 13:25] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-02 13:25] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-02 13:25] R2 DriveHQ Backup Service;DriveHQ Backup Service;"C:\Program Files\DriveHQ\DriveHQ Online Backup\Backupservice.exe" [2008-05-27 19:01] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-02-15 04:07] R3 DUSBTAWAN;DrayTek USB NDISWAN Driver;C:\WINDOWS\system32\DRIVERS\musbwn2k.sys [2001-01-31 12:43] R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 19:44] S3 FakeWDMmdm;DWDMCOMM;C:\WINDOWS\system32\DRIVERS\dusbcomm.sys [2003-03-13 11:13] S3 mDTA128;miniVigor USB;C:\WINDOWS\system32\DRIVERS\musbta2kc.sys [2005-07-27 16:22] S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-01-03 06:32] S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-01-03 06:32] S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 17:16] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-06-28 21:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 11:00:02 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 12:00:53 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 17:00:07 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 19:00:04 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 20:00:02 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-07-02 10:42:38 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\M8xwD2D1.exe "2008-06-30 18:00:03 C:\WINDOWS\Tasks\Norton Internet Security - Kjør fullstendig systemsøk - HP_Administrator.job" Btw, jeg har to problemer For det første, når jeg skrur av dataen, og skal skru på dataen igjen, så står den med blå skjerm der det står HP på, i 2-3 timer før den skrur seg på. Og, når jeg skal logge inn på min bruker, så dukker ikke oppgavelinjen opp, og ikonene på bakgrunnen. Hva er galt? >____< Lenke til kommentar
norbat Skrevet 2. juli 2008 Del Skrevet 2. juli 2008 Problemet skyldes bla. at explorer.exe ikke starter opp pga. infeksjonen du har. Hvis du klikker ctrl + alt + del, vil du få opp oppgavebehandlingen. Derfra kan du starte ny prosess. Skriv: explorer.exe. Dette vil normal få explorer til å starte opp (og du får tilbake icon etc.) Uansett. Fortsett med følgende (hvis det er problemer fra normal modus, trykker du flere ganger på F8-tasten under oppstart og velger sikker modus: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\WINDOWS\system32\M8xwD2D1.exe C:\WINDOWS\system32\M8xwD2D1.exe.a_a C:\WINDOWS\plate611.exe C:\WINDOWS\ism611.exe C:\WINDOWS\dw611.exe C:\WINDOWS\system32\{57087a65-0947-010e-6fb9-3c242847d5c9}.dll-uninst.exe C:\WINDOWS\system32\{57087a65-0947-010e-6fb9-3c242847d5c9}.dll C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job Folder:: C:\temp\syschk3 C:\Program Files\Plate Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0617a870-f031-8403-0fe8-d84c001fad80}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A6041F1-6450-4F60-BD2E-1A778512F370}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "{2d091b0c-b92c-3bf9-510b-8abac591f5d0}"=- Lenke til kommentar
qwerty1234 Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 Skal gjøre det straks. Men, oppgavebehandleren kommer ikke opp Lenke til kommentar
norbat Skrevet 2. juli 2008 Del Skrevet 2. juli 2008 Ok, kjør bare combofix med cfscriptet (fra sikker modus hvis det ikke fungerer i normal modus) Lenke til kommentar
qwerty1234 Skrevet 3. juli 2008 Forfatter Del Skrevet 3. juli 2008 ComboFix 08-07-01.5 - Mika J 2008-07-03 10:36:46.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.315 [GMT 2:00] Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Mika J\Desktop\CFScript.txt * Created a new restore point FILE :: C:\WINDOWS\dw611.exe C:\WINDOWS\ism611.exe C:\WINDOWS\plate611.exe C:\WINDOWS\system32\{57087a65-0947-010e-6fb9-3c242847d5c9}.dll C:\WINDOWS\system32\{57087a65-0947-010e-6fb9-3c242847d5c9}.dll-uninst.exe C:\WINDOWS\system32\M8xwD2D1.exe C:\WINDOWS\system32\M8xwD2D1.exe.a_a C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Rabio C:\Program Files\Plate C:\Program Files\Plate\Plate.dll C:\Program Files\Plate\Plate.dll.intermediate.manifest C:\Program Files\Plate\Plate.exe C:\Program Files\Plate\Plate.original C:\Program Files\Plate\platerg.dll C:\Program Files\Plate\un_PlateSetup_16713.exe C:\Program Files\Plate\un_PlateSetup_16713.txt C:\Program Files\Plate\X_Plate.exe C:\Program Files\Plate\X_Plate.log C:\temp\syschk3 C:\WINDOWS\dw611.exe C:\WINDOWS\ism611.exe C:\WINDOWS\plate611.exe C:\WINDOWS\system32\{57087a65-0947-010e-6fb9-3c242847d5c9}.dll-uninst.exe C:\WINDOWS\system32\{57087a65-0947-010e-6fb9-3c242847d5c9}.dll C:\WINDOWS\system32\M8xwD2D1.exe C:\WINDOWS\system32\M8xwD2D1.exe.a_a C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job K:\Autorun.inf . ---- Previous Run ------- . C:\Documents and Settings\All Users\Application Data\Rabio C:\Documents and Settings\Gry`s roterom\lsass.exe C:\Documents and Settings\Gry`s roterom\services.exe C:\Documents and Settings\HP_Administrator\lsass.exe C:\Documents and Settings\HP_Administrator\services.exe C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Deewoo.lnk C:\Documents and Settings\Mika J\keygen.exe C:\Documents and Settings\Mika J\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Mika J\lsass.exe C:\Documents and Settings\Mika J\Start Menu\Programs\Internet Speed Monitor C:\Documents and Settings\Mika J\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk C:\Documents and Settings\Mika J\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk C:\Documents and Settings\Mika J\Start Menu\Programs\Startup\Deewoo.lnk C:\Documents and Settings\Mika J\Start Menu\Programs\Startup\DW_Start.lnk C:\Program Files\ISM C:\Program Files\ISM\ism.exe C:\Program Files\ISM\Uninstall.exe C:\Program Files\VnrPack C:\Program Files\VnrPack\trgts.gz C:\Program Files\VnrPack\VnrPack17.exe C:\WINDOWS\84.exe C:\WINDOWS\cookies.ini C:\WINDOWS\Fonts\' C:\WINDOWS\Fonts\a.zip C:\WINDOWS\Fonts\Setup.exe C:\WINDOWS\Fonts\svchost.exe C:\WINDOWS\mrofinu1188.exe C:\WINDOWS\mrofinu1188.exe.tmp C:\WINDOWS\svchost.exe C:\WINDOWS\system32\byXNeCtt.dll C:\WINDOWS\system32\egrenvof.ini C:\WINDOWS\system32\fovnerge.dll C:\WINDOWS\system32\g48.exe C:\WINDOWS\system32\geBrrOfe.dll C:\WINDOWS\system32\hvydrtyt.dll C:\WINDOWS\system32\jkkIAPij.dll C:\WINDOWS\system32\kcntrtdm.exe C:\WINDOWS\system32\khfETJbY.dll C:\WINDOWS\system32\kljqyidy.dll C:\WINDOWS\system32\mqtgssvr.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\qercuxht.ini C:\WINDOWS\system32\rwwnw64d.exe C:\WINDOWS\system32\ttCeNXyb.ini C:\WINDOWS\system32\ttCeNXyb.ini2 C:\WINDOWS\system32\tuaxbxmf.ini C:\WINDOWS\system32\tytrdyvh.ini C:\WINDOWS\system32\vtUomMCt.dll C:\WINDOWS\system32\winpfz33.sys C:\WINDOWS\system32\ydiyqjlk.ini C:\WINDOWS\system32\zxdnt3d.cfg . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSUPDATE -------\Service_msupdate ((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 ))))))))))))))))))))))))))))))) . 2008-07-02 21:20 . 2008-07-02 21:20 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVGTOOLBAR 2008-07-02 16:26 . 2008-07-03 00:07 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR 2008-07-02 14:44 . 2008-07-02 14:44 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-02 13:43 . 2008-07-02 13:43 <DIR> d-------- C:\Documents and Settings\Gry`s roterom\Application Data\AVGTOOLBAR 2008-07-02 13:25 . 2008-07-02 13:25 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-02 13:25 . 2008-07-02 13:25 <DIR> d-------- C:\Program Files\AVG 2008-07-02 13:25 . 2008-07-02 19:20 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\AVGTOOLBAR 2008-07-02 13:25 . 2008-07-02 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-07-02 13:25 . 2008-07-02 13:25 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-02 13:25 . 2008-07-02 13:25 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-02 13:25 . 2008-07-02 13:25 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-02 12:44 . 2008-07-02 12:44 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-07-02 12:40 . 2008-07-02 16:25 <DIR> d-------- C:\WINDOWS\system32\modtrux18 2008-07-02 01:38 . 2008-07-02 01:38 <DIR> d-------- C:\Program Files\MagicISO 2008-06-30 16:32 . 2008-06-30 16:32 <DIR> dr-h----- C:\Documents and Settings\Mika J\Application Data\SecuROM 2008-06-30 15:13 . 2008-06-30 15:13 <DIR> d-------- C:\Documents and Settings\Mimmi\Application Data\Nero 2008-06-26 20:36 . 2008-06-26 20:36 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero 2008-06-25 22:52 . 2008-06-25 22:52 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Acoustica 2008-06-25 22:51 . 2008-06-25 22:51 <DIR> d-------- C:\Program Files\Acoustica Shared Effects 2008-06-25 22:51 . 2007-08-07 11:32 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll 2008-06-25 22:39 . 2008-06-25 22:52 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 4 2008-06-25 22:39 . 2008-06-25 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acoustica 2008-06-25 22:29 . 2008-06-25 22:30 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Propellerhead Software 2008-06-25 22:29 . 2008-06-25 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software 2008-06-25 22:29 . 2008-06-25 22:29 368,640 --a------ C:\WINDOWS\system32\ReWire.dll 2008-06-25 22:29 . 2008-06-25 22:29 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll 2008-06-25 22:27 . 2008-06-25 22:27 <DIR> d-------- C:\Program Files\Propellerhead 2008-06-20 01:56 . 2008-07-02 02:25 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-06-19 22:29 . 2008-06-19 22:29 <DIR> d-------- C:\Documents and Settings\Gry`s roterom\Application Data\Nero 2008-06-19 16:30 . 2008-06-19 16:30 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Nero 2008-06-19 16:24 . 2008-06-19 16:24 <DIR> d-------- C:\Program Files\Nero 2008-06-19 16:24 . 2008-06-19 16:27 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-06-19 16:24 . 2008-06-19 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-06-11 15:27 . 2008-06-11 15:27 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\HP 2008-06-11 11:09 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 11:09 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 15:52 . 2008-06-10 15:52 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\AdobeUM 2008-06-08 21:45 . 2008-06-08 21:45 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\YAFSScreen 2008-06-06 15:08 . 2008-06-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-05 15:04 . 2008-06-05 15:04 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SUPERAntiSpyware.com 2008-06-04 13:42 . 2008-06-04 13:42 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Jasc Software Inc 2008-06-04 13:41 . 2008-06-04 13:41 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Sonic 2008-06-04 13:40 . 2008-06-04 13:40 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\Leadertech 2008-06-03 15:58 . 2008-06-03 15:58 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\DriveHQ 2008-06-03 15:56 . 2008-06-03 15:56 <DIR> d-------- C:\Program Files\DriveHQ 2008-06-03 15:56 . 2008-06-19 16:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DriveHQ 2008-06-03 15:56 . 2008-07-02 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriveHQ 2008-06-03 15:55 . 2008-06-03 15:55 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\InstallShield 2008-06-03 09:35 . 2003-07-06 14:07 372,736 --a------ C:\WINDOWS\system32\IJL_11.DLL 2008-06-03 09:35 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX 2008-06-03 09:35 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-06-03 00:36 . 2008-06-03 00:36 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\SUPERAntiSpyware.com 2008-06-03 00:08 . 2008-06-03 00:08 <DIR> d-------- C:\Documents and Settings\Mika J\Application Data\HPQ . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-03 07:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-07-03 00:55 --------- d-----w C:\Documents and Settings\Mika J\Application Data\LimeWire 2008-07-02 23:16 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\DNA 2008-07-02 17:06 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\IMVU 2008-07-02 11:37 --------- d-----w C:\Documents and Settings\Gry`s roterom\Application Data\LimeWire 2008-07-02 10:44 --------- d-----w C:\Program Files\LimeWire 2008-07-02 09:44 --------- d-----w C:\Program Files\EA GAMES 2008-07-01 17:58 --------- d-----w C:\Program Files\YAFSScreen 2008-06-30 13:14 --------- d-----w C:\Documents and Settings\Mimmi\Application Data\LimeWire 2008-06-20 09:01 --------- d-----w C:\Documents and Settings\Mika J\Application Data\Apple Computer 2008-06-19 09:43 740 ----a-w C:\Documents and Settings\Mika J\Application Data\wklnhst.dat 2008-06-13 00:03 336 ----a-w C:\Documents and Settings\Gry`s roterom\Application Data\wklnhst.dat 2008-06-06 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Telenor 2008-06-06 13:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-05 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-06-05 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-06-05 12:52 --------- d-----w C:\Program Files\PDM 2008-06-03 13:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-03 07:27 --------- d-----w C:\Program Files\Common Files\Download Manager 2008-06-02 19:57 --------- d-----w C:\Documents and Settings\Mika J\Application Data\Template 2008-05-30 18:56 --------- d-----w C:\Documents and Settings\Mika J\Application Data\Teleca 2008-05-30 18:55 --------- d-----w C:\Documents and Settings\Mika J\Application Data\Sony Ericsson 2008-05-30 17:51 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire 2008-05-26 12:05 --------- d-----w C:\Program Files\Norton SystemWorks Basic Edition 2008-05-25 14:30 482 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat 2008-05-19 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-16 13:45 --------- d-----w C:\Program Files\Nattyware 2008-05-13 23:14 --------- d-----w C:\Program Files\Blender Foundation 2008-05-12 04:43 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\YAFSScreen 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-06 03:49 --------- d-----w C:\Program Files\IMVU 2008-05-04 15:30 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent 2008-05-04 15:30 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Azureus 2008-05-03 23:28 --------- d-----w C:\Program Files\DNA 2008-05-03 23:28 --------- d-----w C:\Program Files\BitTorrent 2008-05-03 23:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer 2008-05-03 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-05-03 21:21 --------- d-----w C:\Program Files\Azureus 2008-01-18 18:28 732 ----a-w C:\Documents and Settings\Mimmi\Application Data\wklnhst.dat 2006-11-17 23:35 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-27_23.36.23,96 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-27 14:03:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-03 10:06:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-07-02 11:25:49 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 16:13 68856] "DrivehqBackup"="C:\Program Files\DriveHQ\DriveHQ Online Backup\DrivehqBackup.exe" [2008-05-27 19:05 1531904] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 15:35 7634944] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-03 01:06 180269] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "{67-76-63-3C-DW}"="c:\windows\system32\rwwnw64d.exe" [bU] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-02 13:25 1177368] "88067693"="C:\WINDOWS\system32\hvydrtyt.dll" [bU] C:\Documents and Settings\Mimmi\Start Menu\Programs\Startup\ IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2008-04-30 22:33:42 49408] LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 23:32:57 147456] C:\Documents and Settings\Gry`s roterom\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 23:32:57 147456] C:\Documents and Settings\Mika Josefine\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-17 16:12:32 110592] C:\Documents and Settings\Mika J\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 23:32:57 147456] Plate - Auto Update.lnk - C:\QooBox\Quarantine\C\Program Files\Plate\Plate.exe.vir [2008-07-02 12:41:05 178616] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-17 16:12:32 110592] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-17 16:12:32 110592] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 19:40:44 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLogoff"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoFind"= 0 (0x0) "NoLogoff"= 0 (0x0) "NoSetFolders"= 0 (0x0) "NoViewContextMenu"= 0 (0x0) "Norun"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"= "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "C:\\Program Files\\Autodesk\\Backburner\\server.exe"= "C:\\Program Files\\Telenor\\Online Start\\Telenor.exe"= "C:\\Program Files\\backburner 2\\monitor.exe"= "C:\\Program Files\\backburner 2\\manager.exe"= "C:\\Program Files\\backburner 2\\server.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-02 13:25] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-18 19:37] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-02 13:25] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-02 13:25] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-02 13:25] R2 DriveHQ Backup Service;DriveHQ Backup Service;"C:\Program Files\DriveHQ\DriveHQ Online Backup\Backupservice.exe" [2008-05-27 19:01] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-02-15 04:07] R3 DUSBTAWAN;DrayTek USB NDISWAN Driver;C:\WINDOWS\system32\DRIVERS\musbwn2k.sys [2001-01-31 12:43] R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 19:44] S3 FakeWDMmdm;DWDMCOMM;C:\WINDOWS\system32\DRIVERS\dusbcomm.sys [2003-03-13 11:13] S3 mDTA128;miniVigor USB;C:\WINDOWS\system32\DRIVERS\musbta2kc.sys [2005-07-27 16:22] S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-01-03 06:32] S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-01-03 06:32] S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 17:16] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-06-28 21:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-30 18:00:03 C:\WINDOWS\Tasks\Norton Internet Security - Kjør fullstendig systemsøk - HP_Administrator.job" Slik. Men dataen har fortsatt blå skjerm når jeg slår den på. Lenke til kommentar
norbat Skrevet 3. juli 2008 Del Skrevet 3. juli 2008 Når du sier blå skjerm, så mener du blå skjerm med HP logo? Hvis, har du tilkoblet mange enheter via usb - isåfall, fjern tilkoblingene under oppstart og se om det gjør starten raskere. Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "Bare slett midlertidige filer som er eldre enn 48 timer" Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Register' til det ikke finner flere feil. Du vil bli spurt om backup før du fixer registeret. Det sier du ja til. Lenke til kommentar
qwerty1234 Skrevet 3. juli 2008 Forfatter Del Skrevet 3. juli 2008 KK. Nei, har bare en USB, men, skal prøve Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå