Kan noen sjekke HJT/CF/MBAM-logger?

rankine · 6. september 2008

Prøver å rense en pc for virus. Tror den er/var infisert rimelig ille. :blush: Er ikke jeg som sitter på den til vanlig så jeg vet ærlig talt ikke hvordan alt har havnet der.

HJT-logg:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:49, on 2008-09-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Marius Thoresen\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)

O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [sunkist2k] C:\Programfiler\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

O4 - HKLM\..\RunServices: [DirectX Driver] stdhost.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] F:\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: OpenOffice.org 1.1.3.lnk = C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: OpenOffice.org 1.1.3.lnk = C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe (User 'Default user')

O4 - .DEFAULT User Startup: OpenOffice.org 1.1.3.lnk = C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: DirectEdit - https://www.itslearning.com/file/DirectEdit.CAB

O16 - DPF: RaptisoftGameLoader -

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {00C1329F-D6C9-46A2-8C3F-23F50977F0A5} (SMUpdateAX Class) - http://www.liquidlab.se/smupdate/stallet/SetupInf.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -

O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} -

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apache2 - Apache Software Foundation - C:\Documents and Settings\Marius Thoresen\Mine dokumenter\Mine mottatte filer\xampp\apache\bin\apache.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe

O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Documents and Settings\Marius Thoresen\Mine dokumenter\Mine mottatte filer\xampp\filezillaftp\filezillaserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 9592 bytes

Combofix-logg:

ComboFix 08-09-05.02 - Marius2008-09-06 12:06:33.1 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1772 [GMT 2:00]

Running from: C:\Documents and Settings\Marius\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Programdata\Secure Solutions

C:\Documents and Settings\All Users\Programdata\Secure Solutions\Antispyware 2008 XP\as2008xp.exe

C:\Documents and Settings\All Users\Programdata\Secure Solutions\Antispyware 2008 XP\LOG\20080810154847625.log

C:\Documents and Settings\Beate\Favoritter\Error Cleaner.url

C:\Documents and Settings\Beate\Favoritter\Privacy Protector.url

C:\Documents and Settings\Beate\Favoritter\Spyware&Malware Protection.url

C:\Documents and Settings\Konrad T\Favoritter\Error Cleaner.url

C:\Documents and Settings\Konrad T\Favoritter\Privacy Protector.url

C:\Documents and Settings\Konrad T\Favoritter\Spyware&Malware Protection.url

C:\Documents and Settings\Steinar\Favoritter\Error Cleaner.url

C:\Documents and Settings\Steinar\Favoritter\Privacy Protector.url

C:\Documents and Settings\Steinar\Favoritter\Spyware&Malware Protection.url

C:\Documents and Settings\Vilde\Favoritter\Error Cleaner.url

C:\Documents and Settings\Vilde\Favoritter\Privacy Protector.url

C:\Documents and Settings\Vilde\Favoritter\Spyware&Malware Protection.url

C:\Programfiler\Adssite Games Collection

C:\Programfiler\Adssite Games Collection\BattlesOfHelicopters.exe

C:\Programfiler\Adssite Games Collection\BobAndBill.exe

C:\Programfiler\Adssite Games Collection\CrazyBlocks.exe

C:\Programfiler\Adssite Games Collection\Lines.exe

C:\Programfiler\Adssite Games Collection\uninstall.exe

C:\Programfiler\Adssite Games Collection\VideoPool.exe

C:\Programfiler\Mozilla Firefox\components\nsBrowserOpt.dll

C:\WINDOWS\BM2f69b0ec.txt

C:\WINDOWS\BM2f69b0ec.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\adssite-remove.exe

C:\WINDOWS\system32\adwmsqpp.dll

C:\WINDOWS\system32\afdkigvt.dll

C:\WINDOWS\system32\afnkuwrq.dll

C:\WINDOWS\system32\AHklRXyb.ini

C:\WINDOWS\system32\AHklRXyb.ini2

C:\WINDOWS\system32\akiekvkn.dll

C:\WINDOWS\system32\anivtpip.dll

C:\WINDOWS\system32\AutoRun.inf

C:\WINDOWS\system32\avsmvmlx.dll

C:\WINDOWS\system32\axapkpyb.dll

C:\WINDOWS\system32\bbvopnlb.dll

C:\WINDOWS\system32\BJRYJkkj.ini

C:\WINDOWS\system32\BJRYJkkj.ini2

C:\WINDOWS\system32\bkvxrwqw.dll

C:\WINDOWS\system32\bkxthgqc.dll

C:\WINDOWS\system32\bpiylffd.dll

C:\WINDOWS\system32\bqtgzo.dll

C:\WINDOWS\system32\bvetdhur.dll

C:\WINDOWS\system32\bwedtbxv.dll

C:\WINDOWS\system32\bzedty.dll

C:\WINDOWS\system32\ccdggyoc.dll

C:\WINDOWS\system32\cdxhkftr.exe

C:\WINDOWS\system32\cfggpx.dll

C:\WINDOWS\system32\cgdfmlim.dll

C:\WINDOWS\system32\cgtgched.exe

C:\WINDOWS\system32\cguakn.dll

C:\WINDOWS\system32\ckqujwed.dll

C:\WINDOWS\system32\clfglgmy.exe

C:\WINDOWS\system32\cmmbwh.dll

C:\WINDOWS\system32\cxfcvoaj.dll

C:\WINDOWS\system32\dicdnaow.dll

C:\WINDOWS\system32\dicrpqho.dll

C:\WINDOWS\system32\doqsrwwf.dll

C:\WINDOWS\system32\drimlhoa.exe

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\dwvqxg.dll

C:\WINDOWS\system32\daajnm.dll

C:\WINDOWS\system32\eawkaajl.dll

C:\WINDOWS\system32\edjjggtv.dll

C:\WINDOWS\system32\eenspkhe.exe

C:\WINDOWS\system32\eeucmgpb.dll

C:\WINDOWS\system32\ehxfoo.dll

C:\WINDOWS\system32\ejqyfehm.exe

C:\WINDOWS\system32\elltbjqr.dll

C:\WINDOWS\system32\eogvgrwy.dll

C:\WINDOWS\system32\eqfusemx.dll

C:\WINDOWS\system32\fgnkqrci.dll

C:\WINDOWS\system32\fkcoquvi.dll

C:\WINDOWS\system32\flhpbrbf.dll

C:\WINDOWS\system32\ftsyvsoy.dll

C:\WINDOWS\system32\fwxqtqtn.exe

C:\WINDOWS\system32\fxfrcawg.dll

C:\WINDOWS\system32\gbhakcpf.dll

C:\WINDOWS\system32\gcbvgkxi.exe

C:\WINDOWS\system32\gdudjurt.dll

C:\WINDOWS\system32\geBtTkiH.dll

C:\WINDOWS\system32\gfukqnqe.dll

C:\WINDOWS\system32\ggndwjon.dll

C:\WINDOWS\system32\gkqgevvy.dll

C:\WINDOWS\system32\glxybbor.dll

C:\WINDOWS\system32\gmbrsgkm.dll

C:\WINDOWS\system32\gmgqig.dll

C:\WINDOWS\system32\goxynyip.exe

C:\WINDOWS\system32\gvyqrxsb.exe

C:\WINDOWS\system32\hgjqsytt.dll

C:\WINDOWS\system32\hhevuc.dll

C:\WINDOWS\system32\hipdytnp.dll

C:\WINDOWS\system32\hkjrhndb.dll

C:\WINDOWS\system32\hkwwtlen.exe

C:\WINDOWS\system32\hslvaubv.dll

C:\WINDOWS\system32\iakrujyf.dll

C:\WINDOWS\system32\iardqxis.exe

C:\WINDOWS\system32\icqqsbbt.dll

C:\WINDOWS\system32\itrrbgfy.dll

C:\WINDOWS\system32\jagxqjpn.dll

C:\WINDOWS\system32\jaovcfxc.ini

C:\WINDOWS\system32\jblgmhwv.dll

C:\WINDOWS\system32\jbpbxwsc.dll

C:\WINDOWS\system32\jcbrpfyh.dll

C:\WINDOWS\system32\jdelqnkb.dll

C:\WINDOWS\system32\jicmlk.dll

C:\WINDOWS\system32\jjtmps.dll

C:\WINDOWS\system32\jlmtytyn.dll

C:\WINDOWS\system32\jmmzhf.dll

C:\WINDOWS\system32\jnvoavxo.dll

C:\WINDOWS\system32\jnvpsnqv.dll

C:\WINDOWS\system32\jqnytnmb.dll

C:\WINDOWS\system32\jrcdjwxb.dll

C:\WINDOWS\system32\jrqtrinu.dll

C:\WINDOWS\system32\kfmqpcfr.dll

C:\WINDOWS\system32\kioqijfj.exe

C:\WINDOWS\system32\kizyhk.dll

C:\WINDOWS\system32\kjiaaj.dll

C:\WINDOWS\system32\kjnogdrp.dll

C:\WINDOWS\system32\kpmtnooa.dll

C:\WINDOWS\system32\kqkcby.dll

C:\WINDOWS\system32\ktyoshrc.dll

C:\WINDOWS\system32\kvhgccod.dll

C:\WINDOWS\system32\kwlicwgl.dll

C:\WINDOWS\system32\kwmxxffm.dll

C:\WINDOWS\system32\ljvytrmn.exe

C:\WINDOWS\system32\lksqswfy.dll

C:\WINDOWS\system32\lmomykew.dll

C:\WINDOWS\system32\lnfqme.dll

C:\WINDOWS\system32\lqclqebn.dll

C:\WINDOWS\system32\lquoyx.dll

C:\WINDOWS\system32\lrntlxie.exe

C:\WINDOWS\system32\lsrtuhrt.exe

C:\WINDOWS\system32\ltavmayr.ini

C:\WINDOWS\system32\luqonqpe.exe

C:\WINDOWS\system32\luracq.dll

C:\WINDOWS\system32\lviueg.dll

C:\WINDOWS\system32\mbqjufog.exe

C:\WINDOWS\system32\mcdonyuf.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mfwcaoyb.exe

C:\WINDOWS\system32\mppihfta.dll

C:\WINDOWS\system32\mrunownm.dll

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\msvcsv60.dll

C:\WINDOWS\system32\mxlyugee.dll

C:\WINDOWS\system32\mylytist.dll

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

C:\WINDOWS\system32\ncdaao.dll

C:\WINDOWS\system32\ncfoymxb.dll

C:\WINDOWS\system32\nekajujb.dll

C:\WINDOWS\system32\ninjaext.dll

C:\WINDOWS\system32\nnnMecCu.dll

C:\WINDOWS\system32\npilwoyo.dll

C:\WINDOWS\system32\nqvbbcqh.dll

C:\WINDOWS\system32\nrehrj.dll

C:\WINDOWS\system32\ocghoceb.dll

C:\WINDOWS\system32\ouptgaty.dll

C:\WINDOWS\system32\owxknosm.dll

C:\WINDOWS\system32\oxfltkkg.dll

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pcazpa.dll

C:\WINDOWS\system32\pfpewpvb.dll

C:\WINDOWS\system32\plwwxjny.dll

C:\WINDOWS\system32\pqflmpqb.exe

C:\WINDOWS\system32\ptfkmeqw.dll

C:\WINDOWS\system32\pwdxncir.dll

C:\WINDOWS\system32\pwqirm.dll

C:\WINDOWS\system32\pyxopr.dll

C:\WINDOWS\system32\qasjyxoh.dll

C:\WINDOWS\system32\qciuhvmi.dll

C:\WINDOWS\system32\qdbwly.dll

C:\WINDOWS\system32\qkrgtjgw.exe

C:\WINDOWS\system32\qlqlyocs.exe

C:\WINDOWS\system32\qmlfwfue.dll

C:\WINDOWS\system32\qmuodjqs.dll

C:\WINDOWS\system32\qoMdASKa.dll

C:\WINDOWS\system32\qoMdbawW.dll

C:\WINDOWS\system32\qooclqct.dll

C:\WINDOWS\system32\qqksxioh.dll

C:\WINDOWS\system32\qqmhllfg.exe

C:\WINDOWS\system32\qthgstun.dll

C:\WINDOWS\system32\qtprvskm.exe

C:\WINDOWS\system32\qxpauttf.dll

C:\WINDOWS\system32\qxpuhbel.exe

C:\WINDOWS\system32\rfbfnpkl.dll

C:\WINDOWS\system32\rhbstsed.dll

C:\WINDOWS\system32\rightonadz-uninst.exe

C:\WINDOWS\system32\rivtuyra.exe

C:\WINDOWS\system32\rmcayptr.dll

C:\WINDOWS\system32\rpgntgvf.dll

C:\WINDOWS\system32\rpxqdfnt.exe

C:\WINDOWS\system32\rqRJCSIy.dll

C:\WINDOWS\system32\rquuetrs.dll

C:\WINDOWS\system32\rxpeij.dll

C:\WINDOWS\system32\ryamvatl.dll

C:\WINDOWS\system32\sahufjmq.dll

C:\WINDOWS\system32\shhrprbr.dll

C:\WINDOWS\system32\simmef.dll

C:\WINDOWS\system32\sitaowxw.dll

C:\WINDOWS\system32\slrwnfoi.dll

C:\WINDOWS\system32\slsuawoe.exe

C:\WINDOWS\system32\sltjwqtk.exe

C:\WINDOWS\system32\smoscpbu.dll

C:\WINDOWS\system32\sqeyotad.dll

C:\WINDOWS\system32\ssqOgEUM.dll

C:\WINDOWS\system32\ssqPgEwT.dll

C:\WINDOWS\system32\stvcpbfg.dll

C:\WINDOWS\system32\sxnxiseq.dll

C:\WINDOWS\system32\syjmpjww.dll

C:\WINDOWS\system32\syvcjogu.dll

C:\WINDOWS\system32\tbforuik.dll

C:\WINDOWS\system32\tdssadw.dll

C:\WINDOWS\system32\tdssinit.dll

C:\WINDOWS\system32\tdssl.dll

C:\WINDOWS\system32\tdsslog.dll

C:\WINDOWS\system32\tdssmain.dll

C:\WINDOWS\system32\tdssservers.dat

C:\WINDOWS\system32\tdzqth.dll

C:\WINDOWS\system32\tffwmj.dll

C:\WINDOWS\system32\thueqjlx.dll

C:\WINDOWS\system32\tlmswa.dll

C:\WINDOWS\system32\tmqyqnhv.dll

C:\WINDOWS\system32\tplvurcs.dll

C:\WINDOWS\system32\tsblppqd.dll

C:\WINDOWS\system32\uggfepch.exe

C:\WINDOWS\system32\uhiviaxu.dll

C:\WINDOWS\system32\uhnkjcee.dll

C:\WINDOWS\system32\umihnvnc.dll

C:\WINDOWS\system32\upaggkgj.dll

C:\WINDOWS\system32\upaiuyax.dll

C:\WINDOWS\system32\urqOGYpq.dll

C:\WINDOWS\system32\urvtxfaa.exe

C:\WINDOWS\system32\utrhumyn.dll

C:\WINDOWS\system32\uuwdibwf.exe

C:\WINDOWS\system32\uvqngwur.dll

C:\WINDOWS\system32\uywouwow.exe

C:\WINDOWS\system32\vhbvieab.dll

C:\WINDOWS\system32\vjnndm.dll

C:\WINDOWS\system32\vkvvddbx.dll

C:\WINDOWS\system32\vlcsbgao.dll

C:\WINDOWS\system32\vlhhqnld.exe

C:\WINDOWS\system32\voaijpet.dll

C:\WINDOWS\system32\voianijg.dll

C:\WINDOWS\system32\vqpnhxdg.dll

C:\WINDOWS\system32\vrppssgd.dll

C:\WINDOWS\system32\vsbyxd.dll

C:\WINDOWS\system32\vtiwco.dll

C:\WINDOWS\system32\vtknfoyk.dll

C:\WINDOWS\system32\vttvrsjw.dll

C:\WINDOWS\system32\vvdinufu.exe

C:\WINDOWS\system32\wbecvpfs.dll

C:\WINDOWS\system32\wbuvkuos.exe

C:\WINDOWS\system32\wfhscz.dll

C:\WINDOWS\system32\wjblfpvp.exe

C:\WINDOWS\system32\wkgihgfl.dll

C:\WINDOWS\system32\wklpcisr.dll

C:\WINDOWS\system32\wkmxeq.dll

C:\WINDOWS\system32\wpcap.dll

C:\WINDOWS\system32\wrzmgf.dll

C:\WINDOWS\system32\wwlpuybj.dll

C:\WINDOWS\system32\wxwoatis.ini

C:\WINDOWS\system32\xddiuvug.dll

C:\WINDOWS\system32\xfxjbx.dll

C:\WINDOWS\system32\xicogsrf.dll

C:\WINDOWS\system32\xjutrqrb.exe

C:\WINDOWS\system32\xkphsg.dll

C:\WINDOWS\system32\xrbbrxmp.exe

C:\WINDOWS\system32\xriwyrto.exe

C:\WINDOWS\system32\xrmxvglf.dll

C:\WINDOWS\system32\xtfigiup.exe

C:\WINDOWS\system32\xtpsov.dll

C:\WINDOWS\system32\xyexyeja.dll

C:\WINDOWS\system32\ybdmjt.dll

C:\WINDOWS\system32\ybjugipp.exe

C:\WINDOWS\system32\yepoxnal.dll

C:\WINDOWS\system32\yfgbrrti.ini

C:\WINDOWS\system32\yhhulb.dll

C:\WINDOWS\system32\yidrrdqw.dll

C:\WINDOWS\system32\yqwrfhpi.exe

C:\WINDOWS\system32\yrqupxwa.dll

C:\WINDOWS\system32\yrvrlo.dll

C:\WINDOWS\system32\yvunfa.dll

C:\WINDOWS\system32\yzmlxn.dll

C:\WINDOWS\system32\zmlkhv.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))

.

2008-09-06 12:00 . 2008-09-06 12:00 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-09-06 12:00 . 2008-09-06 12:00 <DIR> d-------- C:\Documents and Settings\Marius\Programdata\Malwarebytes

2008-09-06 12:00 . 2008-09-06 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-09-06 12:00 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-06 12:00 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-06 11:42 . 2008-09-06 11:42 <DIR> dr-h----- C:\Documents and Settings\Marius\Siste

2008-09-05 22:31 . 2008-09-05 22:31 774 ---hs---- C:\WINDOWS\system32\euifydst.ini

2008-09-05 21:28 . 2008-09-05 21:28 714 ---hs---- C:\WINDOWS\system32\amssqcqx.ini

2008-09-05 20:25 . 2008-09-05 20:25 654 ---hs---- C:\WINDOWS\system32\rqxnqnyk.ini

2008-09-05 19:25 . 2008-09-05 19:25 594 ---hs---- C:\WINDOWS\system32\dngoflog.ini

2008-09-05 18:22 . 2008-09-05 18:22 534 ---hs---- C:\WINDOWS\system32\vrrprpag.ini

2008-09-05 17:19 . 2008-09-05 17:19 474 ---hs---- C:\WINDOWS\system32\igrmsdxf.ini

2008-09-05 16:13 . 2008-09-05 22:12 414 ---hs---- C:\WINDOWS\system32\fxcahswr.ini

2008-09-05 15:07 . 2008-09-05 15:07 294 ---hs---- C:\WINDOWS\system32\hitrhisl.ini

2008-09-04 22:12 . 2008-09-05 15:01 774 ---hs---- C:\WINDOWS\system32\lfjdqgid.ini

2008-09-04 21:12 . 2008-09-04 21:12 654 ---hs---- C:\WINDOWS\system32\xpkkxkft.ini

2008-09-04 20:03 . 2008-09-04 20:03 594 ---hs---- C:\WINDOWS\system32\xrkcuvla.ini

2008-09-04 19:06 . 2008-09-04 19:06 534 ---hs---- C:\WINDOWS\system32\bfadqsqb.ini

2008-09-04 17:57 . 2008-09-04 17:57 474 ---hs---- C:\WINDOWS\system32\xhxnqtul.ini

2008-09-04 16:51 . 2008-09-04 16:51 414 ---hs---- C:\WINDOWS\system32\nkyqgvnv.ini

2008-09-04 15:54 . 2008-09-04 22:20 354 ---hs---- C:\WINDOWS\system32\lyrbhfpa.ini

2008-09-03 22:19 . 2008-09-04 15:42 714 ---hs---- C:\WINDOWS\system32\waagvomm.ini

2008-09-03 21:10 . 2008-09-03 21:11 594 ---hs---- C:\WINDOWS\system32\telengur.ini

2008-09-03 20:13 . 2008-09-03 20:14 534 ---hs---- C:\WINDOWS\system32\bagekrjt.ini

2008-09-03 19:07 . 2008-09-03 19:41 474 ---hs---- C:\WINDOWS\system32\ghhwacuw.ini

2008-09-03 18:07 . 2008-09-03 18:08 354 ---hs---- C:\WINDOWS\system32\ibeqxxrc.ini

2008-09-03 17:01 . 2008-09-03 17:02 294 ---hs---- C:\WINDOWS\system32\dtvlttlr.ini

2008-09-03 15:57 . 2008-09-03 16:53 834 ---hs---- C:\WINDOWS\system32\kugnkepj.ini

2008-09-02 16:37 . 2008-09-03 15:48 594 ---hs---- C:\WINDOWS\system32\hroghjlh.ini

2008-09-02 15:43 . 2008-09-02 15:43 294 ---hs---- C:\WINDOWS\system32\nftjanqm.ini

2008-09-01 22:07 . 2008-09-02 15:31 594 ---hs---- C:\WINDOWS\system32\uyuxpogs.ini

2008-09-01 21:01 . 2008-09-01 21:31 474 ---hs---- C:\WINDOWS\system32\plruvshp.ini

2008-09-01 20:01 . 2008-09-01 20:02 354 ---hs---- C:\WINDOWS\system32\ekqppyun.ini

2008-09-01 18:55 . 2008-09-01 18:56 294 ---hs---- C:\WINDOWS\system32\wqdecksy.ini

2008-09-01 16:05 . 2008-09-01 18:02 654 ---hs---- C:\WINDOWS\system32\nyyhyitw.ini

2008-08-31 21:26 . 2008-09-01 16:00 1,974 ---hs---- C:\WINDOWS\system32\pqpkjgpc.ini

2008-08-31 21:20 . 2008-08-31 21:20 1,794 ---hs---- C:\WINDOWS\system32\jngjwrlx.ini

2008-08-31 20:23 . 2008-08-31 20:44 1,734 ---hs---- C:\WINDOWS\system32\fcteripn.ini

2008-08-31 19:23 . 2008-08-31 19:23 1,494 ---hs---- C:\WINDOWS\system32\cgfvjskb.ini

2008-08-31 18:23 . 2008-08-31 18:49 1,434 ---hs---- C:\WINDOWS\system32\knfjgrns.ini

2008-08-31 17:17 . 2008-08-31 17:17 1,314 ---hs---- C:\WINDOWS\system32\awynkbps.ini

2008-08-31 16:29 . 2008-08-31 16:29 1,254 ---hs---- C:\WINDOWS\system32\tjyimnmw.ini

2008-08-31 15:29 . 2008-08-31 15:29 1,194 ---hs---- C:\WINDOWS\system32\iasoulkt.ini

2008-08-31 14:26 . 2008-08-31 14:26 1,134 ---hs---- C:\WINDOWS\system32\jcohfnvh.ini

2008-08-31 13:17 . 2008-08-31 13:17 1,074 ---hs---- C:\WINDOWS\system32\yabrtxft.ini

2008-08-31 12:17 . 2008-08-31 12:17 1,014 ---hs---- C:\WINDOWS\system32\eyblycrj.ini

2008-08-30 22:25 . 2008-08-31 12:05 954 ---hs---- C:\WINDOWS\system32\jglrfkug.ini

2008-08-30 21:22 . 2008-08-30 21:22 834 ---hs---- C:\WINDOWS\system32\ksawayse.ini

2008-08-30 20:19 . 2008-08-30 20:19 774 ---hs---- C:\WINDOWS\system32\ulqrgvmd.ini

2008-08-30 19:16 . 2008-08-30 19:16 714 ---hs---- C:\WINDOWS\system32\rnalfehs.ini

2008-08-30 18:19 . 2008-08-30 18:19 654 ---hs---- C:\WINDOWS\system32\udejeoij.ini

2008-08-30 17:10 . 2008-08-30 17:10 594 ---hs---- C:\WINDOWS\system32\liukpjxy.ini

2008-08-30 16:10 . 2008-08-30 16:10 534 ---hs---- C:\WINDOWS\system32\saapiwul.ini

2008-08-30 15:07 . 2008-08-30 15:07 474 ---hs---- C:\WINDOWS\system32\larxcfmj.ini

2008-08-30 14:01 . 2008-08-30 14:01 414 ---hs---- C:\WINDOWS\system32\aprkkgqn.ini

2008-08-30 13:02 . 2008-08-30 13:37 354 ---hs---- C:\WINDOWS\system32\lpffrxpx.ini

2008-08-29 23:18 . 2008-08-30 12:50 3,054 ---hs---- C:\WINDOWS\system32\nmtbkclk.ini

2008-08-29 22:12 . 2008-08-29 22:12 2,934 ---hs---- C:\WINDOWS\system32\xfucmtwi.ini

2008-08-29 21:09 . 2008-08-29 21:09 2,874 ---hs---- C:\WINDOWS\system32\ouvyxmgs.ini

2008-08-29 20:06 . 2008-08-29 20:06 2,814 ---hs---- C:\WINDOWS\system32\agggmlhd.ini

2008-08-29 19:09 . 2008-08-29 19:09 2,754 ---hs---- C:\WINDOWS\system32\jiegeujo.ini

2008-08-29 18:03 . 2008-08-29 18:03 2,694 ---hs---- C:\WINDOWS\system32\oncmbdcj.ini

2008-08-29 16:54 . 2008-08-29 16:54 2,634 ---hs---- C:\WINDOWS\system32\ajfofksq.ini

2008-08-29 15:51 . 2008-08-29 15:51 2,574 ---hs---- C:\WINDOWS\system32\uxcgqhsr.ini

2008-08-29 14:51 . 2008-08-29 14:51 2,514 ---hs---- C:\WINDOWS\system32\ynppsyds.ini

2008-08-29 13:51 . 2008-08-29 13:51 2,454 ---hs---- C:\WINDOWS\system32\jjhnsciu.ini

2008-08-29 12:48 . 2008-08-29 12:48 2,394 ---hs---- C:\WINDOWS\system32\muydmbel.ini

2008-08-29 11:42 . 2008-08-29 11:42 2,334 ---hs---- C:\WINDOWS\system32\ukulyele.ini

2008-08-29 10:36 . 2008-08-29 10:36 2,274 ---hs---- C:\WINDOWS\system32\ohmprhjt.ini

2008-08-29 09:36 . 2008-08-29 09:36 2,214 ---hs---- C:\WINDOWS\system32\tinbpgos.ini

2008-08-29 08:36 . 2008-08-29 08:36 2,154 ---hs---- C:\WINDOWS\system32\prhkicrw.ini

2008-08-29 07:30 . 2008-08-29 21:21 2,094 ---hs---- C:\WINDOWS\system32\eicdcovs.ini

2008-08-28 22:31 . 2008-08-29 07:19 1,974 ---hs---- C:\WINDOWS\system32\eslnayye.ini

2008-08-28 21:25 . 2008-08-28 21:26 1,854 ---hs---- C:\WINDOWS\system32\hjyxppws.ini

2008-08-28 20:28 . 2008-08-28 21:20 1,794 ---hs---- C:\WINDOWS\system32\pxhnsbvg.ini

2008-08-28 19:25 . 2008-08-28 19:26 1,674 ---hs---- C:\WINDOWS\system32\cxfgmngf.ini

2008-08-28 18:22 . 2008-08-28 18:23 1,614 ---hs---- C:\WINDOWS\system32\wtmhnmna.ini

2008-08-28 17:16 . 2008-08-28 17:32 1,554 ---hs---- C:\WINDOWS\system32\meybcwve.ini

2008-08-28 16:52 . 2008-08-28 16:53 1,434 ---hs---- C:\WINDOWS\system32\cgodrgia.ini

2008-08-28 15:43 . 2008-08-28 16:05 1,374 ---hs---- C:\WINDOWS\system32\ldwxfypj.ini

2008-08-27 15:33 . 2008-08-28 15:38 1,254 ---hs---- C:\WINDOWS\system32\hqnsuufk.ini

2008-08-26 15:32 . 2008-08-27 15:32 954 ---hs---- C:\WINDOWS\system32\swfxtfgm.ini

2008-08-21 16:03 . 2008-08-26 15:23 774 ---hs---- C:\WINDOWS\system32\dxrckslo.ini

2008-08-19 16:14 . 2008-08-19 19:22 474 ---hs---- C:\WINDOWS\system32\grcxadhv.ini

2008-08-18 09:13 . 2006-09-22 15:51 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2008-08-18 09:13 . 2006-09-22 15:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2008-08-18 09:13 . 2006-09-22 15:51 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2008-08-18 09:13 . 2008-08-18 19:27 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste

2008-08-18 09:13 . 2006-10-27 14:51 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2008-08-18 09:13 . 2006-10-27 14:51 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter

2008-08-18 09:13 . 2006-09-25 08:28 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2008-08-18 09:13 . 2006-09-22 15:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2008-08-18 09:13 . 2006-10-27 14:51 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter

2008-08-18 09:13 . 2006-09-22 15:51 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2008-08-18 09:13 . 2008-08-18 09:13 <DIR> d-------- C:\Documents and Settings\Administrator

2008-08-16 15:23 . 2008-08-19 16:11 4,606 ---hs---- C:\WINDOWS\system32\cagswqdk.ini

2008-08-15 22:49 . 2000-12-08 21:59 122,880 --a------ C:\WINDOWS\UnGins.exe

2008-08-15 11:25 . 2008-08-16 22:48 <DIR> d-------- C:\Documents and Settings\Vilde\Programdata\uTorrent

2008-08-14 19:51 . 2008-08-14 19:51 251,392 --a------ C:\WINDOWS\system32\byXRlkHA.dll

2008-08-14 18:37 . 2008-08-14 18:37 251,392 --a------ C:\WINDOWS\system32\jkkJYRJB.dll

2008-08-14 12:09 . 2008-08-14 12:09 261 --a------ C:\WINDOWS\game.ini

2008-08-12 22:28 . 1998-06-18 02:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL

2008-08-12 22:28 . 2000-03-17 10:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll

2008-08-12 22:28 . 2000-03-17 10:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll

2008-08-12 22:28 . 2002-04-24 14:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca

2008-08-12 22:28 . 2002-10-17 12:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe

2008-08-12 21:52 . 2008-08-12 21:52 3,879 --a------ C:\WINDOWS\system32\system.cfg

2008-08-12 13:00 . 2008-08-12 13:00 <DIR> d-------- C:\Programfiler\EA GAMES

2008-08-11 20:22 . 1998-11-13 12:08 308,224 --a------ C:\WINDOWS\IsUn0413.exe

2008-08-11 18:09 . 2008-08-11 18:09 <DIR> d-------- C:\Documents and Settings\Beate\Programdata\Leadertech

2008-08-10 16:25 . 2008-08-10 17:47 <DIR> d-------- C:\Documents and Settings\Konrad T\Programdata\DMCache

2008-08-10 15:48 . 2008-08-10 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\services

2008-08-09 18:20 . 2008-08-09 18:20 <DIR> d-------- C:\Programfiler\Easiestutils

2008-08-09 14:21 . 2008-08-09 14:21 <DIR> d-------- C:\Documents and Settings\Konrad T\Programdata\TrueCrypt

2008-08-09 14:00 . 2008-08-09 14:00 <DIR> d-------- C:\Documents and Settings\Marius\Programdata\TrueCrypt

2008-08-09 14:00 . 2008-08-09 14:00 235,840 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys

2008-08-08 22:47 . 2008-08-08 22:47 <DIR> d-------- C:\Documents and Settings\Konrad T\Programdata\Thinstall

2008-08-08 22:47 . 2008-08-08 22:48 <DIR> d-------- C:\Documents and Settings\Konrad T\Programdata\Daimler

2008-08-08 12:00 . 2008-08-08 12:00 <DIR> d-------- C:\Documents and Settings\Konrad T\Programdata\DAEMON Tools

2008-08-08 11:51 . 2008-08-17 12:05 <DIR> d-------- C:\Documents and Settings\Konrad T\Programdata\uTorrent

2008-08-07 22:23 . 2008-08-07 22:58 <DIR> d-------- C:\Programfiler\ESTsoft

2008-08-07 22:23 . 2008-08-07 22:58 <DIR> d-------- C:\Documents and Settings\Konrad T\Programdata\ESTsoft

2008-08-07 20:56 . 2008-08-07 20:56 73,728 --a------ C:\WINDOWS\Setup_ver1.1394.0.exe

2008-08-07 17:48 . 2008-08-07 17:50 16 --a------ C:\WINDOWS\system32\w3data.vss

2008-08-07 17:48 . 2008-08-07 17:50 16 --a------ C:\WINDOWS\msocreg32.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-06 09:25 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-09-05 14:25 --------- d-----w C:\Programfiler\OpenOffice.org1.1.3

2008-09-04 13:47 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-08-24 16:17 --------- d-----w C:\Documents and Settings\Konrad T\Programdata\AdobeUM

2008-08-19 14:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-08-16 21:23 --------- d-----w C:\Documents and Settings\Konrad T\Programdata\LimeWire

2008-08-16 20:48 --------- d-----w C:\Documents and Settings\Vilde\Programdata\LimeWire

2008-08-16 20:44 --------- d-----w C:\Programfiler\Norton Security Scan

2008-08-13 13:55 137,968 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-08-12 19:50 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-08-08 10:00 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-08-06 11:11 --------- d-----w C:\Documents and Settings\Konrad T\Programdata\dvdcss

2008-07-30 14:19 --------- d-----w C:\Programfiler\Norton Internet Security

2008-07-26 10:07 --------- d-----w C:\Programfiler\LimeWire

2008-07-26 09:28 --------- d-----w C:\Programfiler\Opera

2008-07-26 09:18 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-07-26 05:54 --------- d-----w C:\Programfiler\Avanquest update

2008-06-28 08:53 5,120 --sha-w C:\Programfiler\Thumbs.db

2008-03-09 14:43 22,328 ----a-w C:\Documents and Settings\Marius Thoresen\Programdata\PnkBstrK.sys

2006-10-31 20:18 43,394,698 ----a-w C:\Programfiler\nis2006.exe

2007-06-13 13:24 933,888 --sh--r C:\WINDOWS\system32\stdhost.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BC80085-5840-4D85-B654-43D4ECA47B49}]

2008-08-14 18:37 251392 --a------ C:\WINDOWS\system32\jkkJYRJB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ad46cd2-3764-e482-882d-8bb09bbd4129}]

2008-07-14 18:48 313856 --a------ C:\WINDOWS\system32\nst1C.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sunkist2k"="C:\Programfiler\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 131072]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-03-01 52840]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]

"nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe]

"DirectX Driver"="stdhost.exe" [2007-06-13 C:\WINDOWS\system32\stdhost.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"DJSNetCN"="C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-11-01 54928]

"DirectX Driver"="stdhost.exe" [2007-06-13 C:\WINDOWS\system32\stdhost.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\Default User\Start-meny\Programmer\Oppstart\

OpenOffice.org 1.1.3.lnk - C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe [2004-09-15 61440]

C:\Documents and Settings\Administrator\Start-meny\Programmer\Oppstart\

OpenOffice.org 1.1.3.lnk - C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe [2004-09-15 61440]

C:\Documents and Settings\Vilde\Start-meny\Programmer\Oppstart\

OpenOffice.org 1.1.3.lnk - C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe [2004-09-15 61440]

C:\Documents and Settings\Beate\Start-meny\Programmer\Oppstart\

OpenOffice.org 1.1.3.lnk - C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe [2004-09-15 61440]

C:\Documents and Settings\Konrad T\Start-meny\Programmer\Oppstart\

OpenOffice.org 1.1.3.lnk - C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe [2004-09-15 61440]

C:\Documents and Settings\Steinar\Start-meny\Programmer\Oppstart\

OpenOffice.org 1.1.3.lnk - C:\Programfiler\OpenOffice.org1.1.3\program\quickstart.exe [2004-09-15 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.VP31"= vp31vfw.dll

"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech Desktop Messenger.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech Desktop Messenger.lnk

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Marius Thoresen^Start-meny^Programmer^Oppstart^WinMySQLadmin.lnk]

path=C:\Documents and Settings\Marius\Start-meny\Programmer\Oppstart\WinMySQLadmin.lnk

backup=C:\WINDOWS\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeathAdder]

--a------ 2006-12-06 22:30 159744 C:\Programfiler\Razer\DeathAdder\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-03-11 22:34 49152 C:\Programfiler\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

--a------ 2007-02-13 22:29 67128 C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-01 00:13 385024 D:\Quicktime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

--a------ 2007-12-06 12:58 1069920 C:\Programfiler\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2007-12-02 12:43 1266936 d:\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MySql"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=

"D:\\Battlefield 2\\BF2.exe"=

"D:\\LimeWire\\LimeWire.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26302:TCP"= 26302:TCP:BitComet 26302 TCP

"26302:UDP"= 26302:UDP:BitComet 26302 UDP

S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]

S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]

S3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys [2006-09-22 660736]

S3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2006-11-14 22144]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-02 13352]

S3 PRISM_A00;CREATIX 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 380736]

S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]

S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]

S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2006-02-17 58288]

S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2006-02-17 8336]

S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2006-02-17 94064]

S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2006-02-17 85408]

S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2006-02-17 83344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\Autorun.exe

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

BHO-{07e930c2-bd96-4cfe-b83f-e384fb503907} - (no file)

BHO-{3B239B96-87A2-4464-8D6D-539E125A9527} - (no file)

BHO-{82D3F9A5-3A50-455F-9A90-E49EA253D97c} - C:\WINDOWS\system32\slrwnfoi.dll

BHO-{8AC015AD-F4DA-4D69-A589-F8805840AC6b} - C:\WINDOWS\system32\slrwnfoi.dll

BHO-{986642d5-f6cc-418f-9474-2ee3d105bdfd} - C:\WINDOWS\system32\kjiaaj.dll

BHO-{A7648694-C945-4B22-B7FC-94CBEAC59459} - C:\WINDOWS\system32\slrwnfoi.dll

BHO-{BCE9D037-93EC-4C84-8664-0A5A8628DB59} - C:\Documents and Settings\Marius Thoresen\Lokale innstillinger\Temporary Internet Files\Content.IE5\NKD9PXGA\3077htsbdjyf[1].dll

BHO-{C41A0E74-F5C2-4B0D-A75A-4E5A17EEBA57} - C:\WINDOWS\system32\slrwnfoi.dll

HKLM-Run-2c5a8370 - C:\WINDOWS\system32\itrrbgfy.dll

HKLM-Run-BM2f69b0ec - C:\WINDOWS\system32\wwlpuybj.dll

HKLM-Run-RTHDCPL - RTHDCPL.EXE

HKLM-Run-SkyTel - SkyTel.EXE

MSConfigStartUp-Adobe Photo Downloader - C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

MSConfigStartUp-BearFlix - D:\Programfiler\BearFlix\BearFlix.exe

MSConfigStartUp-DAEMON Tools - D:\DAEMON Tools\daemon.exe

MSConfigStartUp-Easy-PrintToolBox - C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

MSConfigStartUp-OM_Monitor - D:\Olympus\Monitor.exe

MSConfigStartUp-swg - C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

MSConfigStartUp-Logitech Utility - Logi_MwX.Exe

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Marius\Programdata\Mozilla\Firefox\Profiles\1zsc90a4.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.battlefield.no

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-06 12:17:03

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]

"ImagePath"="C:/Documents and Settings/Marius/Mine dokumenter/Mine mottatte filer/xampp/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]

"ImagePath"="C:/Documents and Settings/Marius/Mine dokumenter/Mine mottatte filer/xampp/mysql/bin/mysqld-nt.exe"

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

.

**************************************************************************

.

Completion time: 2008-09-06 12:21:28 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-06 10:21:24

Pre-Run: 6,792,298,496 byte ledig

Post-Run: 8,493,162,496 byte ledig

618 --- E O F --- 2008-08-13 06:57:06

MBAM-logg:

Malwarebytes' Anti-Malware 1.26

Database versjon: 1103

Windows 5.1.2600 Service Pack 2

2008-09-06 12:37:43

mbam-log-2008-09-06 (12-37-43).txt

Skanntype: Rask Skann

Objekter skannet: 57348

Tid tilbakelagt: 8 minute(s), 29 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 9

Registerverdier infisert: 1

Registerfiler infisert: 1

Mapper infisert: 0

Filer infisert: 10

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1bc80085-5840-4d85-b654-43d4eca47b49} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1bc80085-5840-4d85-b654-43d4eca47b49} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\rotator.gizmo2.1 (Adware.Rightonadz) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bgrqfetx.bolb (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hdtip.btxo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ad46cd2-3764-e482-882d-8bb09bbd4129} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6ad46cd2-3764-e482-882d-8bb09bbd4129} (Adware.BHO) -> Quarantined and deleted successfully.

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DirectX Driver (Backdoor.Bot) -> Quarantined and deleted successfully.

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page\Start Page (Hijack.Homepage) -> Bad: (http://lookanddiscover.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\WINDOWS\system32\jkkJYRJB.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\byXRlkHA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\Setup_ver1.1394.0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\stdhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Programdata\services\services.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Vilde\Programdata\Microsoft\Internet Explorer\Quick Launch\AntiVirGear 3.8.lnk (Rogue.AntiVirGear) -> Quarantined and deleted successfully.

C:\Documents and Settings\Vilde\Skrivebord\AntiVirGear 3.8.lnk (Rogue.AntiVirGear) -> Quarantined and deleted successfully.

C:\Documents and Settings\Vilde\Start-meny\AntiVirGear 3.8.lnk (Rogue.AntiVirGear) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nst1C.dll (Adware.BHO) -> Quarantined and deleted successfully.

Ja, jeg vet det, det er mye å se gjennom men det hadde vært fint om noe tok seg bryet

norbat · 6. september 2008

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\system32\euifydst.ini

C:\WINDOWS\system32\amssqcqx.ini

C:\WINDOWS\system32\vrrprpag.ini

C:\WINDOWS\system32\igrmsdxf.ini

C:\WINDOWS\system32\fxcahswr.ini

C:\WINDOWS\system32\hitrhisl.ini

C:\WINDOWS\system32\lfjdqgid.ini

C:\WINDOWS\system32\xpkkxkft.ini

C:\WINDOWS\system32\xrkcuvla.ini

C:\WINDOWS\system32\bfadqsqb.ini

C:\WINDOWS\system32\xhxnqtul.ini

C:\WINDOWS\system32\nkyqgvnv.ini

C:\WINDOWS\system32\lyrbhfpa.ini

C:\WINDOWS\system32\waagvomm.ini

C:\WINDOWS\system32\telengur.ini

C:\WINDOWS\system32\bagekrjt.ini

C:\WINDOWS\system32\ghhwacuw.ini

C:\WINDOWS\system32\ibeqxxrc.ini

C:\WINDOWS\system32\dtvlttlr.ini

C:\WINDOWS\system32\kugnkepj.ini

C:\WINDOWS\system32\hroghjlh.ini

C:\WINDOWS\system32\nftjanqm.ini

C:\WINDOWS\system32\uyuxpogs.ini

C:\WINDOWS\system32\plruvshp.ini

C:\WINDOWS\system32\ekqppyun.ini

C:\WINDOWS\system32\wqdecksy.ini

C:\WINDOWS\system32\nyyhyitw.ini

C:\WINDOWS\system32\pqpkjgpc.ini

C:\WINDOWS\system32\jngjwrlx.ini

C:\WINDOWS\system32\fcteripn.ini

C:\WINDOWS\system32\cgfvjskb.ini

C:\WINDOWS\system32\knfjgrns.ini

C:\WINDOWS\system32\awynkbps.ini

C:\WINDOWS\system32\tjyimnmw.ini

C:\WINDOWS\system32\iasoulkt.ini

C:\WINDOWS\system32\jcohfnvh.ini

C:\WINDOWS\system32\yabrtxft.ini

C:\WINDOWS\system32\eyblycrj.ini

C:\WINDOWS\system32\jglrfkug.ini

C:\WINDOWS\system32\ksawayse.ini

C:\WINDOWS\system32\ulqrgvmd.ini

C:\WINDOWS\system32\rnalfehs.ini

C:\WINDOWS\system32\udejeoij.ini

C:\WINDOWS\system32\liukpjxy.ini

C:\WINDOWS\system32\saapiwul.ini

C:\WINDOWS\system32\larxcfmj.ini

C:\WINDOWS\system32\aprkkgqn.ini

C:\WINDOWS\system32\lpffrxpx.ini

C:\WINDOWS\system32\nmtbkclk.ini

C:\WINDOWS\system32\xfucmtwi.ini

C:\WINDOWS\system32\ouvyxmgs.ini

C:\WINDOWS\system32\jiegeujo.ini

C:\WINDOWS\system32\ajfofksq.ini

C:\WINDOWS\system32\uxcgqhsr.ini

C:\WINDOWS\system32\ynppsyds.ini

C:\WINDOWS\system32\jjhnsciu.ini

C:\WINDOWS\system32\muydmbel.ini

C:\WINDOWS\system32\ukulyele.ini

C:\WINDOWS\system32\ohmprhjt.ini

C:\WINDOWS\system32\tinbpgos.ini

C:\WINDOWS\system32\prhkicrw.ini

C:\WINDOWS\system32\eicdcovs.ini

C:\WINDOWS\system32\eslnayye.ini

C:\WINDOWS\system32\hjyxppws.ini

C:\WINDOWS\system32\pxhnsbvg.ini

C:\WINDOWS\system32\cxfgmngf.ini

C:\WINDOWS\system32\wtmhnmna.ini

C:\WINDOWS\system32\meybcwve.ini

C:\WINDOWS\system32\cgodrgia.ini

C:\WINDOWS\system32\ldwxfypj.ini

C:\WINDOWS\system32\hqnsuufk.ini

C:\WINDOWS\system32\swfxtfgm.ini

C:\WINDOWS\system32\dxrckslo.ini

C:\WINDOWS\system32\grcxadhv.ini

C:\WINDOWS\system32\byXRlkHA.dll

C:\WINDOWS\system32\jkkJYRJB.dll

C:\WINDOWS\system32\stdhost.exe

Dirlook::

C:\Documents and Settings\All Users\Programdata\services

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BC80085-5840-4D85-B654-43D4ECA47B49}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ad46cd2-3764-e482-882d-8bb09bbd4129}]

Post loggen sammen med ny hjt-logg.

rankine · 6. september 2008

Ny CF-logg:

ComboFix 08-09-05.02 - Marius Thoresen 2008-09-06 15:24:06.2 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1774 [GMT 2:00]

Running from: C:\Documents and Settings\Marius Thoresen\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Marius Thoresen\Skrivebord\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\ajfofksq.ini

C:\WINDOWS\system32\amssqcqx.ini

C:\WINDOWS\system32\aprkkgqn.ini

C:\WINDOWS\system32\awynkbps.ini

C:\WINDOWS\system32\bagekrjt.ini

C:\WINDOWS\system32\bfadqsqb.ini

C:\WINDOWS\system32\cgfvjskb.ini

C:\WINDOWS\system32\cgodrgia.ini

C:\WINDOWS\system32\cxfgmngf.ini

C:\WINDOWS\system32\dtvlttlr.ini

C:\WINDOWS\system32\dxrckslo.ini

C:\WINDOWS\system32\eicdcovs.ini

C:\WINDOWS\system32\ekqppyun.ini

C:\WINDOWS\system32\eslnayye.ini

C:\WINDOWS\system32\euifydst.ini

C:\WINDOWS\system32\eyblycrj.ini

C:\WINDOWS\system32\fcteripn.ini

C:\WINDOWS\system32\fxcahswr.ini

C:\WINDOWS\system32\ghhwacuw.ini

C:\WINDOWS\system32\grcxadhv.ini

C:\WINDOWS\system32\hitrhisl.ini

C:\WINDOWS\system32\hjyxppws.ini

C:\WINDOWS\system32\hqnsuufk.ini

C:\WINDOWS\system32\hroghjlh.ini

C:\WINDOWS\system32\iasoulkt.ini

C:\WINDOWS\system32\ibeqxxrc.ini

C:\WINDOWS\system32\igrmsdxf.ini

C:\WINDOWS\system32\jcohfnvh.ini

C:\WINDOWS\system32\jglrfkug.ini

C:\WINDOWS\system32\jiegeujo.ini

C:\WINDOWS\system32\jjhnsciu.ini

C:\WINDOWS\system32\jngjwrlx.ini

C:\WINDOWS\system32\knfjgrns.ini

C:\WINDOWS\system32\ksawayse.ini

C:\WINDOWS\system32\kugnkepj.ini

C:\WINDOWS\system32\larxcfmj.ini

C:\WINDOWS\system32\ldwxfypj.ini

C:\WINDOWS\system32\lfjdqgid.ini

C:\WINDOWS\system32\liukpjxy.ini

C:\WINDOWS\system32\lpffrxpx.ini

C:\WINDOWS\system32\lyrbhfpa.ini

C:\WINDOWS\system32\meybcwve.ini

C:\WINDOWS\system32\muydmbel.ini

C:\WINDOWS\system32\nftjanqm.ini

C:\WINDOWS\system32\nkyqgvnv.ini

C:\WINDOWS\system32\nmtbkclk.ini

C:\WINDOWS\system32\nyyhyitw.ini

C:\WINDOWS\system32\ohmprhjt.ini

C:\WINDOWS\system32\ouvyxmgs.ini

C:\WINDOWS\system32\plruvshp.ini

C:\WINDOWS\system32\pqpkjgpc.ini

C:\WINDOWS\system32\prhkicrw.ini

C:\WINDOWS\system32\pxhnsbvg.ini

C:\WINDOWS\system32\rnalfehs.ini

C:\WINDOWS\system32\swfxtfgm.ini

C:\WINDOWS\system32\saapiwul.ini

C:\WINDOWS\system32\telengur.ini

C:\WINDOWS\system32\tinbpgos.ini

C:\WINDOWS\system32\tjyimnmw.ini

C:\WINDOWS\system32\udejeoij.ini

C:\WINDOWS\system32\ukulyele.ini

C:\WINDOWS\system32\ulqrgvmd.ini

C:\WINDOWS\system32\uxcgqhsr.ini

C:\WINDOWS\system32\uyuxpogs.ini

C:\WINDOWS\system32\vrrprpag.ini

C:\WINDOWS\system32\wqdecksy.ini

C:\WINDOWS\system32\wtmhnmna.ini

C:\WINDOWS\system32\waagvomm.ini

C:\WINDOWS\system32\xfucmtwi.ini

C:\WINDOWS\system32\xhxnqtul.ini

C:\WINDOWS\system32\xpkkxkft.ini

C:\WINDOWS\system32\xrkcuvla.ini

C:\WINDOWS\system32\yabrtxft.ini

C:\WINDOWS\system32\ynppsyds.ini

.

((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))

.

2008-09-06 13:40 . 2008-09-06 13:40 <DIR> d-------- C:\Programfiler\Trend Micro

2008-09-06 12:59 . 2008-09-06 12:59 <DIR> d-------- C:\Documents and Settings\Marius Thoresen\Programdata\SUPERAntiSpyware.com

2008-09-06 12:59 . 2008-09-06 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-09-06 12:00 . 2008-09-06 12:00 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-09-06 12:00 . 2008-09-06 12:00 <DIR> d-------- C:\Documents and Settings\Marius Thoresen\Programdata\Malwarebytes

2008-09-06 12:00 . 2008-09-06 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-09-06 12:00 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-06 12:00 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-06 11:42 . 2008-09-06 12:26 <DIR> dr-h----- C:\Documents and Settings\Marius Thoresen\Siste