PCBerg
-
Innlegg
537 -
Ble med
-
Besøkte siden sist
Innholdstype
Profiler
Forum
Hendelser
Blogger
Om forumet
Innlegg skrevet av PCBerg
-
-
Hei. Det er ikke sikkert at jeg har fått det med meg da det stod så mye i denne tråden, men hvis du ikke har bytta fra Norman enda, så burde du gjøre det så fort som mulig. Norman Antivirus er nemmelig ikke noe bra. Sats heller på Avira PersonalEdition Classic Antivirus. Den er også gratis. Jeg kjører selv Premium Security Suite pakken til Avira og den synes jeg er veldig bra. Den finner no i alle fall Virus. Ellers er jo ikke Kaspersky Internet Security pakken helt borte heller da. Jeg bruker selv Kaspersky Internet Security 7.0.0.125 i Windows 2000 og Avira Premium Security Suite 7.06.00.168 i Windows XP og jeg synes forsåvidt at begge to er like bra.
Kan jo prøve de.
-
Til slutt:
Slett mappa:
C:\VundoFix Backups
Fjern Combofix. Det gjør du ved å skrive Combofix /u i Kjør-vinduet (Startknappen->Kjør)
Post en ny HJT-logg og fortell hvordan PC-en kjører.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:19, on 30.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programfiler\Telenor\Mobilt bredbånd\Mobilt bredbånd.exe
C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hardware.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Cuckoo Clock] "C:\PROGRA~1\PARALL~1\Cuckoo.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Mobilt bredbånd.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168520710563
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: GtFlashSwitch - OptionNV - C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7500 bytes
Datan kjører bra, hakker ikke og ikke no popup.
Tror det har hjulpet.
-
Photoshop hvis du har penger...
Gimp hvis du ikke har råd
OK.
Lastet ned Gimp.
-
Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.
----
Kjør Vundofix igjen, start programmet og klikk "Scan for Vundo"-knappen.
Når programmet er kjørt ferdig, klikker du på knappen "Remove vundo". Den lager en logg du poster senere.
----
Igjen, åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.
Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen senere.
KILLALL::
File::
C:\WINDOWS\system32\vcjbaqgm.ini
C:\WINDOWS\system32\mlvnhhie.ini
C:\WINDOWS\system32\qskdgvyh.ini
C:\WINDOWS\system32\yiuerkjb.ini
C:\WINDOWS\system32\tatoosnk.ini
C:\WINDOWS\system32\corggbsc.ini
C:\WINDOWS\system32\itlesyto.ini
C:\WINDOWS\system32\neogdiue.ini
C:\WINDOWS\system32\cuxgovlo.ini
C:\WINDOWS\system32\jefvqmkn.ini
C:\WINDOWS\system32\gklpwxai.ini
C:\WINDOWS\system32\fgvwgbbb.ini
C:\WINDOWS\system32\vjmjcwhp.ini
C:\WINDOWS\system32\syqxdhax.ini
C:\WINDOWS\system32\thospcno.ini
C:\WINDOWS\system32\luwifwsm.ini
C:\WINDOWS\system32\hldbeuvk.ini
C:\WINDOWS\system32\cdovskxx.ini
C:\WINDOWS\system32\huvtegti.ini
C:\WINDOWS\system32\mjvvclrf.ini
C:\WINDOWS\system32\yuldeahr.ini
C:\WINDOWS\system32\dfcqcakq.ini
C:\WINDOWS\system32\wdkcmtbn.ini
C:\WINDOWS\system32\snihcdiq.ini
C:\WINDOWS\system32\yieekaql.ini
C:\WINDOWS\system32\mljspnpc.ini
C:\WINDOWS\system32\tinmschl.ini
C:\WINDOWS\system32\kavukowl.ini
C:\WINDOWS\system32\lqtonbpe.ini
C:\WINDOWS\system32\uihfyhjq.ini
C:\WINDOWS\system32\tpredjab.ini
C:\WINDOWS\system32\fiaywrdq.ini
C:\WINDOWS\system32\wjingbgi.ini
C:\WINDOWS\system32\askwqbcc.ini
C:\WINDOWS\system32\pskxxvrd.ini
C:\WINDOWS\system32\wlioibcq.ini
C:\WINDOWS\system32\wjbtsbig.ini
C:\WINDOWS\system32\cpxghofn.ini
C:\WINDOWS\system32\bkyuvale.ini
C:\WINDOWS\system32\yxgpgbrj.ini
C:\WINDOWS\system32\dhvklmlb.ini
C:\WINDOWS\system32\pdwuxfda.ini
C:\WINDOWS\system32\ncegjqvd.ini
Post loggene
Edit: Gå til nettstedet http://virusscan.jotti.org/ og last opp følgende to filer for sjekk:
C:\WINDOWS\scmate.ini
C:\WINDOWS\system32\vbzip10.dll
Gi tilbakemelding på hva som evt. ble funnet.
Ingenting ble funnet i Vundofix, så derfor ingen logg.
ComboFix 07-12-21.4 - Per-Christian 2007-12-30 19:37:21.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.623 [GMT 1:00]
Running from: C:\Documents and Settings\Per-Christian\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Per-Christian\Skrivebord\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\askwqbcc.ini
C:\WINDOWS\system32\bkyuvale.ini
C:\WINDOWS\system32\cdovskxx.ini
C:\WINDOWS\system32\corggbsc.ini
C:\WINDOWS\system32\cpxghofn.ini
C:\WINDOWS\system32\cuxgovlo.ini
C:\WINDOWS\system32\dfcqcakq.ini
C:\WINDOWS\system32\dhvklmlb.ini
C:\WINDOWS\system32\fgvwgbbb.ini
C:\WINDOWS\system32\fiaywrdq.ini
C:\WINDOWS\system32\gklpwxai.ini
C:\WINDOWS\system32\hldbeuvk.ini
C:\WINDOWS\system32\huvtegti.ini
C:\WINDOWS\system32\itlesyto.ini
C:\WINDOWS\system32\jefvqmkn.ini
C:\WINDOWS\system32\kavukowl.ini
C:\WINDOWS\system32\lqtonbpe.ini
C:\WINDOWS\system32\luwifwsm.ini
C:\WINDOWS\system32\mjvvclrf.ini
C:\WINDOWS\system32\mljspnpc.ini
C:\WINDOWS\system32\mlvnhhie.ini
C:\WINDOWS\system32\ncegjqvd.ini
C:\WINDOWS\system32\neogdiue.ini
C:\WINDOWS\system32\pdwuxfda.ini
C:\WINDOWS\system32\pskxxvrd.ini
C:\WINDOWS\system32\qskdgvyh.ini
C:\WINDOWS\system32\snihcdiq.ini
C:\WINDOWS\system32\syqxdhax.ini
C:\WINDOWS\system32\tatoosnk.ini
C:\WINDOWS\system32\thospcno.ini
C:\WINDOWS\system32\tinmschl.ini
C:\WINDOWS\system32\tpredjab.ini
C:\WINDOWS\system32\uihfyhjq.ini
C:\WINDOWS\system32\vcjbaqgm.ini
C:\WINDOWS\system32\vjmjcwhp.ini
C:\WINDOWS\system32\wdkcmtbn.ini
C:\WINDOWS\system32\wjbtsbig.ini
C:\WINDOWS\system32\wjingbgi.ini
C:\WINDOWS\system32\wlioibcq.ini
C:\WINDOWS\system32\yieekaql.ini
C:\WINDOWS\system32\yiuerkjb.ini
C:\WINDOWS\system32\yuldeahr.ini
C:\WINDOWS\system32\yxgpgbrj.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\askwqbcc.ini
C:\WINDOWS\system32\bkyuvale.ini
C:\WINDOWS\system32\cdovskxx.ini
C:\WINDOWS\system32\corggbsc.ini
C:\WINDOWS\system32\cpxghofn.ini
C:\WINDOWS\system32\cuxgovlo.ini
C:\WINDOWS\system32\dfcqcakq.ini
C:\WINDOWS\system32\dhvklmlb.ini
C:\WINDOWS\system32\fgvwgbbb.ini
C:\WINDOWS\system32\fiaywrdq.ini
C:\WINDOWS\system32\gklpwxai.ini
C:\WINDOWS\system32\hldbeuvk.ini
C:\WINDOWS\system32\huvtegti.ini
C:\WINDOWS\system32\itlesyto.ini
C:\WINDOWS\system32\jefvqmkn.ini
C:\WINDOWS\system32\kavukowl.ini
C:\WINDOWS\system32\lqtonbpe.ini
C:\WINDOWS\system32\luwifwsm.ini
C:\WINDOWS\system32\mjvvclrf.ini
C:\WINDOWS\system32\mljspnpc.ini
C:\WINDOWS\system32\mlvnhhie.ini
C:\WINDOWS\system32\ncegjqvd.ini
C:\WINDOWS\system32\neogdiue.ini
C:\WINDOWS\system32\pdwuxfda.ini
C:\WINDOWS\system32\pskxxvrd.ini
C:\WINDOWS\system32\qskdgvyh.ini
C:\WINDOWS\system32\snihcdiq.ini
C:\WINDOWS\system32\syqxdhax.ini
C:\WINDOWS\system32\tatoosnk.ini
C:\WINDOWS\system32\thospcno.ini
C:\WINDOWS\system32\tinmschl.ini
C:\WINDOWS\system32\tpredjab.ini
C:\WINDOWS\system32\uihfyhjq.ini
C:\WINDOWS\system32\vcjbaqgm.ini
C:\WINDOWS\system32\vjmjcwhp.ini
C:\WINDOWS\system32\wdkcmtbn.ini
C:\WINDOWS\system32\wjbtsbig.ini
C:\WINDOWS\system32\wjingbgi.ini
C:\WINDOWS\system32\wlioibcq.ini
C:\WINDOWS\system32\yieekaql.ini
C:\WINDOWS\system32\yiuerkjb.ini
C:\WINDOWS\system32\yuldeahr.ini
C:\WINDOWS\system32\yxgpgbrj.ini
.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.
2007-12-30 14:18 . 2007-12-30 19:34 <DIR> dr-h----- C:\Documents and Settings\Per-Christian\Siste
2007-12-30 14:17 . 2007-12-30 14:17 <DIR> d-------- C:\Programfiler\CCleaner
2007-12-29 15:05 . 2007-12-29 15:05 <DIR> d-------- C:\Programfiler\Trend Micro
2007-12-29 14:55 . 2007-12-30 17:45 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware
2007-12-29 14:55 . 2007-12-29 14:55 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\SUPERAntiSpyware.com
2007-12-29 14:55 . 2007-12-29 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com
2007-12-29 14:34 . 2007-12-30 19:04 <DIR> d-------- C:\VundoFix Backups
2007-12-28 23:26 . 2007-12-29 15:47 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\gtk-2.0
2007-12-28 23:25 . 2007-12-28 23:25 <DIR> d-------- C:\Documents and Settings\Per-Christian\.thumbnails
2007-12-28 23:21 . 2007-12-29 15:49 <DIR> d-------- C:\Documents and Settings\Per-Christian\.gimp-2.4
2007-12-28 23:20 . 2007-12-28 23:21 <DIR> d-------- C:\Programfiler\GIMP-2.0
2007-12-28 23:06 . <DIR> C:\Documents and Settings\Rolf HÕvard\Lokale innstillinger
2007-12-28 23:06 . <DIR> C:\Documents and Settings\Rolf HÕvard\Lokale innstillinger
2007-12-28 23:06 . <DIR> C:\Documents and Settings\M°yfrid\Lokale innstillinger
2007-12-28 23:06 . <DIR> C:\Documents and Settings\M°yfrid\Lokale innstillinger
2007-12-28 16:44 . 2007-12-28 16:44 15 --a------ C:\WINDOWS\system32\8c303c19
2007-12-28 00:30 . 2007-12-29 14:47 7,168 --a------ C:\WINDOWS\system32\windows
2007-12-27 20:07 . 2007-12-27 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet
2007-12-25 17:49 . 2007-12-25 17:49 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\Printer Info Cache
2007-12-25 17:31 . 2007-12-25 18:00 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\U3
2007-12-21 21:54 . 2007-12-21 21:54 0 --a------ C:\WINDOWS\PowerReg.dat
2007-12-20 23:57 . 2007-12-30 19:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 23:57 . 2007-12-30 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-15 15:16 . 2007-12-15 15:16 <DIR> d-------- C:\Programfiler\Telenor
2007-12-15 15:16 . 2007-12-15 15:16 <DIR> d-------- C:\Programfiler\Fellesfiler\GtFlashSwitch
2007-12-10 16:08 . 2007-12-10 16:08 63 --a------ C:\WINDOWS\wininit.ini
2007-12-07 15:53 . 2007-12-07 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-07 15:48 . 2007-12-26 17:31 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP
2007-11-30 21:49 . 2007-12-04 19:24 48 --a------ C:\WINDOWS\scmate.ini
2007-11-30 21:30 . 2007-11-30 21:30 <DIR> d-------- C:\WINDOWS\MACROMED
2007-11-30 21:30 . 2007-12-04 22:18 <DIR> d-------- C:\WINDOWS\A3W_DATA
2007-11-30 21:30 . 2007-11-30 21:56 288 --a------ C:\WINDOWS\AWARE35.MCH
2007-11-23 22:26 . 2007-12-23 23:26 <DIR> d-------- C:\Incomplete
2007-11-15 19:28 . 2007-12-29 19:32 <DIR> d-------- C:\Musikk
2007-11-15 19:27 . 2007-12-18 17:41 <DIR> d-------- C:\Limewire
2007-11-13 18:04 . 2007-11-13 18:04 <DIR> d-------- C:\Documents and Settings\Caroline\Programdata\Nokia Multimedia Player
2007-11-12 18:24 . 2007-11-12 18:24 <DIR> d-------- C:\Documents and Settings\Caroline\Phone Browser
2007-11-12 18:23 . 2007-11-12 18:23 <DIR> d-------- C:\Documents and Settings\Caroline\Programdata\PC Suite
2007-11-11 15:52 . 2007-11-11 15:52 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\Nokia Multimedia Player
2007-11-11 15:51 . 2007-11-16 15:44 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\Nokia
2007-11-11 15:51 . 2007-11-11 15:51 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\DataLayer
2007-11-11 15:49 . 2007-11-11 15:49 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\PC Suite
2007-11-11 15:49 . 2007-11-11 17:44 <DIR> d-------- C:\Documents and Settings\Per-Christian\Phone Browser
2007-11-11 15:48 . 2007-12-16 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Downloaded Installations
2007-11-06 21:45 . 2007-11-06 21:45 268 --ah----- C:\sqmdata19.sqm
2007-11-06 21:45 . 2007-11-06 21:45 244 --ah----- C:\sqmnoopt19.sqm
2007-11-06 17:33 . 2007-11-06 17:33 268 --ah----- C:\sqmdata18.sqm
2007-11-06 17:33 . 2007-11-06 17:33 244 --ah----- C:\sqmnoopt18.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 14:25 --------- d-----w C:\Programfiler\Fellesfiler\Adobe
2007-12-26 19:29 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\LimeWire
2007-12-26 12:23 --------- d-----w C:\Programfiler\BitLord
2007-12-24 00:16 --------- d-----w C:\Programfiler\LimeWire
2007-12-21 20:48 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\Azureus
2007-12-18 19:35 --------- d-----w C:\Programfiler\Azureus
2007-12-16 13:18 --------- d-----w C:\Programfiler\NCH Swift Sound
2007-12-13 12:38 --------- d-----w C:\Documents and Settings\Caroline\Programdata\AdobeUM
2007-11-24 19:08 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\Image Zone Express
2007-11-13 17:53 --------- d-----w C:\Programfiler\Morpheus
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-21 21:04 3,032,828 ----a-w C:\mc.exe
2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cuckoo Clock"="C:\PROGRA~1\PARALL~1\Cuckoo.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 C:\WINDOWS\SkyTel.exe]
"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 15:58 C:\WINDOWS\RTHDCPL.EXE]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-12-25 22:37]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23]
"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
C:\Documents and Settings\Per-Christian\Start-meny\Programmer\Oppstart\
PowerReg Scheduler V3.exe [2007-12-21 21:54:34]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20]
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Mobilt bredb†nd.lnk - C:\Programfiler\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2007-07-27 11:50:04]
R2 GtFlashSwitch;GtFlashSwitch;C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 14:48]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 05:05]
R3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-04-14 05:05]
R3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-04-14 05:06]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-07-09 10:50]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-07-12 11:38]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 15:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 15:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 15:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-12-30 18:33:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 19:41:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-30 19:44:00 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-30 16:05
C:\ComboFix3.txt ... 2007-12-30 14:34
.
2007-12-22 11:39:30 --- E O F ---
Her er det andre du lurte på:
File: scmate.ini
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 9b122086c2a940aee8ad143ee08ab8c1
Packers detected: -
Bit9 reports: File not found
File: vbzip10.dll
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 5b25690cc2e55a6d4bc965068a7ba1ef
Packers detected: -
Bit9 reports: No threat detected (more info)
-
Trenger et program som jeg kan sette inn tekst på og utskriften blir like bra som på skjermen.
Noen forslag???
-
s939 ikke sant? i såfall bygg ny
Nei. socket AM2
-
kommer ann på PC-en..
specs?
HK: Asus M2R- FVM
CPU: AMD Athlon 64 Processor 3500+ 2.20 Ghz
Ram: 960 MB
Skjermkort: Innebygget ATI Radeon Xpress 1150
Harddisk: 250 GB
-
Vi fortsetter ...
Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.
Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.
KILLALL::
File::
C:\WINDOWS\system32\nmyyyhsu.dll
C:\WINDOWS\system32\flilnrhx.dll
C:\Documents and Settings\Per-Christian\services.exe
C:\WINDOWS\system32\kilaoeao.dll
C:\WINDOWS\system32\iqjwiolv.ini
C:\WINDOWS\system32\vloiwjqi.dll
C:\WINDOWS\system32\gddkpcpw.dll
C:\WINDOWS\system32\ursbbham.ini
C:\WINDOWS\system32\famdqleq.ini
C:\WINDOWS\system32\wndklwhn.ini
C:\WINDOWS\system32\nhwlkdnw.dll
C:\WINDOWS\system32\jvifbakv.dll
C:\WINDOWS\system32\qnmfpbqt.ini
C:\WINDOWS\system32\lgelbahg.dll
C:\WINDOWS\system32\gyaiipea.ini
C:\WINDOWS\system32\kswwvofr.ini
C:\WINDOWS\system32\rfovwwsk.dll
C:\WINDOWS\system32\ednqtgga.dll
C:\WINDOWS\system32\lsddkhik.dll
C:\WINDOWS\system32\etvgncge.dll
C:\WINDOWS\system32\icjndasf.ini
C:\WINDOWS\system32\fsadnjci.dll
C:\WINDOWS\system32\xicicemo.ini
C:\WINDOWS\system32\qyovepua.ini
C:\WINDOWS\system32\dtksocsh.ini
C:\WINDOWS\system32\icnjypoq.dll
C:\WINDOWS\system32\cpxhuthl.dll
C:\WINDOWS\system32\qopyjnci.ini
C:\WINDOWS\system32\bmqghukg.ini
C:\WINDOWS\system32\sjidvmks.ini
C:\WINDOWS\system32\ixnvusur.ini
C:\WINDOWS\system32\qrodapiy.dll
C:\WINDOWS\system32\ybbcrity.dll
C:\WINDOWS\system32\yipadorq.ini
C:\WINDOWS\system32\tubrdqel.ini
C:\WINDOWS\system32\wklduoog.dll
C:\WINDOWS\system32\jnmkmuwp.ini
C:\WINDOWS\system32\hvntktty.ini
C:\WINDOWS\system32\yttktnvh.dll
C:\WINDOWS\system32\yqaxtljr.dll
C:\WINDOWS\system32\bhkiyurd.ini
C:\WINDOWS\system32\xhmdnvtc.ini
C:\WINDOWS\system32\kkkpfngx.ini
C:\WINDOWS\system32\kroiqtrw.ini
C:\WINDOWS\system32\ipbypbjc.ini
C:\WINDOWS\system32\iyolxmef.ini
C:\WINDOWS\system32\ayeociiv.ini
C:\WINDOWS\system32\psxlribv.ini
C:\WINDOWS\system32\ayouujaw.ini
C:\WINDOWS\system32\rgbnxxru.ini
C:\WINDOWS\system32\eqexrrwd.ini
C:\WINDOWS\system32\gctrmxnk.ini
C:\WINDOWS\system32\sooyubjm.ini
C:\WINDOWS\system32\nhgarajg.ini
C:\WINDOWS\system32\qjslqgma.ini
C:\WINDOWS\system32\yavteagn.ini
C:\WINDOWS\system32\bevytorv.ini
C:\Documents and Settings\Caroline\services.exe
C:\WINDOWS\system32\tjwoiyab.ini
C:\WINDOWS\system32\njwhxunv.ini
C:\WINDOWS\system32\lhxdcddt.ini
C:\WINDOWS\system32\yuitlhuo.dll
C:\WINDOWS\system32\jtpvnjpr.ini
C:\WINDOWS\system32\fwcoamlv.ini
C:\WINDOWS\system32\lmosuunj.ini
C:\WINDOWS\system32\ridybrfg.ini
C:\WINDOWS\system32\ndngpclg.ini
C:\WINDOWS\system32\cxnfixuf.ini
C:\WINDOWS\system32\dstcfaka.ini
C:\WINDOWS\system32\gmgrxulu.ini
C:\WINDOWS\system32\lkboinxr.ini
C:\WINDOWS\system32\lemyybji.ini
C:\WINDOWS\system32\xprcmcem.ini
C:\WINDOWS\system32\jrubsjmo.ini
Start SAS, oppdater og kjør en full scan
Post Combofix-loggen + loggen fra SAS
ComboFix 07-12-21.4 - Per-Christian 2007-12-30 15:53:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.624 [GMT 1:00]
Running from: C:\Documents and Settings\Per-Christian\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Per-Christian\Skrivebord\CFScript.txt
* Created a new restore point
FILE
C:\Documents and Settings\Caroline\services.exe
C:\Documents and Settings\Per-Christian\services.exe
C:\WINDOWS\system32\ayeociiv.ini
C:\WINDOWS\system32\ayouujaw.ini
C:\WINDOWS\system32\bevytorv.ini
C:\WINDOWS\system32\bhkiyurd.ini
C:\WINDOWS\system32\bmqghukg.ini
C:\WINDOWS\system32\cpxhuthl.dll
C:\WINDOWS\system32\cxnfixuf.ini
C:\WINDOWS\system32\dstcfaka.ini
C:\WINDOWS\system32\dtksocsh.ini
C:\WINDOWS\system32\ednqtgga.dll
C:\WINDOWS\system32\eqexrrwd.ini
C:\WINDOWS\system32\etvgncge.dll
C:\WINDOWS\system32\famdqleq.ini
C:\WINDOWS\system32\flilnrhx.dll
C:\WINDOWS\system32\fsadnjci.dll
C:\WINDOWS\system32\fwcoamlv.ini
C:\WINDOWS\system32\gctrmxnk.ini
C:\WINDOWS\system32\gddkpcpw.dll
C:\WINDOWS\system32\gmgrxulu.ini
C:\WINDOWS\system32\gyaiipea.ini
C:\WINDOWS\system32\hvntktty.ini
C:\WINDOWS\system32\icjndasf.ini
C:\WINDOWS\system32\icnjypoq.dll
C:\WINDOWS\system32\ipbypbjc.ini
C:\WINDOWS\system32\iqjwiolv.ini
C:\WINDOWS\system32\ixnvusur.ini
C:\WINDOWS\system32\iyolxmef.ini
C:\WINDOWS\system32\jnmkmuwp.ini
C:\WINDOWS\system32\jrubsjmo.ini
C:\WINDOWS\system32\jtpvnjpr.ini
C:\WINDOWS\system32\jvifbakv.dll
C:\WINDOWS\system32\kilaoeao.dll
C:\WINDOWS\system32\kkkpfngx.ini
C:\WINDOWS\system32\kroiqtrw.ini
C:\WINDOWS\system32\kswwvofr.ini
C:\WINDOWS\system32\lemyybji.ini
C:\WINDOWS\system32\lgelbahg.dll
C:\WINDOWS\system32\lhxdcddt.ini
C:\WINDOWS\system32\lkboinxr.ini
C:\WINDOWS\system32\lmosuunj.ini
C:\WINDOWS\system32\lsddkhik.dll
C:\WINDOWS\system32\ndngpclg.ini
C:\WINDOWS\system32\nhgarajg.ini
C:\WINDOWS\system32\nhwlkdnw.dll
C:\WINDOWS\system32\njwhxunv.ini
C:\WINDOWS\system32\nmyyyhsu.dll
C:\WINDOWS\system32\psxlribv.ini
C:\WINDOWS\system32\qjslqgma.ini
C:\WINDOWS\system32\qnmfpbqt.ini
C:\WINDOWS\system32\qopyjnci.ini
C:\WINDOWS\system32\qrodapiy.dll
C:\WINDOWS\system32\qyovepua.ini
C:\WINDOWS\system32\rfovwwsk.dll
C:\WINDOWS\system32\rgbnxxru.ini
C:\WINDOWS\system32\ridybrfg.ini
C:\WINDOWS\system32\sjidvmks.ini
C:\WINDOWS\system32\sooyubjm.ini
C:\WINDOWS\system32\tjwoiyab.ini
C:\WINDOWS\system32\tubrdqel.ini
C:\WINDOWS\system32\ursbbham.ini
C:\WINDOWS\system32\vloiwjqi.dll
C:\WINDOWS\system32\wklduoog.dll
C:\WINDOWS\system32\wndklwhn.ini
C:\WINDOWS\system32\xhmdnvtc.ini
C:\WINDOWS\system32\xicicemo.ini
C:\WINDOWS\system32\xprcmcem.ini
C:\WINDOWS\system32\yavteagn.ini
C:\WINDOWS\system32\ybbcrity.dll
C:\WINDOWS\system32\yipadorq.ini
C:\WINDOWS\system32\yqaxtljr.dll
C:\WINDOWS\system32\yttktnvh.dll
C:\WINDOWS\system32\yuitlhuo.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Caroline\services.exe
C:\Documents and Settings\Per-Christian\services.exe
C:\WINDOWS\system32\ayeociiv.ini
C:\WINDOWS\system32\ayouujaw.ini
C:\WINDOWS\system32\bevytorv.ini
C:\WINDOWS\system32\bhkiyurd.ini
C:\WINDOWS\system32\bmqghukg.ini
C:\WINDOWS\system32\cpxhuthl.dll
C:\WINDOWS\system32\cxnfixuf.ini
C:\WINDOWS\system32\dstcfaka.ini
C:\WINDOWS\system32\dtksocsh.ini
C:\WINDOWS\system32\ednqtgga.dll
C:\WINDOWS\system32\eqexrrwd.ini
C:\WINDOWS\system32\etvgncge.dll
C:\WINDOWS\system32\famdqleq.ini
C:\WINDOWS\system32\flilnrhx.dll
C:\WINDOWS\system32\fsadnjci.dll
C:\WINDOWS\system32\fwcoamlv.ini
C:\WINDOWS\system32\gctrmxnk.ini
C:\WINDOWS\system32\gddkpcpw.dll
C:\WINDOWS\system32\gmgrxulu.ini
C:\WINDOWS\system32\gyaiipea.ini
C:\WINDOWS\system32\hvntktty.ini
C:\WINDOWS\system32\icjndasf.ini
C:\WINDOWS\system32\icnjypoq.dll
C:\WINDOWS\system32\ipbypbjc.ini
C:\WINDOWS\system32\iqjwiolv.ini
C:\WINDOWS\system32\ixnvusur.ini
C:\WINDOWS\system32\iyolxmef.ini
C:\WINDOWS\system32\jnmkmuwp.ini
C:\WINDOWS\system32\jrubsjmo.ini
C:\WINDOWS\system32\jtpvnjpr.ini
C:\WINDOWS\system32\jvifbakv.dll
C:\WINDOWS\system32\kilaoeao.dll
C:\WINDOWS\system32\kkkpfngx.ini
C:\WINDOWS\system32\kroiqtrw.ini
C:\WINDOWS\system32\kswwvofr.ini
C:\WINDOWS\system32\lemyybji.ini
C:\WINDOWS\system32\lgelbahg.dll
C:\WINDOWS\system32\lhxdcddt.ini
C:\WINDOWS\system32\lkboinxr.ini
C:\WINDOWS\system32\lmosuunj.ini
C:\WINDOWS\system32\lsddkhik.dll
C:\WINDOWS\system32\ndngpclg.ini
C:\WINDOWS\system32\nhgarajg.ini
C:\WINDOWS\system32\nhwlkdnw.dll
C:\WINDOWS\system32\njwhxunv.ini
C:\WINDOWS\system32\nmyyyhsu.dll
C:\WINDOWS\system32\psxlribv.ini
C:\WINDOWS\system32\qjslqgma.ini
C:\WINDOWS\system32\qnmfpbqt.ini
C:\WINDOWS\system32\qopyjnci.ini
C:\WINDOWS\system32\qrodapiy.dll
C:\WINDOWS\system32\qyovepua.ini
C:\WINDOWS\system32\rfovwwsk.dll
C:\WINDOWS\system32\rgbnxxru.ini
C:\WINDOWS\system32\ridybrfg.ini
C:\WINDOWS\system32\sjidvmks.ini
C:\WINDOWS\system32\sooyubjm.ini
C:\WINDOWS\system32\tjwoiyab.ini
C:\WINDOWS\system32\tubrdqel.ini
C:\WINDOWS\system32\ursbbham.ini
C:\WINDOWS\system32\vloiwjqi.dll
C:\WINDOWS\system32\wklduoog.dll
C:\WINDOWS\system32\wndklwhn.ini
C:\WINDOWS\system32\xhmdnvtc.ini
C:\WINDOWS\system32\xicicemo.ini
C:\WINDOWS\system32\xprcmcem.ini
C:\WINDOWS\system32\yavteagn.ini
C:\WINDOWS\system32\ybbcrity.dll
C:\WINDOWS\system32\yipadorq.ini
C:\WINDOWS\system32\yqaxtljr.dll
C:\WINDOWS\system32\yttktnvh.dll
C:\WINDOWS\system32\yuitlhuo.dll
.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.
2007-12-30 14:18 . 2007-12-30 15:49 <DIR> dr-h----- C:\Documents and Settings\Per-Christian\Siste
2007-12-30 14:17 . 2007-12-30 14:17 <DIR> d-------- C:\Programfiler\CCleaner
2007-12-29 15:05 . 2007-12-29 15:05 <DIR> d-------- C:\Programfiler\Trend Micro
2007-12-29 14:55 . 2007-12-29 15:33 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware
2007-12-29 14:55 . 2007-12-29 14:55 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\SUPERAntiSpyware.com
2007-12-29 14:55 . 2007-12-29 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com
2007-12-29 14:34 . 2007-12-29 14:34 <DIR> d-------- C:\VundoFix Backups
2007-12-28 23:26 . 2007-12-29 15:47 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\gtk-2.0
2007-12-28 23:25 . 2007-12-28 23:25 <DIR> d-------- C:\Documents and Settings\Per-Christian\.thumbnails
2007-12-28 23:21 . 2007-12-29 15:49 <DIR> d-------- C:\Documents and Settings\Per-Christian\.gimp-2.4
2007-12-28 23:20 . 2007-12-28 23:21 <DIR> d-------- C:\Programfiler\GIMP-2.0
2007-12-28 23:06 . <DIR> C:\Documents and Settings\Rolf HÕvard\Lokale innstillinger
2007-12-28 23:06 . <DIR> C:\Documents and Settings\Rolf HÕvard\Lokale innstillinger
2007-12-28 23:06 . <DIR> C:\Documents and Settings\M°yfrid\Lokale innstillinger
2007-12-28 23:06 . <DIR> C:\Documents and Settings\M°yfrid\Lokale innstillinger
2007-12-28 16:44 . 2007-12-28 16:44 15 --a------ C:\WINDOWS\system32\8c303c19
2007-12-28 00:30 . 2007-12-29 14:47 7,168 --a------ C:\WINDOWS\system32\windows
2007-12-27 20:07 . 2007-12-27 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet
2007-12-25 17:49 . 2007-12-25 17:49 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\Printer Info Cache
2007-12-25 17:31 . 2007-12-25 18:00 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\U3
2007-12-21 21:54 . 2007-12-21 21:54 0 --a------ C:\WINDOWS\PowerReg.dat
2007-12-20 23:57 . 2007-12-30 16:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 23:57 . 2007-12-30 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-17 16:21 . 2007-12-17 20:26 971,189 ---hs---- C:\WINDOWS\system32\vcjbaqgm.ini
2007-12-17 15:18 . 2007-12-17 15:18 970,434 ---hs---- C:\WINDOWS\system32\mlvnhhie.ini
2007-12-16 19:43 . 2007-12-17 15:15 970,374 ---hs---- C:\WINDOWS\system32\qskdgvyh.ini
2007-12-16 14:19 . 2007-12-16 19:21 970,443 ---hs---- C:\WINDOWS\system32\yiuerkjb.ini
2007-12-16 14:01 . 2007-12-16 14:13 970,374 ---hs---- C:\WINDOWS\system32\tatoosnk.ini
2007-12-16 10:41 . 2007-12-16 10:42 970,794 ---hs---- C:\WINDOWS\system32\corggbsc.ini
2007-12-16 09:45 . 2007-12-16 09:45 970,734 ---hs---- C:\WINDOWS\system32\itlesyto.ini
2007-12-16 03:56 . 2007-12-16 09:39 970,674 ---hs---- C:\WINDOWS\system32\neogdiue.ini
2007-12-16 02:59 . 2007-12-16 03:00 970,554 ---hs---- C:\WINDOWS\system32\cuxgovlo.ini
2007-12-16 00:08 . 2007-12-16 02:53 474 ---hs---- C:\WINDOWS\system32\jefvqmkn.ini
2007-12-16 00:02 . 2007-12-16 00:05 354 ---hs---- C:\WINDOWS\system32\gklpwxai.ini
2007-12-15 23:47 . 2007-12-15 23:47 970,854 ---hs---- C:\WINDOWS\system32\fgvwgbbb.ini
2007-12-15 23:24 . 2007-12-15 23:44 970,794 ---hs---- C:\WINDOWS\system32\vjmjcwhp.ini
2007-12-15 22:47 . 2007-12-15 23:21 970,614 ---hs---- C:\WINDOWS\system32\syqxdhax.ini
2007-12-15 22:05 . 2007-12-15 22:45 474 ---hs---- C:\WINDOWS\system32\thospcno.ini
2007-12-15 21:52 . 2007-12-15 22:01 354 ---hs---- C:\WINDOWS\system32\luwifwsm.ini
2007-12-15 21:18 . 2007-12-15 21:33 970,374 ---hs---- C:\WINDOWS\system32\hldbeuvk.ini
2007-12-15 20:59 . 2007-12-15 20:59 970,314 ---hs---- C:\WINDOWS\system32\cdovskxx.ini
2007-12-15 20:52 . 2007-12-15 20:52 970,314 ---hs---- C:\WINDOWS\system32\huvtegti.ini
2007-12-15 16:19 . 2007-12-15 20:47 957,687 ---hs---- C:\WINDOWS\system32\mjvvclrf.ini
2007-12-15 15:44 . 2007-12-15 16:16 957,567 ---hs---- C:\WINDOWS\system32\yuldeahr.ini
2007-12-15 15:28 . 2007-12-15 15:29 956,636 ---hs---- C:\WINDOWS\system32\dfcqcakq.ini
2007-12-15 15:16 . 2007-12-15 15:16 <DIR> d-------- C:\Programfiler\Telenor
2007-12-15 15:16 . 2007-12-15 15:16 <DIR> d-------- C:\Programfiler\Fellesfiler\GtFlashSwitch
2007-12-15 14:34 . 2007-12-15 14:34 956,876 ---hs---- C:\WINDOWS\system32\wdkcmtbn.ini
2007-12-14 22:58 . 2007-12-15 14:28 952,383 ---hs---- C:\WINDOWS\system32\snihcdiq.ini
2007-12-14 21:44 . 2007-12-14 22:56 952,263 ---hs---- C:\WINDOWS\system32\yieekaql.ini
2007-12-14 20:17 . 2007-12-14 20:17 534 ---hs---- C:\WINDOWS\system32\mljspnpc.ini
2007-12-14 18:29 . 2007-12-14 20:14 474 ---hs---- C:\WINDOWS\system32\tinmschl.ini
2007-12-14 10:33 . 2007-12-14 18:23 354 ---hs---- C:\WINDOWS\system32\kavukowl.ini
2007-12-13 20:49 . 2007-12-13 20:49 1,143,593 ---hs---- C:\WINDOWS\system32\lqtonbpe.ini
2007-12-13 17:37 . 2007-12-13 20:50 917,464 ---hs---- C:\WINDOWS\system32\uihfyhjq.ini
2007-12-13 14:43 . 2007-12-13 17:31 929,827 ---hs---- C:\WINDOWS\system32\tpredjab.ini
2007-12-13 13:43 . 2007-12-13 13:43 929,707 ---hs---- C:\WINDOWS\system32\fiaywrdq.ini
2007-12-13 10:00 . 2007-12-13 13:37 929,647 ---hs---- C:\WINDOWS\system32\wjingbgi.ini
2007-12-13 09:28 . 2007-12-13 09:55 929,527 ---hs---- C:\WINDOWS\system32\askwqbcc.ini
2007-12-13 08:35 . 2007-12-13 09:25 930,892 ---hs---- C:\WINDOWS\system32\pskxxvrd.ini
2007-12-12 20:49 . 2007-12-13 08:32 916,953 ---hs---- C:\WINDOWS\system32\wlioibcq.ini
2007-12-12 20:09 . 2007-12-12 20:09 890,539 ---hs---- C:\WINDOWS\system32\wjbtsbig.ini
2007-12-12 18:37 . 2007-12-12 20:06 914,050 ---hs---- C:\WINDOWS\system32\cpxghofn.ini
2007-12-11 20:20 . 2007-12-12 18:31 913,280 ---hs---- C:\WINDOWS\system32\bkyuvale.ini
2007-12-11 19:00 . 2007-12-11 20:17 913,142 ---hs---- C:\WINDOWS\system32\yxgpgbrj.ini
2007-12-11 09:35 . 2007-12-11 17:56 896,042 ---hs---- C:\WINDOWS\system32\dhvklmlb.ini
2007-12-10 16:08 . 2007-12-10 16:08 63 --a------ C:\WINDOWS\wininit.ini
2007-12-10 16:05 . 2007-12-10 21:14 853,584 ---hs---- C:\WINDOWS\system32\pdwuxfda.ini
2007-12-09 10:12 . 2007-12-10 16:02 834,418 ---hs---- C:\WINDOWS\system32\ncegjqvd.ini
2007-12-07 15:53 . 2007-12-07 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-07 15:48 . 2007-12-26 17:31 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP
2007-11-30 21:49 . 2007-12-04 19:24 48 --a------ C:\WINDOWS\scmate.ini
2007-11-30 21:30 . 2007-11-30 21:30 <DIR> d-------- C:\WINDOWS\MACROMED
2007-11-30 21:30 . 2007-12-04 22:18 <DIR> d-------- C:\WINDOWS\A3W_DATA
2007-11-30 21:30 . 2007-11-30 21:56 288 --a------ C:\WINDOWS\AWARE35.MCH
2007-11-23 22:26 . 2007-12-23 23:26 <DIR> d-------- C:\Incomplete
2007-11-15 19:28 . 2007-12-29 19:32 <DIR> d-------- C:\Musikk
2007-11-15 19:27 . 2007-12-18 17:41 <DIR> d-------- C:\Limewire
2007-11-13 18:04 . 2007-11-13 18:04 <DIR> d-------- C:\Documents and Settings\Caroline\Programdata\Nokia Multimedia Player
2007-11-12 18:24 . 2007-11-12 18:24 <DIR> d-------- C:\Documents and Settings\Caroline\Phone Browser
2007-11-12 18:23 . 2007-11-12 18:23 <DIR> d-------- C:\Documents and Settings\Caroline\Programdata\PC Suite
2007-11-11 15:52 . 2007-11-11 15:52 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\Nokia Multimedia Player
2007-11-11 15:51 . 2007-11-16 15:44 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\Nokia
2007-11-11 15:51 . 2007-11-11 15:51 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\DataLayer
2007-11-11 15:49 . 2007-11-11 15:49 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\PC Suite
2007-11-11 15:49 . 2007-11-11 17:44 <DIR> d-------- C:\Documents and Settings\Per-Christian\Phone Browser
2007-11-11 15:48 . 2007-12-16 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Downloaded Installations
2007-11-06 21:45 . 2007-11-06 21:45 268 --ah----- C:\sqmdata19.sqm
2007-11-06 21:45 . 2007-11-06 21:45 244 --ah----- C:\sqmnoopt19.sqm
2007-11-06 17:33 . 2007-11-06 17:33 268 --ah----- C:\sqmdata18.sqm
2007-11-06 17:33 . 2007-11-06 17:33 244 --ah----- C:\sqmnoopt18.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 14:25 --------- d-----w C:\Programfiler\Fellesfiler\Adobe
2007-12-26 19:29 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\LimeWire
2007-12-26 12:23 --------- d-----w C:\Programfiler\BitLord
2007-12-24 00:16 --------- d-----w C:\Programfiler\LimeWire
2007-12-21 20:48 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\Azureus
2007-12-18 19:35 --------- d-----w C:\Programfiler\Azureus
2007-12-16 13:18 --------- d-----w C:\Programfiler\NCH Swift Sound
2007-12-13 12:38 --------- d-----w C:\Documents and Settings\Caroline\Programdata\AdobeUM
2007-11-24 19:08 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\Image Zone Express
2007-11-13 17:53 --------- d-----w C:\Programfiler\Morpheus
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-21 21:04 3,032,828 ----a-w C:\mc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cuckoo Clock"="C:\PROGRA~1\PARALL~1\Cuckoo.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 C:\WINDOWS\SkyTel.exe]
"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 15:58 C:\WINDOWS\RTHDCPL.EXE]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-12-25 22:37]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23]
"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
C:\Documents and Settings\Per-Christian\Start-meny\Programmer\Oppstart\
PowerReg Scheduler V3.exe [2007-12-21 21:54:34]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20]
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Mobilt bredb†nd.lnk - C:\Programfiler\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2007-07-27 11:50:04]
R2 GtFlashSwitch;GtFlashSwitch;C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 14:48]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 05:05]
R3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-04-14 05:05]
R3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-04-14 05:06]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-07-09 10:50]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-07-12 11:38]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 15:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 15:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 15:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-12-30 14:33:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 16:04:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-30 16:05:31 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-30 14:34
C:\ComboFix3.txt ... 2007-12-28 23:05
.
2007-12-22 11:39:30 --- E O F ---
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/30/2007 at 05:23 PM
Application Version : 3.9.1008
Core Rules Database Version : 3370
Trace Rules Database Version: 1365
Scan type : Complete Scan
Total Scan Time : 00:59:41
Memory items scanned : 622
Memory threats detected : 0
Registry items scanned : 4962
Registry threats detected : 16
File items scanned : 48046
File threats detected : 210
Adware.MyWebSearch
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAMFILER\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{A656C5F6-2920-401D-A773-01C9A3938E4C}
HKCR\CLSID\{A656C5F6-2920-401D-A773-01C9A3938E4C}
HKCR\CLSID\{A656C5F6-2920-401D-A773-01C9A3938E4C}\InprocServer32
HKCR\CLSID\{A656C5F6-2920-401D-A773-01C9A3938E4C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\AWTQN.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Per-Christian\Cookies\per-christian@2o7[1].txt
C:\Documents and Settings\Per-Christian\Cookies\per-christian@tradedoubler[1].txt
C:\Documents and Settings\Per-Christian\Cookies\per-christian@serving-sys[1].txt
C:\Documents and Settings\Per-Christian\Cookies\[email protected][1].txt
C:\Documents and Settings\Per-Christian\Cookies\per-christian@adbrite[2].txt
C:\Documents and Settings\Per-Christian\Cookies\per-christian@cgi-bin[1].txt
C:\Documents and Settings\Per-Christian\Cookies\per-christian@advertising[1].txt
C:\Documents and Settings\Per-Christian\Cookies\[email protected][1].txt
C:\Documents and Settings\Per-Christian\Cookies\[email protected][2].txt
C:\Documents and Settings\Per-Christian\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@2o7[2].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][2].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@adtech[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@advertising[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@atdmt[2].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@cassava[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@doubleclick[1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@mywebsearch[1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@overture[2].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@partypoker[2].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@serving-sys[1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@socialmedia[2].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@statcounter[2].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\[email protected][1].txt
C:\Documents and Settings\Caroline\Cookies\caroline@tradedoubler[2].txt
C:\Documents and Settings\Caroline\Cookies\caroline@zedo[1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@2o7[2].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][2].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][2].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][2].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@adbrite[1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@adinterax[1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@adrevolver[2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@adrevolver[3].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][2].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@adtech[2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@advertising[1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@atdmt[2].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@burstnet[2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@casalemedia[1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@click24[2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@clickbank[1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@clicktorrent[1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@directtrack[1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@doubleclick[1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][2].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][2].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@ez-tracks[1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@fastclick[1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@gostats[2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@hitbox[2].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@mediaplex[1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@mywebsearch[2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@overture[2].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@partypoker[1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@realmedia[1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@revenue[1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@revsci[1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@serving-sys[1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@specificclick[2].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@statcounter[1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@tradedoubler[2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@tribalfusion[1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@tripod[1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@upspiral[2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@usenext[2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@weefind[1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\[email protected][1].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@xiti[2].txt
C:\Documents and Settings\Christoffer\Cookies\christoffer@zedo[1].txt
C:\Documents and Settings\Møyfrid\Cookies\mø[email protected][1].txt
C:\Documents and Settings\Møyfrid\Cookies\møyfrid@advertising[2].txt
C:\Documents and Settings\Møyfrid\Cookies\møyfrid@doubleclick[1].txt
C:\Documents and Settings\Møyfrid\Cookies\mø[email protected][1].txt
C:\Documents and Settings\Møyfrid\Cookies\møyfrid@mywebsearch[2].txt
C:\Documents and Settings\Møyfrid\Cookies\møyfrid@statcounter[2].txt
C:\Documents and Settings\Møyfrid\Cookies\mø[email protected][1].txt
C:\Documents and Settings\Møyfrid\Cookies\mø[email protected][2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@2o7[2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@adtech[2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@advertising[2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@atdmt[2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@click24[2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@doubleclick[1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@linksynergy[2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@mywebsearch[1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@partypoker[1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@sexbutikken[2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@sexchatten[2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@specificclick[2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@statcounter[1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@tradedoubler[1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][1].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf hå[email protected][2].txt
C:\Documents and Settings\Rolf Håvard\Cookies\rolf håvard@zedo[1].txt
Malware.LocusSoftware Inc/ConfidentSurf
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved#{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21} [ secure_del ]
Malware.LocusSoftware Inc/PCPrivacyTool
HKLM\Software\Purchased Products
HKLM\Software\Purchased Products\System Error Repair
HKLM\Software\Purchased Products\System Error Repair#domain
HKLM\Software\Purchased Products\System Error Repair#pname
HKLM\Software\Purchased Products\System Error Repair#cname
Adware.Vundo-Variant/Small-A
C:\DOCUMENTS AND SETTINGS\CHRISTOFFER\LOKALE INNSTILLINGER\TEMP\BYMBUTSQ.DLL
C:\DOCUMENTS AND SETTINGS\CHRISTOFFER\LOKALE INNSTILLINGER\TEMP\GAJJNRVD.DLL
C:\DOCUMENTS AND SETTINGS\CHRISTOFFER\LOKALE INNSTILLINGER\TEMP\GPDAPAHP.DLL
C:\DOCUMENTS AND SETTINGS\CHRISTOFFER\LOKALE INNSTILLINGER\TEMP\JPDFVXMC.DLL
C:\DOCUMENTS AND SETTINGS\CHRISTOFFER\LOKALE INNSTILLINGER\TEMP\LGXFBTEH.DLL
C:\DOCUMENTS AND SETTINGS\CHRISTOFFER\LOKALE INNSTILLINGER\TEMP\LKVWULME.DLL
C:\DOCUMENTS AND SETTINGS\CHRISTOFFER\LOKALE INNSTILLINGER\TEMP\NOMTCBRH.DLL
C:\DOCUMENTS AND SETTINGS\CHRISTOFFER\LOKALE INNSTILLINGER\TEMP\PDQPJRQL.DLL
C:\DOCUMENTS AND SETTINGS\CHRISTOFFER\LOKALE INNSTILLINGER\TEMP\SWRWVWVA.DLL
C:\DOCUMENTS AND SETTINGS\CHRISTOFFER\LOKALE INNSTILLINGER\TEMP\VKJJQOSY.DLL
C:\DOCUMENTS AND SETTINGS\CHRISTOFFER\LOKALE INNSTILLINGER\TEMP\XLUJQPLX.DLL
C:\DOCUMENTS AND SETTINGS\CHRISTOFFER\LOKALE INNSTILLINGER\TEMP\YXSUWYYK.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP216\A0053139.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP216\A0053140.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP217\A0060139.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP217\A0060140.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP217\A0064139.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP217\A0064178.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP218\A0064201.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP218\A0065273.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP218\A0065281.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP219\A0066304.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089616.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089617.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089618.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089619.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089620.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089621.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089622.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089623.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089624.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089625.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089626.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089627.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089628.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089629.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089630.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089631.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089632.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089633.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089634.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089635.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089636.DLL
Rogue.StorageProtector/Trace
C:\QOOBOX\QUARANTINE\C\PROGRAMFILER\FELLESFILER\STORAGEPROTECTOR\STRPMON.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0E8130BA-F2CE-49B0-B408-8F249F60F8AD}\RP221\A0089645.EXE
Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAMFILER\FELLESFILER\YAZZLE1560OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAMFILER\FELLESFILER\YAZZLE1560OINUNINSTALLER.EXE.VIR
Adware.ClickSpring
C:\qoobox\Quarantine\C\WINDOWS\DOBE~1\RGEDIT~1.VIR
-
Nå bruker jeg en pc som hele familien bruker. Skal jeg oppgradere den eller skal jeg bygge meg en ny?
-
HP Photosmart C5180 All in One er en kjempebra skriver.
Den kan du koble til nettverket, og Skriver, kopierer og skanner kjempebra.
Tomlene opp for den ass.
-
Jeg har ikke plass til to 24 tommer skjermer, derfor jeg spørr om noen har noen bra tips til 2 stk 19tommer skjermer.. :-)
Jeg vil annbefale LG Flatron LG194WS som et godt kjøp. De er Widescreen og 5000:1 i kontrast.
En koster ca 1800kr.
Har en slik selv, men jeg har ikke to av de.
Slik ser de ut:
-
Jeg vil si at LG Flatron L194WS er et godt kjøp.
Den er widescreen og passer pra til vanlig bruk.
Koster 1800 ca på det billigste.
Sjekk linken under:
-
Jeg har nå kjøpt meg en 19" widescreen, men bruker fortsatt det interne skjermkortet.
Derfor er noe litt uklart. Vil et nytt skjermkort gjøre skjermen bedre?
-
Et lurt kjøp er LG Flatron L194WS. Det er en Widescreen 19" skjerm, og koster under 2000kr.
-
Oki, takk.
-
Du har 2,2GHz
AMD har noe som kalles Cool'n Quiet som basicly går ut på at den klokker ned prosessoren når du ikke har bruk for mer kraft. Derfor viser den bare 900MHz noen ganger. Så fort du trenger mer kraft så klokker den farta opp igjen. Ingen fare med andre ord
Men det står 3500+.
Vil ikke dt si at jeg har 3,5Ghz.
Ikke vet jeg.
-
Jeg er litt usikker på hvor mye Gz min prosessor har så derfor lastet jeg ned SIW.
Der sto det:
Number of CPU(s) One Physical Processor / One Core / One Logical Processor / 64 bits
Vendor AuthenticAMD
CPU Full Name AMD Athlon 64 3500+
CPU Name AMD Athlon 64 Processor 3500+
Men i Egenskaper på min datamaskin står det at jeg har 2,19Ghz
Og noen ganger står det at jeg bare har 900Mhz.
Hvor mye har jeg egentlig???
-
Tror ikke SAS fikk scannet hele PC-en da den normalt bruker mer en 3 minutter på dette, men la oss fortsette:
Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:
O2 - BHO: (no name) - {B1ABD21F-17A1-6059-D25D-4AE6048E5893} - C:\WINDOWS\system32\gkxnvxn.dll (file missing)
O2 - BHO: (no name) - {C6ABD21B-17A8-635B-D22E-39E6078758E0} - C:\WINDOWS\system32\gkxnvxn.dll (file missing)
O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\CHRIST~1\LOKALE~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKCU\..\Run: [Cmta] "C:\DOCUME~1\PER-CH~1\MINEDO~1\TSKS~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [Jhkzkcke] C:\WINDOWS\?dobe\r?gedit.exe
O4 - HKCU\..\Run: [Router] C:\Programfiler\Router\Router.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O20 - Winlogon Notify: iifebca - iifebca.dll (file missing)
Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.
-------
Åpne Utforsker og gå til C: , Ordne filene etter Type, finn og merk alle Pos***.tmp filene. (*** = tall/bokstaver). Slett dem
------
Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.
Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.
File::
C:\Programfiler\Router\Router.exe
C:\WINDOWS\system32\cehfcbex.ini
C:\WINDOWS\system32\jshipilw.dll
C:\WINDOWS\system32\cfsifetv.ini
C:\WINDOWS\system32\vtefisfc.dll
C:\WINDOWS\system32\kqvxcfgr.dll
C:\WINDOWS\system32\kosswpjo.ini
C:\WINDOWS\system32\oolqfomd.ini
C:\WINDOWS\system32\nvjiqgym.ini
C:\WINDOWS\system32\mygqijvn.dll
C:\WINDOWS\system32\oxtmfjhl.dll
C:\WINDOWS\system32\ooamdwct.ini
C:\WINDOWS\system32\wjuopcyl.dll
Folder::
C:\Programfiler\Router
C:\WINDOWS\?dobe
ComboFix 07-12-21.4 - Per-Christian 2007-12-30 14:26:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.386 [GMT 1:00]
Running from: C:\Documents and Settings\Per-Christian\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Per-Christian\Skrivebord\CFScript.txt
* Created a new restore point
FILE
C:\Programfiler\Router\Router.exe
C:\WINDOWS\system32\cehfcbex.ini
C:\WINDOWS\system32\cfsifetv.ini
C:\WINDOWS\system32\jshipilw.dll
C:\WINDOWS\system32\kosswpjo.ini
C:\WINDOWS\system32\kqvxcfgr.dll
C:\WINDOWS\system32\mygqijvn.dll
C:\WINDOWS\system32\nvjiqgym.ini
C:\WINDOWS\system32\ooamdwct.ini
C:\WINDOWS\system32\oolqfomd.ini
C:\WINDOWS\system32\oxtmfjhl.dll
C:\WINDOWS\system32\vtefisfc.dll
C:\WINDOWS\system32\wjuopcyl.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Programfiler\Router
C:\Programfiler\Router\Router.exe
C:\Programfiler\Router\UnInstall.exe
C:\WINDOWS\system32\cehfcbex.ini
C:\WINDOWS\system32\cfsifetv.ini
C:\WINDOWS\system32\jshipilw.dll
C:\WINDOWS\system32\kosswpjo.ini
C:\WINDOWS\system32\kqvxcfgr.dll
C:\WINDOWS\system32\mygqijvn.dll
C:\WINDOWS\system32\nvjiqgym.ini
C:\WINDOWS\system32\ooamdwct.ini
C:\WINDOWS\system32\oolqfomd.ini
C:\WINDOWS\system32\oxtmfjhl.dll
C:\WINDOWS\system32\vtefisfc.dll
C:\WINDOWS\system32\wjuopcyl.dll
.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.
2007-12-30 14:18 . 2007-12-30 14:23 <DIR> dr-h----- C:\Documents and Settings\Per-Christian\Siste
2007-12-30 14:17 . 2007-12-30 14:17 <DIR> d-------- C:\Programfiler\CCleaner
2007-12-29 15:05 . 2007-12-29 15:05 <DIR> d-------- C:\Programfiler\Trend Micro
2007-12-29 14:55 . 2007-12-29 15:33 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware
2007-12-29 14:55 . 2007-12-29 14:55 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\SUPERAntiSpyware.com
2007-12-29 14:55 . 2007-12-29 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com
2007-12-29 14:34 . 2007-12-29 14:34 <DIR> d-------- C:\VundoFix Backups
2007-12-28 23:26 . 2007-12-29 15:47 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\gtk-2.0
2007-12-28 23:25 . 2007-12-28 23:25 <DIR> d-------- C:\Documents and Settings\Per-Christian\.thumbnails
2007-12-28 23:21 . 2007-12-29 15:49 <DIR> d-------- C:\Documents and Settings\Per-Christian\.gimp-2.4
2007-12-28 23:20 . 2007-12-28 23:21 <DIR> d-------- C:\Programfiler\GIMP-2.0
2007-12-28 23:06 . <DIR> C:\Documents and Settings\Rolf HÕvard\Lokale innstillinger
2007-12-28 23:06 . <DIR> C:\Documents and Settings\Rolf HÕvard\Lokale innstillinger
2007-12-28 23:06 . <DIR> C:\Documents and Settings\M°yfrid\Lokale innstillinger
2007-12-28 23:06 . <DIR> C:\Documents and Settings\M°yfrid\Lokale innstillinger
2007-12-28 16:44 . 2007-12-28 16:44 15 --a------ C:\WINDOWS\system32\8c303c19
2007-12-28 00:30 . 2007-12-29 14:47 7,168 --a------ C:\WINDOWS\system32\windows
2007-12-27 20:07 . 2007-12-27 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet
2007-12-25 17:49 . 2007-12-25 17:49 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\Printer Info Cache
2007-12-25 17:31 . 2007-12-25 18:00 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\U3
2007-12-25 00:50 . 2007-12-25 00:50 75,840 --a------ C:\WINDOWS\system32\nmyyyhsu.dll
2007-12-24 23:41 . 2007-12-24 23:41 75,840 --a------ C:\WINDOWS\system32\flilnrhx.dll
2007-12-24 14:58 . 2007-12-24 14:58 128 --a------ C:\Documents and Settings\Per-Christian\services.exe
2007-12-24 13:33 . 2007-12-24 13:33 75,840 --a------ C:\WINDOWS\system32\kilaoeao.dll
2007-12-24 13:30 . 2007-12-24 13:32 992,656 ---hs---- C:\WINDOWS\system32\iqjwiolv.ini
2007-12-24 13:30 . 2007-12-24 13:30 87,104 --a------ C:\WINDOWS\system32\vloiwjqi.dll
2007-12-24 13:27 . 2007-12-24 13:27 75,840 --a------ C:\WINDOWS\system32\gddkpcpw.dll
2007-12-24 11:53 . 2007-12-24 12:11 988,631 ---hs---- C:\WINDOWS\system32\ursbbham.ini
2007-12-24 11:20 . 2007-12-24 11:48 988,511 ---hs---- C:\WINDOWS\system32\famdqleq.ini
2007-12-24 02:18 . 2007-12-24 02:19 990,810 ---hs---- C:\WINDOWS\system32\wndklwhn.ini
2007-12-24 02:18 . 2007-12-24 02:18 87,104 --a------ C:\WINDOWS\system32\nhwlkdnw.dll
2007-12-24 02:01 . 2007-12-24 02:01 78,912 --a------ C:\WINDOWS\system32\jvifbakv.dll
2007-12-24 01:05 . 2007-12-24 02:19 990,750 ---hs---- C:\WINDOWS\system32\qnmfpbqt.ini
2007-12-24 01:05 . 2007-12-24 01:05 78,912 --a------ C:\WINDOWS\system32\lgelbahg.dll
2007-12-23 23:48 . 2007-12-24 00:59 990,690 ---hs---- C:\WINDOWS\system32\gyaiipea.ini
2007-12-23 19:48 . 2007-12-23 19:49 990,690 ---hs---- C:\WINDOWS\system32\kswwvofr.ini
2007-12-23 19:48 . 2007-12-23 19:48 87,104 --a------ C:\WINDOWS\system32\rfovwwsk.dll
2007-12-23 19:46 . 2007-12-23 19:46 78,912 --a------ C:\WINDOWS\system32\ednqtgga.dll
2007-12-23 19:39 . 2007-12-23 19:39 78,912 --a------ C:\WINDOWS\system32\lsddkhik.dll
2007-12-23 18:44 . 2007-12-23 18:45 78,912 --a------ C:\WINDOWS\system32\etvgncge.dll
2007-12-23 18:42 . 2007-12-23 18:42 990,630 ---hs---- C:\WINDOWS\system32\icjndasf.ini
2007-12-23 18:42 . 2007-12-23 18:42 87,104 --------- C:\WINDOWS\system32\fsadnjci.dll
2007-12-23 17:58 . 2007-12-23 17:58 534 ---hs---- C:\WINDOWS\system32\xicicemo.ini
2007-12-23 17:29 . 2007-12-23 17:53 474 ---hs---- C:\WINDOWS\system32\qyovepua.ini
2007-12-23 16:30 . 2007-12-23 17:24 354 ---hs---- C:\WINDOWS\system32\dtksocsh.ini
2007-12-23 14:51 . 2007-12-23 14:51 87,104 --a------ C:\WINDOWS\system32\icnjypoq.dll
2007-12-23 14:51 . 2007-12-23 14:51 78,400 --a------ C:\WINDOWS\system32\cpxhuthl.dll
2007-12-23 14:51 . 2007-12-23 14:51 294 ---hs---- C:\WINDOWS\system32\qopyjnci.ini
2007-12-23 13:50 . 2007-12-23 13:50 534 ---hs---- C:\WINDOWS\system32\bmqghukg.ini
2007-12-23 12:47 . 2007-12-23 12:47 474 ---hs---- C:\WINDOWS\system32\sjidvmks.ini
2007-12-23 09:56 . 2007-12-23 12:39 414 ---hs---- C:\WINDOWS\system32\ixnvusur.ini
2007-12-22 20:57 . 2007-12-22 20:57 87,104 --a------ C:\WINDOWS\system32\qrodapiy.dll
2007-12-22 20:57 . 2007-12-22 20:57 78,400 --a------ C:\WINDOWS\system32\ybbcrity.dll
2007-12-22 20:57 . 2007-12-22 20:57 414 ---hs---- C:\WINDOWS\system32\yipadorq.ini
2007-12-22 20:54 . 2007-12-22 20:54 354 ---hs---- C:\WINDOWS\system32\tubrdqel.ini
2007-12-22 20:53 . 2007-12-22 20:53 78,400 --a------ C:\WINDOWS\system32\wklduoog.dll
2007-12-22 20:53 . 2007-12-22 20:53 294 ---hs---- C:\WINDOWS\system32\jnmkmuwp.ini
2007-12-22 19:37 . 2007-12-22 19:37 990,630 ---hs---- C:\WINDOWS\system32\hvntktty.ini
2007-12-22 19:36 . 2007-12-22 19:36 87,104 --a------ C:\WINDOWS\system32\yttktnvh.dll
2007-12-22 19:36 . 2007-12-22 19:36 78,400 --a------ C:\WINDOWS\system32\yqaxtljr.dll
2007-12-22 17:28 . 2007-12-22 17:28 414 ---hs---- C:\WINDOWS\system32\bhkiyurd.ini
2007-12-22 16:17 . 2007-12-22 17:19 354 ---hs---- C:\WINDOWS\system32\xhmdnvtc.ini
2007-12-22 14:32 . 2007-12-22 14:34 991,602 ---hs---- C:\WINDOWS\system32\kkkpfngx.ini
2007-12-22 13:35 . 2007-12-22 13:36 991,542 ---hs---- C:\WINDOWS\system32\kroiqtrw.ini
2007-12-22 13:04 . 2007-12-22 13:05 991,902 ---hs---- C:\WINDOWS\system32\ipbypbjc.ini
2007-12-22 12:35 . 2007-12-22 12:59 991,842 ---hs---- C:\WINDOWS\system32\iyolxmef.ini
2007-12-21 23:27 . 2007-12-22 12:36 991,722 ---hs---- C:\WINDOWS\system32\ayeociiv.ini
2007-12-21 22:31 . 2007-12-21 23:24 991,602 ---hs---- C:\WINDOWS\system32\psxlribv.ini
2007-12-21 21:54 . 2007-12-21 21:54 0 --a------ C:\WINDOWS\PowerReg.dat
2007-12-21 17:43 . 2007-12-21 18:09 990,494 ---hs---- C:\WINDOWS\system32\ayouujaw.ini
2007-12-21 15:46 . 2007-12-21 17:34 987,601 ---hs---- C:\WINDOWS\system32\rgbnxxru.ini
2007-12-21 15:44 . 2007-12-21 15:44 987,454 ---hs---- C:\WINDOWS\system32\eqexrrwd.ini
2007-12-21 14:09 . 2007-12-21 14:09 987,754 ---hs---- C:\WINDOWS\system32\gctrmxnk.ini
2007-12-21 10:10 . 2007-12-21 14:03 987,694 ---hs---- C:\WINDOWS\system32\sooyubjm.ini
2007-12-21 00:03 . 2007-12-21 10:04 987,574 ---hs---- C:\WINDOWS\system32\nhgarajg.ini
2007-12-20 23:57 . 2007-12-30 14:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-20 23:57 . 2007-12-30 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 23:48 . 2007-12-20 22:53 987,574 --ahs---- C:\WINDOWS\system32\qjslqgma.ini
2007-12-20 22:53 . 2007-12-20 22:53 987,574 ---hs---- C:\WINDOWS\system32\yavteagn.ini
2007-12-20 21:15 . 2007-12-20 22:45 987,514 ---hs---- C:\WINDOWS\system32\bevytorv.ini
2007-12-20 20:13 . 2007-12-20 20:13 128 --a------ C:\Documents and Settings\Caroline\services.exe
2007-12-20 17:55 . 2007-12-20 17:55 987,454 ---hs---- C:\WINDOWS\system32\tjwoiyab.ini
2007-12-20 16:55 . 2007-12-20 16:56 987,694 ---hs---- C:\WINDOWS\system32\njwhxunv.ini
2007-12-20 15:11 . 2007-12-20 16:47 987,634 ---hs---- C:\WINDOWS\system32\lhxdcddt.ini
2007-12-20 15:05 . 2007-12-20 15:06 165,472 --a------ C:\WINDOWS\system32\yuitlhuo.dll
2007-12-19 23:32 . 2007-12-20 15:03 992,929 ---hs---- C:\WINDOWS\system32\jtpvnjpr.ini
2007-12-19 15:48 . 2007-12-19 16:33 988,656 ---hs---- C:\WINDOWS\system32\fwcoamlv.ini
2007-12-18 22:06 . 2007-12-19 15:39 986,034 ---hs---- C:\WINDOWS\system32\lmosuunj.ini
2007-12-18 21:34 . 2007-12-18 21:34 985,974 ---hs---- C:\WINDOWS\system32\ridybrfg.ini
2007-12-18 19:41 . 2007-12-18 19:41 986,094 ---hs---- C:\WINDOWS\system32\ndngpclg.ini
2007-12-18 17:41 . 2007-12-18 19:32 984,600 ---hs---- C:\WINDOWS\system32\cxnfixuf.ini
2007-12-18 16:10 . 2007-12-18 16:11 981,628 ---hs---- C:\WINDOWS\system32\dstcfaka.ini
2007-12-17 23:36 . 2007-12-18 16:07 971,069 ---hs---- C:\WINDOWS\system32\gmgrxulu.ini
2007-12-17 22:40 . 2007-12-17 22:40 970,949 ---hs---- C:\WINDOWS\system32\lkboinxr.ini
2007-12-17 21:57 . 2007-12-17 21:57 971,429 ---hs---- C:\WINDOWS\system32\lemyybji.ini
2007-12-17 21:32 . 2007-12-17 21:51 971,369 ---hs---- C:\WINDOWS\system32\xprcmcem.ini
2007-12-17 20:32 . 2007-12-17 20:32 971,249 ---hs---- C:\WINDOWS\system32\jrubsjmo.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 14:25 --------- d-----w C:\Programfiler\Fellesfiler\Adobe
2007-12-26 19:29 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\LimeWire
2007-12-26 12:23 --------- d-----w C:\Programfiler\BitLord
2007-12-24 00:16 --------- d-----w C:\Programfiler\LimeWire
2007-12-21 20:48 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\Azureus
2007-12-18 19:35 --------- d-----w C:\Programfiler\Azureus
2007-12-16 13:18 --------- d-----w C:\Programfiler\NCH Swift Sound
2007-12-13 12:38 --------- d-----w C:\Documents and Settings\Caroline\Programdata\AdobeUM
2007-11-24 19:08 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\Image Zone Express
2007-11-13 17:53 --------- d-----w C:\Programfiler\Morpheus
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-21 21:04 3,032,828 ----a-w C:\mc.exe
2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cuckoo Clock"="C:\PROGRA~1\PARALL~1\Cuckoo.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 C:\WINDOWS\SkyTel.exe]
"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 15:58 C:\WINDOWS\RTHDCPL.EXE]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-12-25 22:37]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23]
"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
C:\Documents and Settings\Per-Christian\Start-meny\Programmer\Oppstart\
PowerReg Scheduler V3.exe [2007-12-21 21:54:34]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20]
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Mobilt bredb†nd.lnk - C:\Programfiler\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2007-07-27 11:50:04]
R2 GtFlashSwitch;GtFlashSwitch;C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 14:48]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 05:05]
R3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-04-14 05:05]
R3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-04-14 05:06]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-07-09 10:50]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-07-12 11:38]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 15:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 15:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 15:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-12-30 13:33:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 14:33:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-30 14:34:41 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-28 23:05
.
2007-12-22 11:39:30 --- E O F ---
-
Du er rimelig nedlesset med skrammel så det er ikke rart at PC-en stopper opp noen ganger, nei. Vi skal nok få tatt det, men vil allikevel anbefale deg å ta backup av data du ønsker å ta vare på (bilder, dokumenter etc).
Vi rydder litt til:
Last ned Vundofix, start programmet og klikk "Scan for Vundo"-knappen.
Når programmet er kjørt ferdig, klikker du på knappen "Remove vundo".
Last ned SAS, installer, oppdater og kjør en full (Complete) scan.
Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.
Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster sammen med de andre loggene det spørres om (se under)
Post følgende logger:
Vundofix: Vanligvis å finne på C:\vundofix.txt
SAS-loggen: Preferences->statistics/logs
HJT-loggen
VundoFix V6.7.7
Checking Java version...
Sun Java not detected
Scan started at 14:34:00 29.12.2007
Listing files found while scanning....
C:\windows\system32\cjweoqxf.dll
C:\windows\system32\cjweoqxf.dllbox
Beginning removal...
Attempting to delete C:\windows\system32\cjweoqxf.dll
C:\windows\system32\cjweoqxf.dll Has been deleted!
Attempting to delete C:\windows\system32\cjweoqxf.dllbox
C:\windows\system32\cjweoqxf.dllbox Has been deleted!
Performing Repairs to the registry.
Done!
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/29/2007 at 02:59 PM
Application Version : 3.9.1008
Core Rules Database Version : 3143
Trace Rules Database Version: 1159
Scan type : Complete Scan
Total Scan Time : 00:02:39
Memory items scanned : 636
Memory threats detected : 0
Registry items scanned : 4978
Registry threats detected : 0
File items scanned : 654
File threats detected : 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:39, on 29.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programfiler\Router\Router.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\Telenor\Mobilt bredbånd\Mobilt bredbånd.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\internet explorer\iexplore.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hardware.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B1ABD21F-17A1-6059-D25D-4AE6048E5893} - C:\WINDOWS\system32\gkxnvxn.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C6ABD21B-17A8-635B-D22E-39E6078758E0} - C:\WINDOWS\system32\gkxnvxn.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\CHRIST~1\LOKALE~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Cuckoo Clock] "C:\PROGRA~1\PARALL~1\Cuckoo.exe"
O4 - HKCU\..\Run: [Cmta] "C:\DOCUME~1\PER-CH~1\MINEDO~1\TSKS~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [Jhkzkcke] C:\WINDOWS\?dobe\r?gedit.exe
O4 - HKCU\..\Run: [Router] C:\Programfiler\Router\Router.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Mobilt bredbånd.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168520710563
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifebca - iifebca.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8718 bytes
-
Kjør Combofix og legg ut loggen. Du åpner loggfila og kopierer innholdet. Deretter limer du det inn i din neste post.
Hvilket prog. er det som sier at du har 10000 trojanere?
Norman Antivirus.
Søkte på hardisken, og der var det over 10000 trojanere og filer.
Men mange av filene fins ikke.
ComboFix 07-12-21.4 - Per-Christian 2007-12-28 22:43:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.412 [GMT 1:00]
Running from: C:\Documents and Settings\Per-Christian\Skrivebord\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Programdata\OnlineHelpmate
C:\Documents and Settings\All Users\Programdata\OnlineHelpmate\Abbr
C:\Documents and Settings\All Users\Programdata\OnlineHelpmate\ProdCode
C:\Documents and Settings\Caroline\Programdata\OnlineHelpmate
C:\Documents and Settings\Caroline\Programdata\OnlineHelpmate\Logs\update.log
C:\Documents and Settings\Caroline\Programdata\storageprotector
C:\Documents and Settings\Caroline\Programdata\storageprotector\Logs\update.log
C:\Documents and Settings\Per-Christian\Mine dokumenter\TSKS~1
C:\Documents and Settings\Per-Christian\Mine dokumenter\TSKS~1\chkntfs.exe
C:\Documents and Settings\Per-Christian\Mine dokumenter\TSKS~1\T?sks\
C:\Documents and Settings\Per-Christian\Programdata\OnlineHelpmate
C:\Documents and Settings\Per-Christian\Programdata\OnlineHelpmate\Logs\update.log
C:\Documents and Settings\Per-Christian\Start-meny\Programmer\Outerinfo
C:\Documents and Settings\Per-Christian\Start-meny\Programmer\Outerinfo\Terms.lnk
C:\Documents and Settings\Per-Christian\Start-meny\Programmer\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Rolf Håvard\Programdata\storageprotector
C:\Documents and Settings\Rolf Håvard\Programdata\storageprotector\Logs\update.log
C:\Programfiler\Fellesfiler\OnlineHelpmate
C:\Programfiler\Fellesfiler\StorageProtector
C:\Programfiler\Fellesfiler\StorageProtector\strpmon.exe
C:\Programfiler\Fellesfiler\Yazzle1560OinAdmin.exe
C:\Programfiler\Fellesfiler\Yazzle1560OinUninstaller.exe
C:\Programfiler\FunWebProducts
C:\Programfiler\inetget2
C:\Programfiler\Insider
C:\Programfiler\Insider\Insider.exe
C:\Programfiler\Insider\UnInstall.exe
C:\Programfiler\MyWebSearch
C:\Programfiler\outerinfo
C:\Programfiler\outerinfo\FF\chrome.manifest
C:\Programfiler\outerinfo\FF\components\OuterinfoAds.xpt
C:\Programfiler\outerinfo\FF\install.rdf
C:\Programfiler\outerinfo\Terms.rtf
C:\Programfiler\StorageProtector
C:\Programfiler\StorageProtector\sr.log
C:\Programfiler\Temporary
C:\Programfiler\WinAble
C:\Programfiler\WinAble\winable.exe.lzma
C:\WINDOWS\b122.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~1\r?gedit.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\aiyxgiqs.dll
C:\WINDOWS\system32\bevsrsfr.dll
C:\WINDOWS\system32\blfaxxbv.ini
C:\WINDOWS\system32\bvssjutg.ini
C:\WINDOWS\system32\cbmexnqe.dll
C:\WINDOWS\system32\cjweoqxf.dllbox
C:\WINDOWS\system32\cnubqxsh.dll
C:\WINDOWS\system32\dximpjtw.dll
C:\WINDOWS\system32\fefkcrrf.ini
C:\WINDOWS\system32\fhtltrff.dll
C:\WINDOWS\system32\fjjnftvt.dll
C:\WINDOWS\system32\frrckfef.dll
C:\WINDOWS\system32\gosrnaii.dll
C:\WINDOWS\system32\gtujssvb.dll
C:\WINDOWS\system32\hajyxwlc.dll
C:\WINDOWS\system32\hqamfuea.dll
C:\WINDOWS\system32\hsxqbunc.ini
C:\WINDOWS\system32\httyifsm.dll
C:\WINDOWS\system32\icjjkgpm.ini
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.bak2
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.ini2
C:\WINDOWS\system32\jlkkj.tmp
C:\WINDOWS\system32\kbeycmvn.dll
C:\WINDOWS\system32\mpgkjjci.dll
C:\WINDOWS\system32\mpryuorp.dll
C:\WINDOWS\system32\msfiytth.ini
C:\WINDOWS\system32\okospwfk.dll
C:\WINDOWS\system32\qitlnjqr.dll
C:\WINDOWS\system32\rdcfseao.dll
C:\WINDOWS\system32\sqigxyia.ini
C:\WINDOWS\system32\vbxxaflb.dll
C:\WINDOWS\system32\voccwohg.dll
C:\WINDOWS\system32\wtjpmixd.ini
C:\WINDOWS\Fonts\'
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.
2007-12-28 23:01 . 2007-12-28 23:03 134 ---hs---- C:\WINDOWS\system32\cjweoqxf.dllbox
2007-12-28 22:38 . 2007-12-28 22:38 14,033 --a------ C:\pos3D0E.tmp
2007-12-28 22:37 . 2007-12-28 22:37 14,033 --a------ C:\pos3C90.tmp
2007-12-28 22:36 . 2007-12-28 22:37 14,033 --a------ C:\pos3B48.tmp
2007-12-28 22:13 . 2007-12-28 22:13 14,033 --a------ C:\pos3B0F.tmp
2007-12-28 22:12 . 2007-12-28 22:12 14,033 --a------ C:\pos3AA9.tmp
2007-12-28 22:11 . 2007-12-28 22:11 14,033 --a------ C:\pos3985.tmp
2007-12-28 21:28 . 2007-12-28 21:29 14,033 --a------ C:\pos36CB.tmp
2007-12-28 21:27 . 2007-12-28 21:28 14,033 --a------ C:\pos3594.tmp
2007-12-28 20:43 . 2007-12-28 20:43 14,033 --a------ C:\pos3535.tmp
2007-12-28 20:42 . 2007-12-28 20:43 5,033 --a------ C:\pos327A.tmp
2007-12-28 17:46 . 2007-12-28 17:47 14,033 --a------ C:\pos376A.tmp
2007-12-28 16:44 . 2007-12-28 16:44 15 --a------ C:\WINDOWS\system32\8c303c19
2007-12-28 15:52 . 2007-12-28 15:53 14,033 --a------ C:\pos3324.tmp
2007-12-28 10:07 . 2007-12-28 10:07 14,033 --a------ C:\pos3139.tmp
2007-12-28 10:06 . 2007-12-28 10:06 14,033 --a------ C:\pos30AA.tmp
2007-12-28 10:05 . 2007-12-28 10:06 14,033 --a------ C:\pos2F78.tmp
2007-12-28 00:30 . 2007-12-28 22:31 7,168 --a------ C:\WINDOWS\system32\windows
2007-12-27 22:56 . 2007-12-27 22:56 14,033 --a------ C:\pos2D50.tmp
2007-12-27 22:55 . 2007-12-27 22:55 14,033 --a------ C:\pos2CAA.tmp
2007-12-27 22:54 . 2007-12-27 22:55 11,033 --a------ C:\pos2B7B.tmp
2007-12-27 22:54 . 2007-12-27 22:55 10,033 --a------ C:\pos2B80.tmp
2007-12-27 22:54 . 2007-12-27 22:55 10,033 --a------ C:\pos2B7D.tmp
2007-12-27 22:54 . 2007-12-27 22:55 8,033 --a------ C:\pos2B7E.tmp
2007-12-27 22:54 . 2007-12-27 22:55 8,033 --a------ C:\pos2B7A.tmp
2007-12-27 22:54 . 2007-12-27 22:54 8,033 --a------ C:\pos2B78.tmp
2007-12-27 22:54 . 2007-12-27 22:55 7,033 --a------ C:\pos2B81.tmp
2007-12-27 22:54 . 2007-12-27 22:55 7,033 --a------ C:\pos2B79.tmp
2007-12-27 22:54 . 2007-12-27 22:55 5,033 --a------ C:\pos2B7F.tmp
2007-12-27 22:54 . 2007-12-27 22:55 5,033 --a------ C:\pos2B7C.tmp
2007-12-27 21:42 . 2007-12-27 21:42 14,033 --a------ C:\pos2983.tmp
2007-12-27 21:15 . 2007-12-27 21:15 14,033 --a------ C:\pos277F.tmp
2007-12-27 21:14 . 2007-12-27 21:14 14,033 --a------ C:\pos2744.tmp
2007-12-27 21:13 . 2007-12-27 21:13 14,033 --a------ C:\pos25D4.tmp
2007-12-27 20:51 . 2007-12-27 20:51 14,033 --a------ C:\pos2591.tmp
2007-12-27 20:50 . 2007-12-27 20:50 14,033 --a------ C:\pos2451.tmp
2007-12-27 20:26 . 2007-12-27 20:26 14,033 --a------ C:\pos2399.tmp
2007-12-27 20:25 . 2007-12-27 20:25 14,033 --a------ C:\pos2293.tmp
2007-12-27 20:07 . 2007-12-27 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet
2007-12-27 20:01 . 2007-12-27 20:01 <DIR> d-------- C:\Programfiler\Bonjour
2007-12-27 19:40 . 2007-12-27 19:40 14,033 --a------ C:\pos21B2.tmp
2007-12-27 19:39 . 2007-12-27 19:40 14,033 --a------ C:\pos219E.tmp
2007-12-27 19:28 . 2007-12-27 19:28 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared
2007-12-27 17:44 . 2007-12-27 17:44 14,033 --a------ C:\pos1FAA.tmp
2007-12-27 17:43 . 2007-12-27 17:43 14,033 --a------ C:\pos1F1E.tmp
2007-12-27 17:42 . 2007-12-27 17:42 14,033 --a------ C:\pos1DE5.tmp
2007-12-27 17:11 . 2007-12-27 17:11 14,033 --a------ C:\pos1DCE.tmp
2007-12-27 17:10 . 2007-12-27 17:11 14,033 --a------ C:\pos1D7F.tmp
2007-12-27 17:09 . 2007-12-27 17:09 14,033 --a------ C:\pos1C08.tmp
2007-12-27 16:34 . 2007-12-27 16:34 14,033 --a------ C:\pos1BC4.tmp
2007-12-27 16:33 . 2007-12-27 16:33 14,033 --a------ C:\pos1AA9.tmp
2007-12-27 16:32 . 2007-12-27 16:32 14,033 --a------ C:\pos1A48.tmp
2007-12-27 14:52 . 2007-12-27 14:52 14,033 --a------ C:\pos19E1.tmp
2007-12-27 14:51 . 2007-12-27 14:51 14,033 --a------ C:\pos1834.tmp
2007-12-27 14:28 . 2007-12-27 14:28 14,033 --a------ C:\pos17EB.tmp
2007-12-27 13:00 . 2007-12-27 13:00 14,033 --a------ C:\pos15EF.tmp
2007-12-27 12:13 . 2007-12-27 12:13 14,033 --a------ C:\pos1404.tmp
2007-12-27 12:12 . 2007-12-27 12:13 14,033 --a------ C:\pos12C0.tmp
2007-12-26 21:59 . 2007-12-26 21:59 14,033 --a------ C:\posFE4.tmp
2007-12-26 21:58 . 2007-12-26 21:58 14,033 --a------ C:\posFCD.tmp
2007-12-26 21:57 . 2007-12-26 21:57 14,033 --a------ C:\posE9C.tmp
2007-12-26 18:31 . 2007-12-26 18:31 14,033 --a------ C:\pos1248.tmp
2007-12-26 18:30 . 2007-12-26 18:30 14,033 --a------ C:\pos1185.tmp
2007-12-26 18:29 . 2007-12-26 18:30 14,033 --a------ C:\pos1068.tmp
2007-12-26 17:31 . 2007-12-26 17:31 14,033 --a------ C:\posE2A.tmp
2007-12-26 17:30 . 2007-12-26 17:30 14,033 --a------ C:\posD96.tmp
2007-12-26 16:12 . 2007-12-26 16:12 14,033 --a------ C:\posC39.tmp
2007-12-26 16:11 . 2007-12-26 16:11 14,033 --a------ C:\posBFC.tmp
2007-12-26 16:10 . 2007-12-26 16:10 14,033 --a------ C:\posAA5.tmp
2007-12-26 15:21 . 2007-12-26 15:21 14,033 --a------ C:\posA3F.tmp
2007-12-26 15:20 . 2007-12-26 15:20 14,033 --a------ C:\pos7D6.tmp
2007-12-26 14:40 . 2007-12-26 15:22 1,025,128 ---hs---- C:\WINDOWS\system32\cehfcbex.ini
2007-12-26 14:33 . 2007-12-26 14:34 14,033 --a------ C:\pos42C.tmp
2007-12-26 13:08 . 2007-12-26 13:08 14,033 --a------ C:\pos9C5.tmp
2007-12-26 12:59 . 2007-12-26 12:59 77,376 --a------ C:\WINDOWS\system32\jshipilw.dll
2007-12-26 12:56 . 2007-12-26 12:56 1,021,026 ---hs---- C:\WINDOWS\system32\cfsifetv.ini
2007-12-26 12:56 . 2007-12-26 12:56 87,104 --a------ C:\WINDOWS\system32\vtefisfc.dll
2007-12-26 12:26 . 2007-12-26 12:26 78,400 --a------ C:\WINDOWS\system32\kqvxcfgr.dll
2007-12-26 12:17 . 2007-12-26 12:17 14,033 --a------ C:\pos2BD.tmp
2007-12-25 23:34 . 2007-12-25 23:34 14,033 --a------ C:\pos1F8.tmp
2007-12-25 23:33 . 2007-12-25 23:33 14,033 --a------ C:\posF6.tmp
2007-12-25 23:32 . 2007-12-25 23:32 14,033 --a------ C:\posB.tmp
2007-12-25 18:26 . 2007-12-25 23:33 1,018,622 ---hs---- C:\WINDOWS\system32\kosswpjo.ini
2007-12-25 17:49 . 2007-12-25 17:49 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\Printer Info Cache
2007-12-25 17:31 . 2007-12-25 18:00 <DIR> d-------- C:\Documents and Settings\Per-Christian\Programdata\U3
2007-12-25 17:13 . 2007-12-25 17:13 14,033 --a------ C:\pos57EA.tmp
2007-12-25 17:12 . 2007-12-25 17:13 14,033 --a------ C:\pos56B4.tmp
2007-12-25 16:50 . 2007-12-25 16:50 14,033 --a------ C:\pos538C.tmp
2007-12-25 16:49 . 2007-12-25 16:49 14,033 --a------ C:\pos531E.tmp
2007-12-25 12:45 . 2007-12-25 16:49 1,012,586 ---hs---- C:\WINDOWS\system32\oolqfomd.ini
2007-12-25 12:41 . 2007-12-25 13:03 14,033 --a------ C:\pos511E.tmp
2007-12-25 11:13 . 2007-12-25 11:13 1,010,086 ---hs---- C:\WINDOWS\system32\nvjiqgym.ini
2007-12-25 11:13 . 2007-12-25 11:13 87,104 --a------ C:\WINDOWS\system32\mygqijvn.dll
2007-12-25 11:09 . 2007-12-25 11:09 78,400 --a------ C:\WINDOWS\system32\oxtmfjhl.dll
2007-12-25 01:25 . 2007-12-25 11:07 1,010,026 ---hs---- C:\WINDOWS\system32\ooamdwct.ini
2007-12-25 01:22 . 2007-12-25 01:22 75,840 --a------ C:\WINDOWS\system32\wjuopcyl.dll
2007-12-25 01:22 . 2007-12-25 01:22 13,033 --a------ C:\pos501B.tmp
2007-12-25 01:22 . 2007-12-25 01:22 12,033 --a------ C:\pos500B.tmp
2007-12-25 01:22 . 2007-12-25 01:22 11,033 --a------ C:\pos500A.tmp
2007-12-25 01:22 . 2007-12-25 01:22 10,033 --a------ C:\pos500F.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 19:01 --------- d-----w C:\Programfiler\Fellesfiler\Adobe
2007-12-16 13:18 --------- d-----w C:\Programfiler\NCH Swift Sound
2007-12-13 12:38 --------- d-----w C:\Documents and Settings\Caroline\Programdata\AdobeUM
2007-11-24 19:08 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\Image Zone Express
2007-11-16 14:44 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\Nokia
2007-11-13 17:53 --------- d-----w C:\Programfiler\Morpheus
2007-11-13 17:04 --------- d-----w C:\Documents and Settings\Caroline\Programdata\Nokia Multimedia Player
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 17:23 --------- d-----w C:\Documents and Settings\Caroline\Programdata\PC Suite
2007-11-11 14:52 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\Nokia Multimedia Player
2007-11-11 14:51 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\DataLayer
2007-11-11 14:49 --------- d-----w C:\Documents and Settings\Per-Christian\Programdata\PC Suite
2007-10-21 21:04 3,032,828 ----a-w C:\mc.exe
2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-12-20 15:06 165472 --a------ C:\WINDOWS\system32\cjweoqxf.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1ABD21F-17A1-6059-D25D-4AE6048E5893}]
C:\WINDOWS\system32\gkxnvxn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6ABD21B-17A8-635B-D22E-39E6078758E0}]
C:\WINDOWS\system32\gkxnvxn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cuckoo Clock"="C:\PROGRA~1\PARALL~1\Cuckoo.exe" []
"Cmta"="C:\DOCUME~1\PER-CH~1\MINEDO~1\TSKS~1\chkntfs.exe" []
"Jhkzkcke"="C:\WINDOWS\?dobe\r?gedit.exe" []
"Router"="C:\Programfiler\Router\Router.exe" [2007-12-24 11:30]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 C:\WINDOWS\SkyTel.exe]
"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 15:58 C:\WINDOWS\RTHDCPL.EXE]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-12-25 22:37]
"UIUCU"="C:\DOCUME~1\CHRIST~1\LOKALE~1\Temp\UIUCU.exe" []
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23]
"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
C:\Documents and Settings\Per-Christian\Start-meny\Programmer\Oppstart\
PowerReg Scheduler V3.exe [2007-12-21 21:54:34]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 06:56:20]
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Mobilt bredb†nd.lnk - C:\Programfiler\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2007-07-27 11:50:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cjweoqxf]
cjweoqxf.dll 2007-12-20 15:06 165472 C:\WINDOWS\system32\cjweoqxf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifebca]
iifebca.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkklj.dll
R2 GtFlashSwitch;GtFlashSwitch;C:\Programfiler\Fellesfiler\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 14:48]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 05:05]
R3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-04-14 05:05]
R3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-04-14 05:06]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-07-09 10:50]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-07-12 11:38]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows [2007-12-28 22:31]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 15:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 15:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 15:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 21:36:25 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 23:02:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\cjweoqxf.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\cjweoqxf.dll
.
Completion time: 2007-12-28 23:05:22 - machine was rebooted [Per-Christian]
.
2007-12-22 11:39:30 --- E O F ---
-
Hent Combofix, og legg det på skrivebordet
Kjør combofix.exe, og følg veiledningen.
Du må ikke klikke på vinduet mens programmet kjører.
Post loggfilen fra combofix (c:\combofix.txt). Den kan si noe mer ...
Åssen poster jeg den?
-
Har flere spm.:
1. Hva er en trojaner?
2. Er det normalt å ha over 10000 trojaner filer?
3. Det står at de ligger i WINDOWS/ Fonts/, men der er det bare fonts. De heter alt mulig.
4. Prosessoren er på 100%
5. Klarer ikke slette flere av trojanerne. Hvordan sletter jeg de?
-
Noen ganger når jeg sitter på datan, så bare stopper den helt opp. Da må jeg slå den av, og så slår jeg den opp igjen.
Har søkt etter virus men finner bare trojanere, og den blir satt i karantene.
Har jeg virus???
LCD til 1,5-2k
i Skjermer
Skrevet
Et kjempebra valg er LG FLATRON L194WS. 19" og 5000:1 i kontrast.
Oppløsningen er 1440x900.
Widescreen.
Sjekk den her:
https://prisguiden.no/product.php?productId=84161
Deilig Skjerm!