Phenrik Skrevet 15. juli 2008 Del Skrevet 15. juli 2008 (endret) jeg klarte å få det kjente vundu viruset jeg og, prøver å fikse det med sas, den finner ting, vundu greia fant ingenting. avg finner også endel men jeg har ikke peiling. Virusset har tatt bort muligheten for å gå inn på min datamaskin osv slik at jeg får ikke slettet manuelt fra c:\ etc. hva skal jeg gjøre? Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:51: VIRUS ALERT!, on 15.07.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe d:\spill\avg\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe d:\spill\avg\avgrsx.exe d:\spill\avg\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\TBPanel.exe C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\spill\avg\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Steam\Steam.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\spill\avg\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: {890749af-bd9c-18fb-9ca4-2b85790ae469} - {964ea097-58b2-4ac9-bf81-c9dbfa947098} - C:\WINDOWS\system32\kegzrs.dll (file missing) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - d:\spill\avg\avgtoolbar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - d:\spill\avg\avgtoolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] d:\spill\avg\avgtray.exe O4 - HKLM\..\Run: [500fb4f3] rundll32.exe "C:\WINDOWS\system32\yjxemnbm.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215850995669 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215979521484 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{28DDC559-855F-4B78-964A-BAA67E8C8131}: NameServer = 217.13.4.24,217.13.7.140 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\spill\avg\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: evgratsm - {7A0F9B92-DD4A-4A33-A145-C4F18DBAD2E3} - C:\WINDOWS\evgratsm.dll (file missing) O21 - SSODL: kvxqmtre - {1872004E-CB2A-4DB0-AFC1-338C023E37AF} - C:\WINDOWS\kvxqmtre.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - d:\spill\avg\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - d:\spill\avg\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (sorry veit ikke åssen man skjuler) Endret 15. juli 2008 av Phenrik Lenke til kommentar
norbat Skrevet 15. juli 2008 Del Skrevet 15. juli 2008 Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Phenrik Skrevet 15. juli 2008 Forfatter Del Skrevet 15. juli 2008 Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) det skal funke for å få bort alt, slik at alt går tilbake til normalt? takker for at du tar deg tia for å prøve å hjelpe meg Lenke til kommentar
norbat Skrevet 15. juli 2008 Del Skrevet 15. juli 2008 (endret) Ja, alt skal bli som før ... Endret 15. juli 2008 av norbat Lenke til kommentar
Phenrik Skrevet 15. juli 2008 Forfatter Del Skrevet 15. juli 2008 Her er logg filen fra combofix:: ComboFix 08-07-14.2 - Pål Henriksen 2008-07-16 0:06:10.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1304 [GMT 2:00] Running from: C:\Documents and Settings\Pål Henriksen\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\eesl.exe C:\WINDOWS\system32\gOWGOqru.ini C:\WINDOWS\system32\gOWGOqru.ini2 C:\WINDOWS\system32\mbnmexjy.ini . ((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))) . 2008-07-15 23:26 . 2008-07-15 23:26 <DIR> d-------- C:\Programfiler\Trend Micro 2008-07-15 23:19 . 2008-07-15 23:19 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-15 23:19 . 2008-07-15 23:55 <DIR> d-------- C:\Programfiler\RegCure 2008-07-15 23:19 . 2008-07-15 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-15 23:12 . 2008-07-15 23:12 <DIR> d-------- C:\VundoFix Backups 2008-07-15 23:08 . 2008-07-15 23:20 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-15 23:06 . 2008-07-15 23:07 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-15 23:06 . 2008-07-15 23:06 <DIR> d-------- C:\Programfiler\AVG 2008-07-15 23:06 . 2008-07-15 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8 2008-07-15 23:06 . 2008-07-15 23:06 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-15 23:06 . 2008-07-15 23:06 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-15 23:06 . 2008-07-15 23:06 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-15 22:40 . 2008-07-15 22:59 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata 2008-07-15 22:40 . 2008-07-15 22:59 <DIR> d-------- C:\Documents and Settings\Administrator\Maler 2008-07-15 22:40 . 2008-07-15 22:59 <DIR> d-------- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-07-15 22:40 . 2008-07-15 22:59 <DIR> d---s---- C:\Documents and Settings\Administrator 2008-07-15 22:24 . 2008-07-15 20:38 155,648 --a------ C:\WINDOWS\agpqlrfm.exe 2008-07-15 22:16 . 2008-07-15 22:16 <DIR> d-------- C:\Programfiler\DAEMON Tools Toolbar 2008-07-15 22:16 . 2008-07-15 23:00 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite 2008-07-15 22:14 . 2008-07-15 22:14 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-15 21:22 . 2008-07-15 21:22 <DIR> d-------- C:\Programfiler\DivX 2008-07-15 17:38 . 2008-07-15 17:38 268 --ah----- C:\sqmdata03.sqm 2008-07-15 17:38 . 2008-07-15 17:38 244 --ah----- C:\sqmnoopt03.sqm 2008-07-15 17:36 . 2008-07-15 17:36 268 --ah----- C:\sqmdata02.sqm 2008-07-15 17:36 . 2008-07-15 17:36 244 --ah----- C:\sqmnoopt02.sqm 2008-07-15 02:16 . 2008-07-15 02:16 <DIR> d-------- C:\Programfiler\iPod 2008-07-15 02:16 . 2008-07-15 02:16 <DIR> d-------- C:\Programfiler\Bonjour 2008-07-15 02:15 . 2008-07-15 02:15 <DIR> d-------- C:\Programfiler\QuickTime 2008-07-15 02:15 . 2008-07-15 02:15 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-07-15 02:15 . 2008-07-15 02:15 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-07-15 02:15 . 2008-07-15 02:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-07-15 02:12 . 2008-07-15 02:12 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-07-15 02:12 . 2008-07-15 02:16 <DIR> d-------- C:\Programfiler\iTunes 2008-07-15 02:12 . 2008-07-15 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-07-15 02:12 . 2008-06-17 15:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-07-15 02:12 . 2008-06-17 15:17 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-07-14 19:58 . 2008-07-14 19:58 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-14 16:54 . 2008-07-14 16:54 <DIR> d-------- C:\Logs 2008-07-14 12:45 . 2008-07-14 12:45 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-07-14 11:50 . 2008-07-14 11:50 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata\Xfire 2008-07-14 11:44 . 2008-07-15 23:19 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-14 11:28 . 2008-07-14 11:28 <DIR> d-------- C:\Programfiler\Microsoft Silverlight 2008-07-14 11:23 . 2008-07-14 11:23 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-07-14 11:23 . 2008-07-15 13:08 136,888 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-14 11:23 . 2008-07-15 13:08 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-07-14 11:23 . 2008-07-14 11:23 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-07-14 11:12 . 2008-07-14 11:12 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-07-14 10:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-07-14 10:24 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-07-14 00:48 . 2008-07-14 00:48 268 --ah----- C:\sqmdata01.sqm 2008-07-14 00:48 . 2008-07-14 00:48 244 --ah----- C:\sqmnoopt01.sqm 2008-07-14 00:36 . 2008-07-14 00:36 268 --ah----- C:\sqmdata00.sqm 2008-07-14 00:36 . 2008-07-14 00:36 244 --ah----- C:\sqmnoopt00.sqm 2008-07-14 00:35 . 2008-07-14 00:35 <DIR> d-------- C:\WINDOWS\system32\Lang 2008-07-14 00:35 . 2008-07-14 00:35 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-07-14 00:35 . 2008-07-14 00:35 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-07-14 00:15 . 2008-07-14 00:15 <DIR> d-------- C:\WINDOWS\Sun 2008-07-14 00:15 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-14 00:14 . 2008-07-14 00:15 <DIR> d-------- C:\Programfiler\Java 2008-07-14 00:14 . 2008-07-14 00:14 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-07-13 23:37 . 2008-07-13 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\media center programs 2008-07-13 22:46 . 2008-07-13 22:46 <DIR> d-------- C:\WINDOWS\system32\RTCOM 2008-07-13 22:46 . 2008-07-13 22:46 <DIR> d-------- C:\Programfiler\DIFX 2008-07-13 22:46 . 2006-05-04 10:35 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe 2008-07-13 22:46 . 2006-12-21 10:26 4,405,248 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.sys 2008-07-13 22:46 . 2006-05-16 12:04 2,879,488 -r------- C:\WINDOWS\SkyTel.exe 2008-07-13 22:46 . 2006-12-16 07:10 1,191,936 -r------- C:\WINDOWS\RtlUpd.exe 2008-07-13 22:46 . 2006-08-18 00:58 282,624 -r------- C:\WINDOWS\system32\RTSndMgr.cpl 2008-07-13 22:46 . 2006-07-21 10:14 86,016 -r------- C:\WINDOWS\SoundMan.exe 2008-07-13 22:46 . 2006-08-01 09:02 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe 2008-07-13 22:46 . 2006-07-01 23:21 38,912 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys 2008-07-13 22:45 . 2008-07-13 22:45 <DIR> d-------- C:\Programfiler\Realtek 2008-07-13 22:45 . 2006-12-19 05:12 16,062,464 -r------- C:\WINDOWS\RTHDCPL.exe 2008-07-13 22:45 . 2006-05-04 10:26 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe 2008-07-13 22:45 . 2006-10-11 11:42 2,157,568 -r------- C:\WINDOWS\MicCal.exe 2008-07-13 22:45 . 2006-12-16 05:29 499,712 -r------- C:\WINDOWS\RtlExUpd.dll 2008-07-13 22:45 . 2005-09-21 04:25 299,008 -r------- C:\WINDOWS\system32\ALSndMgr.cpl 2008-07-13 22:45 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2008-07-13 22:33 . 2008-07-13 22:33 <DIR> d-------- C:\Programfiler\VideoLAN 2008-07-13 22:12 . 2008-07-16 00:09 <DIR> d-------- C:\Programfiler\Steam 2008-07-13 22:10 . 2008-07-13 22:10 <DIR> d-------- C:\Programfiler\uTorrent 2008-07-13 22:08 . 2008-07-13 22:08 <DIR> d-------- C:\Poker 2008-07-13 22:06 . 2008-07-13 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Funcom 2008-07-13 21:48 . 2008-07-15 02:15 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-07-13 21:47 . 2008-07-13 21:48 <DIR> d-------- C:\Programfiler\Windows Live 2008-07-13 21:47 . 2008-07-13 21:47 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-07-13 21:47 . 2008-07-13 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-07-13 18:01 . 2008-07-13 18:01 0 --a------ C:\WINDOWS\system32.a_a 2008-07-13 17:20 . 2008-07-13 21:46 <DIR> d-------- C:\Programfiler\NOS 2008-07-13 17:20 . 2008-07-13 17:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-07-13 17:20 . 2008-07-13 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NOS 2008-07-13 17:02 . 2008-07-13 17:02 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-07-13 17:00 . 2008-07-13 17:00 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-07-13 17:00 . 2008-07-13 17:00 0 --a------ C:\WINDOWS\system32\2wY4vyMH.exe.a_a 2008-07-13 16:59 . 2008-04-23 06:22 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-13 16:59 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-13 16:59 . 2007-03-08 07:11 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-13 16:59 . 2008-04-23 06:22 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-13 16:59 . 2008-04-23 06:22 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-13 16:59 . 2008-06-14 19:36 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-13 16:59 . 2008-04-23 06:22 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-13 16:59 . 2008-04-23 06:22 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-13 16:59 . 2008-04-23 06:22 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-13 16:59 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-13 16:58 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-07-13 16:54 . 2008-07-13 16:54 <DIR> d-------- C:\WINDOWS\system32\no 2008-07-13 16:54 . 2008-07-13 16:54 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-13 16:43 . 2008-07-13 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage 2008-07-13 16:38 . 2008-07-13 17:03 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-07-13 16:37 . 2008-07-13 17:06 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-07-13 16:37 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2008-07-13 16:30 . 2008-07-13 16:30 <DIR> d-------- C:\Documents and Settings\LocalService\Start-meny 2008-07-13 16:30 . 2008-07-16 00:08 558 --a------ C:\WINDOWS\DFC.INI 2008-07-13 16:26 . 2008-07-13 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\muvee Technologies 2008-07-13 16:24 . 2008-07-13 16:24 <DIR> d-------- C:\WINDOWS\provisioning 2008-07-13 16:23 . 2008-07-13 16:23 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-07-13 16:23 . 2007-08-10 08:22 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-07-13 16:23 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS2377_.tmp 2008-07-13 16:22 . 2008-07-13 16:54 <DIR> d-------- C:\WINDOWS\EHome 2008-07-13 16:18 . 2008-07-14 00:48 159,720 --a------ C:\WINDOWS\system32\nvapps.xml 2008-07-13 16:18 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-07-13 15:54 . 2008-07-13 15:55 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$ 2008-07-13 15:54 . 2008-04-14 18:22 240,128 --a------ C:\WINDOWS\system32\srrstr.dll 2008-07-13 15:54 . 2003-08-02 06:14 25,600 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2008-06-26 22:09 . 2008-06-26 22:09 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-13 20:45 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-12 08:46 --------- d-----w C:\Programfiler\SystemRequirementsLab 2008-07-12 08:37 --------- d-----w C:\Programfiler\PMagic 2008-07-12 08:36 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-07-12 08:15 --------- d-----w C:\Documents and Settings\All Users\Programdata\MSN6 2008-07-12 08:10 --------- d-----w C:\Programfiler\microsoft frontpage 2008-07-12 08:08 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-07-12 08:07 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:36 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 00:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-06-11 00:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{32099AAC-C132-4136-9E9A-4E364A424E17}"= "C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll" [2008-07-08 17:59 683464] [HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}] [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1] [HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}] [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{32099AAC-C132-4136-9E9A-4E364A424E17}"= "C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll" [2008-07-08 17:59 683464] [HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}] [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1] [HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}] [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "Steam"="C:\Programfiler\Steam\Steam.exe" [2008-07-13 22:14 1271032] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-07-08 18:22 486856] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-12 17:44 8429568] "Gainward"="C:\WINDOWS\TBPanel.exe" [2007-04-23 13:18 2173744] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-12 17:44 81920] "AVG8_TRAY"="d:\spill\avg\avgtray.exe" [2008-07-15 23:06 1232152] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-12-19 05:12 16062464 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 18:22 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "D:\\Programfiler\\Xfire\\xfire.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "D:\\spill\\Helicopter Strike Force\\game.exe"= "D:\\spill\\avg\\avgemc.exe"= "D:\\spill\\avg\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-15 23:06] R2 avg8emc;AVG Free8 E-mail Scanner;d:\spill\avg\avgemc.exe [2008-07-15 23:06] R2 avg8wd;AVG Free8 WatchDog;d:\spill\avg\avgwdsvc.exe [2008-07-15 23:06] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-15 23:06] . Contents of the 'Scheduled Tasks' folder "2008-07-15 00:15:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-07-14 22:51:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 07:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 08:00:00 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 09:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 10:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 11:00:01 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 12:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 13:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 14:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 15:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 16:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-14 23:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 17:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 18:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 19:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 20:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-14 21:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-14 22:20:01 C:\WINDOWS\Tasks\At25.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-14 23:00:01 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 00:00:01 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 01:00:01 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 02:00:01 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 00:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 03:00:01 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 04:00:01 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 05:00:01 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 06:00:01 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 07:00:01 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 08:00:01 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 09:00:01 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 10:00:01 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2003-12-31 22:02:03 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 12:00:01 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 01:00:00 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 13:00:01 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 14:00:01 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 15:00:01 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 16:00:01 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 17:00:01 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 18:00:01 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 19:00:01 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 20:00:01 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-14 21:00:01 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\system32\2wY4vyMH.exe "2008-07-15 02:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 03:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 04:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 05:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 06:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\System32\sf4D165S.exe "2008-07-15 22:08:31 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Programfiler\RegCure\RegCure.exe "2008-07-15 21:19:54 C:\WINDOWS\Tasks\RegCure.job" - C:\Programfiler\RegCure\RegCure.exe . - - - - ORPHANS REMOVED - - - - BHO-{964ea097-58b2-4ac9-bf81-c9dbfa947098} - C:\WINDOWS\system32\kegzrs.dll HKLM-Run-500fb4f3 - C:\WINDOWS\system32\yjxemnbm.dll SSODL-evgratsm-{7A0F9B92-DD4A-4A33-A145-C4F18DBAD2E3} - C:\WINDOWS\evgratsm.dll SSODL-kvxqmtre-{1872004E-CB2A-4DB0-AFC1-338C023E37AF} - C:\WINDOWS\kvxqmtre.dll Notify-WgaLogon - (no file) TAKK skal jeg nå kjøre hjthis? takker så meget at dere tar dere tiden til dette ass Lenke til kommentar
Phenrik Skrevet 15. juli 2008 Forfatter Del Skrevet 15. juli 2008 Skal jeg kjøre ut en ny logg av hijack? slik at dere kan se om det er borte det som skal vekk, eller at dere kan luke bort det som trengs fikses? Igjen evig taknemlig Lenke til kommentar
Phenrik Skrevet 15. juli 2008 Forfatter Del Skrevet 15. juli 2008 Her er den nye hjack loggen: håper dere finner noe Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:23, on 16.07.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe d:\spill\avg\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe d:\spill\avg\avgrsx.exe d:\spill\avg\avgemc.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\spill\avg\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Steam\Steam.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\spill\avg\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - d:\spill\avg\avgtoolbar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - d:\spill\avg\avgtoolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] d:\spill\avg\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215850995669 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215979521484 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{28DDC559-855F-4B78-964A-BAA67E8C8131}: NameServer = 217.13.4.24,217.13.7.140 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\spill\avg\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - d:\spill\avg\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - d:\spill\avg\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe Lenke til kommentar
norbat Skrevet 15. juli 2008 Del Skrevet 15. juli 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\agpqlrfm.exe C:\WINDOWS\system32.a_a C:\WINDOWS\system32\2wY4vyMH.exe.a_a C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job Folder:: C:\VundoFix Backups Post ny combofix-logg sammen med ny hjt-logg (kjør hjt etter at du har kjørt combofix) Lenke til kommentar
Phenrik Skrevet 15. juli 2008 Forfatter Del Skrevet 15. juli 2008 P.S Maskinen restartet ikke nå. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:31, on 16.07.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe d:\spill\avg\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe d:\spill\avg\avgrsx.exe d:\spill\avg\avgemc.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\Programfiler\iTunes\iTunesHelper.exe D:\spill\avg\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Steam\Steam.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\spill\avg\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - d:\spill\avg\avgtoolbar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - d:\spill\avg\avgtoolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] d:\spill\avg\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215850995669 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215979521484 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{28DDC559-855F-4B78-964A-BAA67E8C8131}: NameServer = 217.13.4.24,217.13.7.140 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\spill\avg\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - d:\spill\avg\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - d:\spill\avg\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 7143 bytes ComboFix 08-07-14.2 - Pål Henriksen 2008-07-16 0:28:48.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1515 [GMT 2:00] Running from: C:\Documents and Settings\Pål Henriksen\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Pål Henriksen\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\agpqlrfm.exe C:\WINDOWS\system32.a_a C:\WINDOWS\system32\2wY4vyMH.exe.a_a C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups C:\WINDOWS\agpqlrfm.exe C:\WINDOWS\system32.a_a C:\WINDOWS\system32\2wY4vyMH.exe.a_a C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At25.job C:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.job C:\WINDOWS\Tasks\At28.job C:\WINDOWS\Tasks\At29.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At30.job C:\WINDOWS\Tasks\At31.job C:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.job C:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.job C:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))) . 2008-07-16 00:11 . 2008-07-16 00:11 <DIR> d-------- C:\Documents and Settings\PÕl Henriksen 2008-07-15 23:26 . 2008-07-15 23:26 <DIR> d-------- C:\Programfiler\Trend Micro 2008-07-15 23:19 . 2008-07-16 00:21 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-15 23:19 . 2008-07-16 00:21 <DIR> d-------- C:\Documents and Settings\Pål Henriksen\Programdata\SUPERAntiSpyware.com 2008-07-15 23:19 . 2008-07-15 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-15 23:08 . 2008-07-15 23:20 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-15 23:06 . 2008-07-15 23:07 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-15 23:06 . 2008-07-15 23:06 <DIR> d-------- C:\Programfiler\AVG 2008-07-15 23:06 . 2008-07-15 23:21 <DIR> d-------- C:\Documents and Settings\Pål Henriksen\Programdata\AVGTOOLBAR 2008-07-15 23:06 . 2008-07-15 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8 2008-07-15 23:06 . 2008-07-15 23:06 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-15 23:06 . 2008-07-15 23:06 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-15 23:06 . 2008-07-15 23:06 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-15 22:40 . 2008-07-15 22:59 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata 2008-07-15 22:40 . 2008-07-15 22:59 <DIR> d-------- C:\Documents and Settings\Administrator\Maler 2008-07-15 22:40 . 2008-07-16 00:29 <DIR> d-------- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-07-15 22:40 . 2008-07-15 22:59 <DIR> d---s---- C:\Documents and Settings\Administrator 2008-07-15 22:16 . 2008-07-15 22:16 <DIR> d-------- C:\Programfiler\DAEMON Tools Toolbar 2008-07-15 22:16 . 2008-07-15 23:00 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite 2008-07-15 22:14 . 2008-07-15 22:14 <DIR> d-------- C:\Documents and Settings\Pål Henriksen\Programdata\DAEMON Tools 2008-07-15 22:14 . 2008-07-15 22:14 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-15 21:22 . 2008-07-15 21:22 <DIR> d-------- C:\Programfiler\DivX 2008-07-15 17:38 . 2008-07-15 17:38 268 --ah----- C:\sqmdata03.sqm 2008-07-15 17:38 . 2008-07-15 17:38 244 --ah----- C:\sqmnoopt03.sqm 2008-07-15 17:36 . 2008-07-15 17:36 268 --ah----- C:\sqmdata02.sqm 2008-07-15 17:36 . 2008-07-15 17:36 244 --ah----- C:\sqmnoopt02.sqm 2008-07-15 02:16 . 2008-07-15 02:16 <DIR> d-------- C:\Programfiler\iPod 2008-07-15 02:16 . 2008-07-15 02:16 <DIR> d-------- C:\Programfiler\Bonjour 2008-07-15 02:15 . 2008-07-15 02:15 <DIR> d-------- C:\Programfiler\QuickTime 2008-07-15 02:15 . 2008-07-15 02:15 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-07-15 02:15 . 2008-07-15 02:15 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-07-15 02:15 . 2008-07-15 02:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple 2008-07-15 02:13 . 2008-07-15 02:13 <DIR> d-------- C:\Documents and Settings\Pål Henriksen\Programdata\Apple Computer 2008-07-15 02:12 . 2008-07-15 02:12 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-07-15 02:12 . 2008-07-15 02:16 <DIR> d-------- C:\Programfiler\iTunes 2008-07-15 02:12 . 2008-07-15 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-07-15 02:12 . 2008-06-17 15:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-07-15 02:12 . 2008-06-17 15:17 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-07-14 23:53 . 2008-07-15 00:52 <DIR> d-------- C:\Documents and Settings\Pål Henriksen\Programdata\Ventrilo 2008-07-14 19:58 . 2008-07-14 19:58 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-14 16:54 . 2008-07-14 16:54 <DIR> d-------- C:\Logs 2008-07-14 12:45 . 2008-07-14 12:45 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-07-14 11:50 . 2008-07-14 11:50 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata\Xfire 2008-07-14 11:45 . 2008-07-15 22:14 <DIR> d-------- C:\Documents and Settings\Pål Henriksen\Programdata\Xfire 2008-07-14 11:44 . 2008-07-16 00:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-14 11:28 . 2008-07-14 11:28 <DIR> d-------- C:\Programfiler\Microsoft Silverlight 2008-07-14 11:23 . 2008-07-14 11:23 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-07-14 11:23 . 2008-07-15 13:08 136,888 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-14 11:23 . 2008-07-15 13:08 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-07-14 11:23 . 2008-07-14 11:23 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-07-14 11:23 . 2008-07-14 11:38 22,328 --a------ C:\Documents and Settings\Pål Henriksen\Programdata\PnkBstrK.sys 2008-07-14 11:12 . 2008-07-14 11:12 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-07-14 10:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-07-14 10:24 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-07-14 00:48 . 2008-07-14 00:48 268 --ah----- C:\sqmdata01.sqm 2008-07-14 00:48 . 2008-07-14 00:48 244 --ah----- C:\sqmnoopt01.sqm 2008-07-14 00:36 . 2008-07-14 00:36 268 --ah----- C:\sqmdata00.sqm 2008-07-14 00:36 . 2008-07-14 00:36 244 --ah----- C:\sqmnoopt00.sqm 2008-07-14 00:35 . 2008-07-14 00:35 <DIR> d-------- C:\WINDOWS\system32\Lang 2008-07-14 00:35 . 2008-07-14 00:35 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-07-14 00:35 . 2008-07-14 00:35 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-07-14 00:15 . 2008-07-14 00:15 <DIR> d-------- C:\WINDOWS\Sun 2008-07-14 00:15 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-14 00:14 . 2008-07-14 00:15 <DIR> d-------- C:\Programfiler\Java 2008-07-14 00:14 . 2008-07-14 00:14 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-07-13 23:49 . 2008-07-13 23:49 <DIR> d-------- C:\Documents and Settings\Pål Henriksen\Programdata\dvdcss 2008-07-13 23:37 . 2008-07-13 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\media center programs 2008-07-13 22:46 . 2008-07-13 22:46 <DIR> d-------- C:\WINDOWS\system32\RTCOM 2008-07-13 22:46 . 2008-07-13 22:46 <DIR> d-------- C:\Programfiler\DIFX 2008-07-13 22:46 . 2006-05-04 10:35 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe 2008-07-13 22:46 . 2006-12-21 10:26 4,405,248 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.sys 2008-07-13 22:46 . 2006-05-16 12:04 2,879,488 -r------- C:\WINDOWS\SkyTel.exe 2008-07-13 22:46 . 2006-12-16 07:10 1,191,936 -r------- C:\WINDOWS\RtlUpd.exe 2008-07-13 22:46 . 2006-08-18 00:58 282,624 -r------- C:\WINDOWS\system32\RTSndMgr.cpl 2008-07-13 22:46 . 2006-07-21 10:14 86,016 -r------- C:\WINDOWS\SoundMan.exe 2008-07-13 22:46 . 2006-08-01 09:02 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe 2008-07-13 22:46 . 2006-07-01 23:21 38,912 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys 2008-07-13 22:45 . 2008-07-13 22:45 <DIR> d-------- C:\Programfiler\Realtek 2008-07-13 22:45 . 2006-12-19 05:12 16,062,464 -r------- C:\WINDOWS\RTHDCPL.exe 2008-07-13 22:45 . 2006-05-04 10:26 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe 2008-07-13 22:45 . 2006-10-11 11:42 2,157,568 -r------- C:\WINDOWS\MicCal.exe 2008-07-13 22:45 . 2006-12-16 05:29 499,712 -r------- C:\WINDOWS\RtlExUpd.dll 2008-07-13 22:45 . 2005-09-21 04:25 299,008 -r------- C:\WINDOWS\system32\ALSndMgr.cpl 2008-07-13 22:45 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2008-07-13 22:33 . 2008-07-13 22:33 <DIR> d-------- C:\Programfiler\VideoLAN 2008-07-13 22:33 . 2008-07-13 22:33 <DIR> d-------- C:\Documents and Settings\Pål Henriksen\Programdata\vlc 2008-07-13 22:12 . 2008-07-16 00:09 <DIR> d-------- C:\Programfiler\Steam 2008-07-13 22:10 . 2008-07-13 22:10 <DIR> d-------- C:\Programfiler\uTorrent 2008-07-13 22:08 . 2008-07-13 22:08 <DIR> d-------- C:\Poker 2008-07-13 22:06 . 2008-07-13 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Funcom 2008-07-13 21:48 . 2008-07-15 02:15 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-07-13 21:48 . 2008-07-14 11:27 <DIR> d-------- C:\Documents and Settings\Pål Henriksen\Contacts 2008-07-13 21:48 . 2008-07-14 11:27 <DIR> d-------- C:\Documents and Settings\Pål Henriksen\Contacts 2008-07-13 21:47 . 2008-07-13 21:48 <DIR> d-------- C:\Programfiler\Windows Live 2008-07-13 21:47 . 2008-07-13 21:47 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-07-13 21:47 . 2008-07-13 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-07-13 17:20 . 2008-07-13 21:46 <DIR> d-------- C:\Programfiler\NOS 2008-07-13 17:20 . 2008-07-13 17:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-07-13 17:20 . 2008-07-13 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NOS 2008-07-13 17:02 . 2008-07-13 17:02 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-07-13 17:00 . 2008-07-13 17:00 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-07-13 16:59 . 2008-04-23 06:22 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-13 16:59 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-13 16:59 . 2007-03-08 07:11 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-13 16:59 . 2008-04-23 06:22 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-13 16:59 . 2008-04-23 06:22 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-13 16:59 . 2008-06-14 19:36 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-13 16:59 . 2008-04-23 06:22 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-13 16:59 . 2008-04-23 06:22 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-13 16:59 . 2008-04-23 06:22 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-13 16:59 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-13 16:58 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-07-13 16:54 . 2008-07-13 16:54 <DIR> d-------- C:\WINDOWS\system32\no 2008-07-13 16:54 . 2008-07-13 16:54 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-13 16:43 . 2008-07-13 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage 2008-07-13 16:38 . 2008-07-13 17:03 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-07-13 16:37 . 2008-07-13 17:06 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-07-13 16:37 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2008-07-13 16:30 . 2008-07-13 16:30 <DIR> d-------- C:\Documents and Settings\LocalService\Start-meny 2008-07-13 16:30 . 2008-07-16 00:28 558 --a------ C:\WINDOWS\DFC.INI 2008-07-13 16:26 . 2008-07-13 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\muvee Technologies 2008-07-13 16:24 . 2008-07-13 16:24 <DIR> d-------- C:\WINDOWS\provisioning 2008-07-13 16:23 . 2008-07-13 16:23 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-07-13 16:23 . 2007-08-10 08:22 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-07-13 16:23 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002377_.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-15 20:12 --------- d-----w C:\Documents and Settings\Pål Henriksen\Programdata\uTorrent 2008-07-13 20:45 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-12 08:46 --------- d-----w C:\Programfiler\SystemRequirementsLab 2008-07-12 08:37 --------- d-----w C:\Programfiler\PMagic 2008-07-12 08:36 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-07-12 08:15 --------- d-----w C:\Documents and Settings\Pål Henriksen\Programdata\MSN6 2008-07-12 08:15 --------- d-----w C:\Documents and Settings\All Users\Programdata\MSN6 2008-07-12 08:10 --------- d-----w C:\Programfiler\microsoft frontpage 2008-07-12 08:08 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-07-12 08:07 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:36 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 00:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-06-11 00:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-06-11 00:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-06-11 00:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-16 12:01 446,464 ----a-w C:\WINDOWS\system32\nvudisp.exe 2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-07 05:12 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{32099AAC-C132-4136-9E9A-4E364A424E17}"= "C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll" [2008-07-08 17:59 683464] [HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}] [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1] [HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}] [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{32099AAC-C132-4136-9E9A-4E364A424E17}"= "C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll" [2008-07-08 17:59 683464] [HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}] [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1] [HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}] [HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "Steam"="C:\Programfiler\Steam\Steam.exe" [2008-07-13 22:14 1271032] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-07-08 18:22 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-12 17:44 8429568] "Gainward"="C:\WINDOWS\TBPanel.exe" [2007-04-23 13:18 2173744] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-12 17:44 81920] "AVG8_TRAY"="d:\spill\avg\avgtray.exe" [2008-07-15 23:06 1232152] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-12-19 05:12 16062464 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 18:22 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "D:\\Programfiler\\Xfire\\xfire.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "D:\\spill\\avg\\avgemc.exe"= "D:\\spill\\avg\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-15 23:06] R2 avg8emc;AVG Free8 E-mail Scanner;d:\spill\avg\avgemc.exe [2008-07-15 23:06] R2 avg8wd;AVG Free8 WatchDog;d:\spill\avg\avgwdsvc.exe [2008-07-15 23:06] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-15 23:06] *Newly Created Service* - APPMGMT . Contents of the 'Scheduled Tasks' folder "2008-07-15 00:15:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-16 00:29:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll . Completion time: 2008-07-16 0:29:51 ComboFix-quarantined-files.txt 2008-07-15 22:29:43 ComboFix2.txt 2008-07-15 22:11:36 Pre-Run: 479,970,418,688 byte ledig Post-Run: 479,956,742,144 byte ledig 366 --- E O F --- 2008-07-14 09:12:41 Lenke til kommentar
norbat Skrevet 15. juli 2008 Del Skrevet 15. juli 2008 (endret) Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 KJør en ekstra scan med MBAM: Last ned MBAM til skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt La programmet oppdatere seg og velg å kjør en hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den kan du kopiere og poste om den finner noe. Fortell hvordan pc'n kjører. Endret 15. juli 2008 av norbat Lenke til kommentar
Phenrik Skrevet 15. juli 2008 Forfatter Del Skrevet 15. juli 2008 Sånn da var det gjort, : Malwarebytes' Anti-Malware 1.20 Database versjon: 957 Windows 5.1.2600 Service Pack 3 00:46:51 16.07.2008 mbam-log-7-16-2008 (00-46-51).txt Skanntype: Rask Skann Objekter skannet: 39467 Tid tilbakelagt: 2 minute(s), 13 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 2 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\qndsfmao.bwob (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Fant to keys som jeg fjernet. Ellers kjører maskinen bra, ikke noe pop ups eller noe så, dette ser lovende ut. takker så meget. Noe mer du vil jeg skal gjøre sjef? Lenke til kommentar
norbat Skrevet 15. juli 2008 Del Skrevet 15. juli 2008 Du kan avslutte med å avinstaller combofix. Det gjør du ved å skrive combofix /u i kjør-feltet (start->kjør). Dette fjerner programmet + nullstiller systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Behold gjerne SAS og/eller MBAM. Begge er meget godt antispywareprogrammer. Surf trygt. Lenke til kommentar
Phenrik Skrevet 15. juli 2008 Forfatter Del Skrevet 15. juli 2008 Du kan avslutte med å avinstaller combofix. Det gjør du ved å skrive combofix /u i kjør-feltet (start->kjør). Dette fjerner programmet + nullstiller systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Behold gjerne SAS og/eller MBAM. Begge er meget godt antispywareprogrammer. Surf trygt. Takker for det. Du har vært til stoooor hjelp Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå