hautainn Skrevet 2. januar 2009 Skrevet 2. januar 2009 Norman fant disse "virusene": Malwarebytes' Anti-Malware 1.30Database versjon: 1441 Windows 5.1.2600 Service Pack 3 2009-01-02 13:57:46 mbam-log-2009-01-02 (13-57-45).txt Skanntype: Rask Skann Objekter skannet: 54285 Tid tilbakelagt: 7 minute(s), 15 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ComboFix 08-12-31.01 - *********************** 2009-01-02 1:57:51.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1014.569 [GMT 1:00] Kjører fra: c:\users\***********************\Skrivebord\Norsk\ComboFix.exe * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\progs\Microsoft Common c:\progs\Microsoft Common\svchost.exe c:\users\***********************\Programdata\inst.exe c:\windows\system32\Pncrt.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-02 til 2009-01-02 ))))))))))))))))))))))))))))))))) . 2009-01-02 01:29 . 2009-01-02 01:29 <DIR> dr-h----- c:\users\***********************\Siste 2008-12-29 23:05 . 2008-12-30 23:48 <DIR> d-------- c:\progs\Garena 2008-12-29 14:11 . 2009-01-01 15:03 <DIR> d-------- c:\users\***********************\Tracing 2008-12-29 14:09 . 2008-12-29 14:09 <DIR> d-------- c:\progs\Windows Live SkyDrive 2008-12-29 14:09 . 2008-12-29 14:09 <DIR> d-------- c:\progs\Microsoft 2008-12-29 14:03 . 2008-12-29 14:03 <DIR> d-------- c:\progs\Common\Windows Live 2008-12-25 12:54 . 2008-12-25 16:54 <DIR> d-------- c:\users\***********************\Programdata\dvdcss 2008-12-21 04:52 . 2008-12-21 04:52 <DIR> d-------- c:\progs\NeoDownloader 2008-12-20 19:20 . 2008-12-20 19:20 <DIR> d-------- c:\progs\Atari 2008-12-18 15:12 . 2008-12-18 20:14 <DIR> d-------- c:\users\***********************\Programdata\Vso 2008-12-18 15:12 . 2008-12-18 15:12 <DIR> d-------- c:\progs\VSO 2008-12-18 15:12 . 2004-05-04 12:53 1,645,320 --a------ c:\windows\gdiplus.dll 2008-12-18 15:12 . 2006-05-20 17:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll 2008-12-18 15:12 . 2006-05-11 20:21 626,688 --a------ c:\windows\system32\vp7vfw.dll 2008-12-18 15:12 . 2006-09-29 13:24 217,127 --a------ c:\windows\system32\drv43260.dll 2008-12-18 15:12 . 2006-09-29 13:25 208,935 --a------ c:\windows\system32\drv33260.dll 2008-12-18 15:12 . 2006-09-29 13:26 176,165 --a------ c:\windows\system32\drv23260.dll 2008-12-18 15:12 . 2007-03-18 21:37 65,602 --a------ c:\windows\system32\cook3260.dll 2008-12-18 15:12 . 2008-12-18 15:12 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-12-18 15:12 . 2008-12-18 15:12 47,360 --a------ c:\users\***********************\Programdata\pcouffin.sys 2008-12-16 17:51 . 2008-12-16 17:51 <DIR> d-------- c:\users\***********************\Programdata\NeoDownloader 2008-12-15 19:00 . 1994-09-21 02:00 12,800 --a------ c:\windows\system\WING32.DLL 2008-12-15 18:59 . 2008-12-15 18:59 <DIR> d-------- c:\progs\3DO 2008-12-15 18:59 . 1994-09-21 02:00 12,800 --a------ c:\windows\system32\WING32.DLL 2008-12-15 18:58 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-12-10 14:24 . 2008-12-10 14:24 <DIR> d-------- c:\users\***********************\Programdata\WinPatrol 2008-12-10 14:23 . 2008-12-10 14:23 <DIR> d-------- c:\progs\BillP Studios 2008-12-09 11:16 . 2008-12-09 11:16 <DIR> d-------- c:\users\***********************\Programdata\Apple Computer 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\users\All Users\Programdata\Apple Computer 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\progs\QuickTime 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\progs\Common\Apple 2008-12-09 11:12 . 2008-12-09 11:12 <DIR> d-------- c:\users\All Users\Programdata\Apple 2008-12-09 11:12 . 2008-12-09 11:12 <DIR> d-------- c:\progs\Apple Software Update 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\users\***********************\Programdata\Sony 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\users\***********************\Programdata\Publish Providers 2008-12-09 11:04 . 2008-12-09 11:31 <DIR> d-a------ c:\users\All Users\Programdata\TEMP 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\progs\VSTplugins 2008-12-09 10:57 . 2008-12-09 10:57 <DIR> d-------- c:\users\All Users\Programdata\Sony 2008-12-09 10:57 . 2008-12-09 10:57 <DIR> d-------- c:\progs\Sony 2008-12-09 10:47 . 2008-12-09 10:47 <DIR> d-------- c:\progs\MSBuild 2008-12-09 10:45 . 2008-12-09 10:45 <DIR> d-------- c:\users\All Users\Programdata\Messenger Plus! 2008-12-09 10:45 . 2008-12-23 18:14 <DIR> d-------- c:\progs\StuffPlug3 2008-12-09 10:44 . 2008-12-09 10:44 <DIR> d-------- c:\windows\system32\XPSViewer 2008-12-09 10:44 . 2008-12-09 10:44 <DIR> d-------- c:\progs\Reference Assemblies 2008-12-09 10:43 . 2008-12-09 11:48 <DIR> d-------- c:\progs\Messenger Plus! Live 2008-12-09 10:43 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-12-09 10:35 . 2008-12-09 10:36 <DIR> d-------- c:\users\***********************\Programdata\Sony Setup 2008-12-09 10:35 . 2008-12-09 10:35 <DIR> d-------- c:\progs\Sony Setup 2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-02 00:27 --------- d-----w c:\users\***********************\Programdata\NoNameScript 2009-01-01 21:07 31 ----a-w c:\users\***********************\jagex_runescape_preferences.dat 2009-01-01 20:27 --------- d-----w c:\users\***********************\Programdata\foobar2000 2009-01-01 20:19 --------- d-----w c:\progs\Warcraft III 2009-01-01 14:03 --------- d-----w c:\progs\mIRC 2009-01-01 14:01 --------- d-----w c:\progs\Norman 2008-12-29 22:05 --------- d--h--w c:\progs\InstallShield Installation Information 2008-12-29 13:08 --------- d-----w c:\progs\Windows Live 2008-12-28 22:03 --------- d-----w c:\users\***********************\Programdata\uTorrent 2008-12-01 19:57 --------- d-----w c:\progs\Trend Micro 2008-12-01 19:37 --------- d-----w c:\users\***********************\Programdata\Malwarebytes 2008-12-01 19:37 --------- d-----w c:\users\All Users\Programdata\Malwarebytes 2008-12-01 19:37 --------- d-----w c:\progs\Malwarebytes' Anti-Malware 2008-11-28 20:41 --------- d-----w c:\progs\WC3Banlist 2008-11-17 15:44 --------- d-----w c:\progs\WinPcap 2008-11-17 15:38 2,829 ----a-w c:\windows\War3Unin.pif 2008-11-17 15:38 139,264 ----a-w c:\windows\War3Unin.exe 2008-11-16 02:01 --------- d-----w c:\users\***********************\Programdata\vlc 2008-11-16 02:00 --------- d-----w c:\progs\VideoLAN 2008-11-15 19:17 --------- d-----w c:\progs\DAEMON Tools Lite 2008-11-15 19:11 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-15 19:11 --------- d-----w c:\users\***********************\Programdata\DAEMON Tools 2008-11-15 17:41 --------- d-----w c:\progs\DVD Decrypter 2008-11-15 15:54 --------- d-----w c:\progs\Microsoft IntelliType Pro 2008-11-15 15:54 --------- d-----w c:\progs\Microsoft IntelliPoint 2008-11-15 15:48 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-11-15 15:48 --------- d-----w c:\progs\Java 2008-11-15 00:05 --------- d-----w c:\users\***********************\Programdata\teamspeak2 2008-11-15 00:05 --------- d-----w c:\progs\Teamspeak2_RC2 2008-11-14 13:38 --------- d-----w c:\progs\uTorrent 2008-11-14 13:18 --------- d-----w c:\progs\foobar2000 2008-11-14 07:17 --------- d-----w c:\progs\Spybot - Search & Destroy 2008-11-13 10:45 --------- d-----w c:\users\***********************\Programdata\mIRC 2008-11-13 10:27 --------- d-----w c:\progs\CCleaner 2008-11-13 10:23 --------- dcsh--w c:\progs\Common\WindowsLiveInstaller 2008-11-13 10:20 --------- d-----w c:\users\All Users\Programdata\Spybot - Search & Destroy 2008-11-13 10:16 --------- d-----w c:\users\All Users\Programdata\WLInstaller 2008-11-13 10:13 --------- d-----w c:\progs\TeaTimer (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\SDHelper (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\Misc. Support Library (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\File Scanner Library (Spybot - Search & Destroy) 2008-10-22 10:32 268,435,456 --sha-w C:\WinPEpge.sys 2008-07-11 12:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008071120080712\index.dat 2008-07-14 10:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Programdata\Microsoft\Internet Explorer\UserData\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-12-01_21.28.38.45 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-09 15:03:35 19,767 ----a-w c:\windows\.jagex_cache_32\runescape\game_unpacker.dat - 2008-11-30 13:15:34 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll + 2009-01-01 20:38:51 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll - 2008-11-30 13:15:35 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll + 2009-01-01 20:38:51 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll + 2008-12-09 09:44:15 151,552 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll + 2008-12-09 09:44:52 3,915,776 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll + 2008-12-09 09:44:53 344,064 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll + 2008-12-09 09:44:15 352,256 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll + 2008-12-09 09:44:51 593,920 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll + 2008-12-09 09:44:51 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll + 2008-12-09 09:44:53 184,320 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll + 2008-12-09 09:44:52 126,976 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll + 2008-12-09 09:44:52 376,832 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll + 2008-12-09 09:44:53 151,552 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll + 2008-12-09 09:44:52 4,972,544 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll + 2008-12-09 09:44:52 897,024 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll + 2008-12-09 09:44:53 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll + 2008-12-09 09:44:16 94,208 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll + 2008-12-09 09:44:17 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll + 2008-12-09 09:44:17 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll + 2008-12-09 09:44:17 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll + 2008-12-09 09:44:18 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll + 2008-12-09 09:44:21 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll + 2008-12-09 09:44:21 16,384 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll + 2008-12-09 09:44:19 5,623,808 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll + 2008-12-09 09:44:53 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll + 2008-12-09 09:47:52 1,108,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll + 2008-12-09 09:47:52 1,641,272 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll + 2008-12-09 09:47:52 588,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll + 2008-12-09 09:44:52 163,840 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll + 2008-12-09 09:44:52 372,736 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll + 2008-12-09 09:44:52 32,768 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll + 2008-12-09 09:44:52 86,016 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll + 2008-12-09 09:44:51 1,167,360 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll + 2008-12-09 09:44:53 81,920 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll + 2008-12-09 09:58:11 53,248 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AjaVideoProperties\29df8131578c6b4bbccae4e82acdd893\AjaVideoProperties.ni.dll + 2008-12-09 14:36:01 434,176 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\be2401f1d515104bb6d0d6c791fc7b6f\ComSvcConfig.ni.exe + 2008-12-09 09:58:28 94,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ControlLibrary\d2038614d75a4f4586c70d281b77f0e6\ControlLibrary.ni.dll + 2008-12-09 09:58:21 1,314,816 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics.XmlSer#\b9fe479433c29f4d83aa0ad99ba071b2\CoreGraphics.XmlSerializers.ni.dll + 2008-12-09 09:58:17 1,609,728 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CoreGraphics\a4fa54a86fdf3740a409d3b5368b0e22\CoreGraphics.ni.dll + 2008-12-09 09:58:12 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CorePrimitives\f667d127f19fa544b669329e1bdfba31\CorePrimitives.ni.dll + 2008-12-09 09:58:26 909,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI.XmlSerialize#\9f1b612032178942b2ba24a684c22799\CoreUI.XmlSerializers.ni.dll + 2008-12-09 09:58:23 413,696 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CoreUI\50eb3b7c690ed844a5bdd7efa514e1a4\CoreUI.ni.dll + 2008-12-09 09:58:31 65,536 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Interop\549ad995f94f0d4f9ad669be860bf239\Interop.ni.dll + 2008-12-09 14:36:04 1,069,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\32af615862d70b43a8bfbc492c3cd015\Microsoft.Transactions.Bridge.ni.dll + 2008-12-09 14:36:06 405,504 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4dbe296602a9524bb3de740fee9ddbd3\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2008-12-09 09:45:26 17,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\54c4262127c156429e2653d35de920d8\Microsoft.VisualC.ni.dll + 2008-12-09 14:36:35 1,576,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b14097fdb1b4b249a86426a2c2de7b1c\PresentationBuildTasks.ni.dll + 2008-12-09 09:46:14 40,448 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\80cf609b1a48a74e911c4f33b0588f52\PresentationCFFRasterizer.ni.dll + 2008-12-09 09:46:13 12,038,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\1601b0a094a7254cbecf5fc1c09d62ac\PresentationCore.ni.dll + 2008-12-09 09:47:41 49,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\42670d23ebb07948a4e1be62e121e3cb\PresentationFontCache.ni.exe + 2008-12-09 09:47:40 393,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\18ffc25144b05d4fadd20ae82a03746e\PresentationFramework.Aero.ni.dll + 2008-12-09 09:47:19 14,643,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ad1e46c4c7f0f46b9d39a3139f11997\PresentationFramework.ni.dll + 2008-12-09 09:47:39 266,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\941eeb2d3377b840abd8767b93a01b5b\PresentationFramework.Royale.ni.dll + 2008-12-09 09:47:37 204,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2405812fa3a9c4ba96422d77046cc20\PresentationFramework.Classic.ni.dll + 2008-12-09 09:47:38 548,864 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b03f0f1416bc8948a1bd67eb9c126831\PresentationFramework.Luna.ni.dll + 2008-12-09 09:47:26 1,757,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\138c52798bc913409e7afc51def96633\PresentationUI.ni.dll + 2008-12-09 09:47:33 2,334,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\8768562bb4adbd4b87f867141ff7b0ab\ReachFramework.ni.dll + 2008-12-09 14:36:07 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\268e0b2811437845994ca36bd2bcbc71\ServiceModelReg.ni.exe + 2008-12-09 14:36:07 286,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6c961b9375ead64fb629d875d7d48365\SMDiagnostics.ni.dll + 2008-12-09 14:36:09 323,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6c4f754dc41ac046a64c6c976894ea5a\SMSvcHost.ni.exe + 2008-12-09 09:58:08 688,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Capture\57d94189b78acb41b8e5166ada95234f\Sony.Capture.ni.dll + 2008-12-09 09:58:05 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.MediaSoftware.#\94515975ae97a746843006caddb639d3\Sony.MediaSoftware.ExternalVideoDevice.ni.dll + 2008-12-09 09:58:10 249,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas.NetRender\729d7b781ad08f428a02b8c2f102df1c\Sony.Vegas.NetRender.ni.dll + 2008-12-09 09:58:03 1,040,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Sony.Vegas\8e941099b5c81346a5e32019eea2a079\Sony.Vegas.ni.dll + 2008-12-09 14:36:38 262,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\09b21160d4619642b130d8d3fd36d047\sysglobl.ni.dll + 2008-12-09 09:45:33 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\8165a02dbaab3c4f86e7da66bdc2e775\System.Configuration.Install.ni.dll + 2008-12-09 09:45:31 1,183,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c93f9a769a606d4cb2a976174849c43b\System.Data.OracleClient.ni.dll + 2008-12-09 09:45:25 2,703,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\1147a03f9c33f946afe87c61b5f5daf6\System.Data.SqlXml.ni.dll + 2008-12-09 14:35:24 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\c974e3010a4ab54a9f62aa023b545480\System.IdentityModel.Selectors.ni.dll + 2008-12-09 14:35:22 995,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\80e03d0ce7aba944bd80ff4ce450a478\System.IdentityModel.ni.dll + 2008-12-09 14:35:25 425,984 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8f205c11999deb4398341e0bb56e478a\System.IO.Log.ni.dll + 2008-12-09 09:48:12 655,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\da1cb9db84c9bd4d92a6f7772d0820ae\System.Messaging.ni.dll + 2008-12-09 09:47:35 1,052,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\a88e00be9ab9b14bb349c3885afca2d2\System.Printing.ni.dll + 2008-12-09 09:45:28 815,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f9c7e0e4db1a9740827bd385125a595e\System.Runtime.Remoting.ni.dll + 2008-12-09 14:35:29 2,371,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\93bdc6cc30ab9945afccea89c89cd834\System.Runtime.Serialization.ni.dll + 2008-12-09 09:45:28 339,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b538b4f21c717c4aa0a94effda53b697\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2008-12-09 14:35:58 17,506,304 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3ce56818e402404e9ebb034508f89597\System.ServiceModel.ni.dll + 2008-12-09 09:45:32 233,472 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86d783cf46c1fa4d86bbcb9c8d5ab4d2\System.ServiceProcess.ni.dll + 2008-12-09 14:36:37 2,043,904 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\131b27b1f0e6894c803e1007bb84a4bf\System.Speech.ni.dll + 2008-12-09 09:47:59 2,965,504 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\1f380a7e2ea5844aa53c76665c5ded1f\System.Workflow.Activities.ni.dll + 2008-12-09 09:48:06 4,599,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\8643d73e8e812042b29113141b166381\System.Workflow.ComponentModel.ni.dll + 2008-12-09 09:48:11 2,064,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\eda602b88c16ff47ba2cf1cc8e46dba3\System.Workflow.Runtime.ni.dll + 2008-12-09 14:36:40 483,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\6700239851135444a70c5ed7ae2dc5ee\UIAutomationClient.ni.dll + 2008-12-09 14:36:41 1,122,304 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f220057fb0e41e4e850aba6435cfec6a\UIAutomationClientsideProviders.ni.dll + 2008-12-09 09:46:14 51,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\dd6114037aeb0b48adb4ccdc550c372a\UIAutomationProvider.ni.dll + 2008-12-09 09:46:14 196,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\46493130b9bdbe40ab66adb124f9b05e\UIAutomationTypes.ni.dll + 2008-12-09 09:58:30 1,462,272 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WidgetLibrary\73ff56e820de85429ca32b7051efb7d2\WidgetLibrary.ni.dll + 2008-12-09 09:45:20 3,289,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fcd3a7b53207bc45970922cc31949d34\WindowsBase.ni.dll + 2008-12-09 14:36:45 245,760 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\c09c422e25dc664c83ff72f9c79d850b\WindowsFormsIntegration.ni.dll + 2008-12-09 14:36:09 380,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\43b6fbd1cd8fed49a6a71e03b2a0a47b\WsatConfig.ni.exe + 2008-12-29 13:09:15 62,288 ----a-r c:\windows\Installer\{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}\IconWlc.exe + 2008-12-29 13:11:39 80,395 ----a-r c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe + 2008-12-09 10:12:50 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe + 2006-10-30 03:06:24 74,012 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat + 2006-10-30 02:25:56 99,600 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe + 2006-10-29 22:15:06 220,672 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll + 2006-10-29 22:17:56 1,054,720 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll + 2006-10-29 22:14:26 163,328 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll + 2006-10-30 02:25:54 194,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe + 2006-10-30 02:25:56 167,176 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe + 2006-10-30 02:25:56 365,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe + 2006-10-30 02:17:12 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll + 2006-10-30 02:17:30 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll + 2006-10-30 02:17:36 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll + 2006-10-30 02:17:44 87,040 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll + 2006-10-30 02:17:50 89,600 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll + 2006-10-30 02:17:56 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll + 2006-10-30 02:18:10 82,944 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll + 2006-10-30 02:18:16 91,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll + 2006-10-30 02:18:22 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll + 2006-10-30 02:18:30 89,600 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll + 2006-10-30 02:18:36 88,064 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll + 2006-10-30 02:18:42 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll + 2006-10-30 02:18:48 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll + 2006-10-30 02:18:56 87,040 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll + 2006-10-30 02:19:02 83,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll + 2006-10-30 02:19:08 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll + 2006-10-30 02:19:14 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll + 2006-10-30 02:19:28 82,944 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll + 2006-10-30 02:19:34 83,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll + 2006-10-30 02:19:42 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll + 2006-10-30 02:17:24 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll + 2006-10-30 02:19:22 90,624 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll + 2006-10-30 02:18:02 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll + 2006-10-29 22:15:20 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll + 2006-10-29 22:15:22 1,621,504 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll + 2006-10-29 22:16:52 1,139,712 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll + 2006-10-29 22:18:26 590,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll + 2006-10-29 22:20:20 541,184 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll + 2006-10-29 22:18:12 816,128 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll + 2006-10-30 02:17:14 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll + 2006-10-30 02:17:30 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll + 2006-10-30 02:17:38 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll + 2006-10-30 02:17:44 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll + 2006-10-30 02:17:50 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll + 2006-10-30 02:17:58 104,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll + 2006-10-30 02:18:10 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll + 2006-10-30 02:18:16 103,424 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll + 2006-10-30 02:18:24 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll + 2006-10-30 02:18:30 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll + 2006-10-30 02:18:36 101,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll + 2006-10-30 02:18:42 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll + 2006-10-30 02:18:50 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll + 2006-10-30 02:18:56 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll + 2006-10-30 02:19:02 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll + 2006-10-30 02:19:08 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll + 2006-10-30 02:19:16 99,328 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll + 2006-10-30 02:19:28 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll + 2006-10-30 02:19:36 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll + 2006-10-30 02:19:42 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll + 2006-10-30 02:17:24 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll + 2006-10-30 02:19:22 101,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll + 2006-10-30 02:18:04 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll + 2006-10-29 22:18:36 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll + 2006-10-29 22:19:30 1,103,872 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll + 2006-10-30 02:34:02 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe + 2006-10-30 02:33:58 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe + 2008-12-09 09:44:07 626,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe + 2008-12-09 09:44:07 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll + 2006-10-30 02:34:00 352,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll + 2006-10-30 02:34:00 151,552 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll + 2006-10-30 02:34:02 2,560 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll + 2006-10-30 02:34:02 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe + 2006-10-30 02:34:02 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll + 2006-10-30 02:34:00 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll + 2006-10-30 02:34:02 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe + 2006-10-30 02:34:02 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll + 2006-10-30 02:34:02 5,623,808 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll + 2006-10-30 02:34:00 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll + 2006-10-30 02:34:00 16,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll + 2006-10-30 02:34:02 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe + 2006-07-25 20:32:00 14,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe + 2006-10-20 15:08:52 797,696 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll + 2006-10-20 15:09:02 4,874,240 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll + 2006-10-20 13:03:40 2,628,608 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll + 2006-10-20 20:29:46 72,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll + 2006-10-20 20:21:24 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll + 2006-10-20 20:21:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe + 2006-10-20 20:29:52 106,272 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll + 2006-10-20 20:21:26 897,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll + 2006-10-20 20:21:26 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe + 2006-09-28 19:52:18 655,360 ----a-w c:\windows\system32\CDDBControl.dll + 2006-09-28 19:52:18 98,304 ----a-w c:\windows\system32\CddbLangDE.dll + 2006-09-28 19:52:18 98,304 ----a-w c:\windows\system32\CddbLangES.dll + 2006-09-28 19:52:18 98,304 ----a-w c:\windows\system32\CddbLangFR.dll + 2006-09-28 19:52:18 102,400 ----a-w c:\windows\system32\CddbLangIT.dll + 2006-09-28 19:52:18 77,824 ----a-w c:\windows\system32\CddbLangJA.dll + 2006-09-28 19:52:18 98,304 ----a-w c:\windows\system32\CddbLangNL.dll + 2006-09-28 19:52:18 765,952 ----a-w c:\windows\system32\CDDBUI.dll - 2008-07-14 10:18:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-01-02 00:26:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-07-11 12:01:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat + 2009-01-02 00:26:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat + 2009-01-02 00:26:34 52,736 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\18QICUEY\1[1].exe - 2008-07-11 12:01:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat + 2009-01-02 00:26:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat + 2006-10-14 15:43:18 27,648 -c----w c:\windows\system32\dllcache\FilterPipelinePrintProc.dll + 2006-10-14 15:44:44 671,744 -c----w c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe + 2006-10-14 19:21:58 580,352 -c----w c:\windows\system32\dllcache\XPSSHHDR.dll + 2006-10-14 19:22:00 1,698,048 -c----w c:\windows\system32\dllcache\XpsSvcs.dll + 2006-10-20 20:29:46 69,408 ----a-w c:\windows\system32\dxva2.dll + 2006-10-20 20:30:00 478,496 ----a-w c:\windows\system32\evr.dll - 2008-10-22 10:42:57 293,272 ----a-w c:\windows\system32\FNTCACHE.DAT + 2008-12-30 14:58:26 299,640 ----a-w c:\windows\system32\FNTCACHE.DAT + 2006-10-30 02:33:58 556,296 ----a-w c:\windows\system32\icardagt.exe + 2006-10-30 02:33:58 9,480 ----a-w c:\windows\system32\icardres.dll + 2006-10-30 02:33:58 83,968 ----a-w c:\windows\system32\infocardapi.dll + 2006-10-20 20:30:06 1,980,704 ----a-w c:\windows\system32\milcore.dll + 2006-09-28 19:53:16 344,064 ----a-w c:\windows\system32\msvcr70.dll - 2008-11-14 15:40:30 62,678 ----a-w c:\windows\system32\perfc009.dat + 2008-12-09 09:48:16 70,458 ----a-w c:\windows\system32\perfc009.dat - 2008-11-14 15:40:30 71,104 ----a-w c:\windows\system32\perfc014.dat + 2008-12-09 09:48:16 78,884 ----a-w c:\windows\system32\perfc014.dat - 2008-11-14 15:40:30 401,398 ----a-w c:\windows\system32\perfh009.dat + 2008-12-09 09:48:16 436,694 ----a-w c:\windows\system32\perfh009.dat - 2008-11-14 15:40:30 405,492 ----a-w c:\windows\system32\perfh014.dat + 2008-12-09 09:48:16 439,838 ----a-w c:\windows\system32\perfh014.dat + 2006-10-20 20:29:52 104,224 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll + 2006-10-20 20:29:58 344,352 ----a-w c:\windows\system32\PresentationHost.exe + 2006-10-20 20:29:46 20,768 ----a-w c:\windows\system32\PresentationHostProxy.dll + 2006-10-20 20:30:02 769,312 ----a-w c:\windows\system32\PresentationNative_v0300.dll + 2006-10-14 15:43:38 124,416 ------w c:\windows\system32\prntvpt.dll + 2006-08-24 15:15:06 150,808 ----a-w c:\windows\system32\rgb9rast_2.dll + 2006-10-14 15:43:18 751,104 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll + 2006-10-14 15:42:40 131,584 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll + 2006-10-14 19:22:00 1,698,048 ----a-w c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll + 2006-10-14 15:43:18 27,648 ----a-w c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll + 2006-10-14 15:44:44 671,744 ------w c:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe + 2006-10-14 16:13:02 34,304 ----a-w c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll + 2006-10-14 16:12:14 737,792 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll + 2006-10-14 19:09:04 2,946,304 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll + 2006-10-14 16:12:14 737,792 ----a-w c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll + 2006-10-14 19:09:04 2,946,304 ----a-w c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll + 2006-10-14 15:43:18 751,104 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll + 2006-10-14 19:22:00 1,698,048 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll + 2006-10-14 15:43:18 751,104 ----a-w c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll + 2006-10-14 19:22:00 1,698,048 ----a-w c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll + 2006-10-20 20:29:54 159,008 ----a-w c:\windows\system32\UIAutomationCore.dll + 2006-10-14 19:21:58 580,352 ------w c:\windows\system32\XPSSHHDR.dll + 2006-10-14 19:22:00 1,698,048 ------w c:\windows\system32\XpsSvcs.dll + 2006-10-20 20:29:54 304,928 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe - 2008-12-01 20:05:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1bc.dat + 2009-01-01 14:01:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1bc.dat + 2006-12-01 21:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-01 21:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 21:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 21:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-01 23:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-01 23:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-01 23:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-01 23:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-01 23:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-01 23:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-01 23:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-01 23:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-01 23:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll + 2007-11-06 19:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll + 2007-11-07 00:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll + 2007-11-07 00:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll . -- Snapshot resatt til dagens dato -- . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\progs\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-09 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-09 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-09 135168] "Norman ZANDA"="c:\progs\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "SigmatelSysTrayApp"="c:\progs\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progs\Common\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\progs\Common\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "SSConfig"="c:\sys.000\SW.exe" [2008-10-01 10489856] "ProcMon"="c:\sys.000\hostsw.exe" [2008-06-23 217088] "WinPatrol"="c:\progs\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-04-23 c:\windows\system32\advpack.dll] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableChangePassword"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-790525478-1644491937-682003330-62552\Scripts\Logon\0\0] "Script"=%logonserver%\netlogon\pwdcheck.bat [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Progs\\mIRC\\mirc.exe"= "c:\\Progs\\uTorrent\\uTorrent.exe"= "c:\\Users\\***********************\\Skrivebord\\Listchecker\\pickup.listchecker.exe"= "c:\\Progs\\Warcraft III\\Frozen Throne.exe"= "c:\\Progs\\Warcraft III\\Warcraft III.exe"= "c:\\Progs\\Atari\\Deer Hunter 2005\\DH2005.exe"= "c:\\Progs\\Java\\jre6\\bin\\javaw.exe"= "c:\\Progs\\Java\\jre6\\bin\\java.exe"= "c:\\Progs\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Progs\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Progs\\Garena\\Garena.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:wc3 "6112:UDP"= 6112:UDP:wc3 "6113:TCP"= 6113:TCP:wc3 "6113:UDP"= 6113:UDP:123 "6114:TCP"= 6114:TCP:45 "6114:UDP"= 6114:UDP:231523 "6115:TCP"= 6115:TCP:listchecker "6115:UDP"= 6115:UDP:listchecker "6111:TCP"= 6111:TCP:listchecker "6111:UDP"= 6111:UDP:listchecker R2 MASEL;Event Log Audit;c:\sys.000\Evl.exe [2008-07-10 126976] R2 Ndiskio;Ndiskio;\??\c:\progs\Norman\Nse\bin\NDISKIO.SYS [2008-07-11 20448] R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-01 38496] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512] R3 nsesvc;Norman Scanner Engine Service;"c:\progs\Norman\nse\bin\NSESVC.EXE" -daemon [2008-07-11 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2008-07-11 19512] R3 nvcoas;Norman Virus Control on-access component;"c:\progs\Norman\Nvc\bin\nvcoas.exe" [2008-07-11 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\progs\Norman\Nvc\BIN\NVCSCHED.EXE [2008-07-11 146488] S3 GarenaPEngine;GarenaPEngine;\??\c:\users\SEBAST~1.L\LOKALE~1\Temp\SKLD4.tmp [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7f0e0c1-4f42-11dd-aade-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe *Newly Created Service* - AEC *Newly Created Service* - ASYNCMAC *Newly Created Service* - MBAMSWISSARMY . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\progs\Microsoft IntelliPoint\ipoint.exe [2006-11-22 02:09] 2008-11-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\progs\Microsoft IntelliType Pro\itype.exe [2006-11-22 02:08] . . ------- Tilleggsskanning ------- . uStart Page = https://itsl.ntvgs.no/ uInternet Settings,ProxyOverride = <local> IE: E&ksporter til Microsoft Excel - c:\progs\MICROS~2\OFFICE11\EXCEL.EXE/3000 c:\windows\Downloaded Program Files\DirectEdit.dll - O16 -: DirectEdit hxxps://www.itslearning.com//file/DirectEdit.CAB c:\windows\Downloaded Program Files\OSD12D4.OSD FF - ProfilePath - c:\users\***********************\Programdata\Mozilla\Firefox\Profiles\145bttw6.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-02 02:00:56 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\users\SEBAST~1.L\LOKALE~1\Temp\SKLD4.tmp" . Tidspunkt ferdig: 2009-01-02 2:02:16 ComboFix-quarantined-files.txt 2009-01-02 01:01:50 ComboFix2.txt 2008-12-01 20:29:16 Pre-Run: 4,645,638,144 byte ledig Post-Run: 4,635,676,672 byte ledig 486 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:00, on 2009-01-02 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20815) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Progs\Norman\Npm\bin\ELOGSVC.EXE C:\Progs\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe C:\Progs\Java\jre6\bin\jqs.exe C:\SYS.000\Evl.exe C:\Progs\Common\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Progs\Dell\QuickSet\NICCONFIGSVC.exe C:\Progs\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Progs\Norman\Npm\bin\ZLH.EXE C:\Progs\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Progs\Common\InstallShield\UpdateService\issch.exe C:\SYS.000\SW.exe C:\SYS.000\hostsw.exe C:\Progs\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\ctfmon.exe C:\SYS.000\svpr.exe C:\Progs\Norman\nse\bin\NSESVC.EXE C:\Progs\Norman\Nvc\BIN\NIP.EXE C:\Progs\Norman\Nvc\bin\nvcoas.exe C:\Progs\Norman\Nvc\BIN\NVCSCHED.EXE C:\Progs\Norman\Nvc\bin\cclaw.exe C:\Progs\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\explorer.exe C:\Progs\Mozilla Firefox\firefox.exe C:\Progs\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://itsl.ntvgs.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Progs\Common\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Progs\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Progs\Common\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Progs\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Progs\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Progs\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\Progs\Common\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Progs\Common\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sSConfig] C:\SYS.000\SW.exe O4 - HKLM\..\Run: [ProcMon] C:\SYS.000\hostsw.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [WinPatrol] C:\Progs\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Progs\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\Progs\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Progs\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Progs\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Progs\Messenger\msmsgs.exe O16 - DPF: DirectEdit - https://www.itslearning.com//file/DirectEdit.CAB O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntvgs.no O17 - HKLM\Software\..\Telephony: DomainName = ntvgs.no O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntvgs.no O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Progs\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Progs\Java\jre6\bin\jqs.exe O23 - Service: Event Log Audit (MASEL) - CISL - C:\SYS.000\Evl.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Progs\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Progs\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Progs\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Progs\Norman\nse\bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Progs\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Progs\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Progs\WinPcap\rpcapd.exe -- End of file - 6738 bytes
raWrz Skrevet 2. januar 2009 Skrevet 2. januar 2009 hei kan du oppdatere Mbam under oppdaterings tabben og ta et nytt søk? hvis Mbam finner noe mer untatt cookies så tar du en ny runde med Combofix
hautainn Skrevet 2. januar 2009 Forfatter Skrevet 2. januar 2009 hei kan du oppdatere Mbam under oppdaterings tabben og ta et nytt søk? hvis Mbam finner noe mer untatt cookies så tar du en ny runde med Combofix Ja, vent litt
hautainn Skrevet 2. januar 2009 Forfatter Skrevet 2. januar 2009 Oppdaterte Mbam, men den fant ikke noe nytt. Ser du ut i fra de andre loggene om det er noe virus, spyware etc. på pc'n min? Malwarebytes' Anti-Malware 1.31Databaseversjon: 1596 Windows 5.1.2600 Service Pack 3 2009-01-02 17:30:48 mbam-log-2009-01-02 (17-30-48).txt Skanntype: Rask Skann Objekter skannet: 57748 Tid tilbakelagt: 4 minute(s), 18 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet)
raWrz Skrevet 2. januar 2009 Skrevet 2. januar 2009 Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: c:\windows\system32\wvc1dmod.dll c:\windows\system32\vp7vfw.dll c:\windows\system32\drv23260.dll c:\windows\system32\cook3260.dll Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre.
hautainn Skrevet 2. januar 2009 Forfatter Skrevet 2. januar 2009 c:\windows\system32\wvc1dmod.dllScan taken on 02 Jan 2009 17:16:20 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing c:\windows\system32\vp7vfw.dllScan taken on 02 Jan 2009 17:12:21 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing c:\windows\system32\drv23260.dllScan taken on 02 Jan 2009 17:12:31 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing c:\windows\system32\cook3260.dllScan taken on 02 Jan 2009 17:13:34 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing
raWrz Skrevet 2. januar 2009 Skrevet 2. januar 2009 Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: Driver:: SKLD4 Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.
hautainn Skrevet 2. januar 2009 Forfatter Skrevet 2. januar 2009 ComboFix 09-01-01.02 - ************* 2009-01-02 20:42:02.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1014.537 [GMT 1:00] Kjører fra: c:\users\*************\Skrivebord\ComboFix.exe Command switches brukt :: c:\users\*************\Skrivebord\CFScript.txt * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-02 til 2009-01-02 ))))))))))))))))))))))))))))))))) . 2009-01-02 01:29 . 2009-01-02 20:38 <DIR> dr-h----- c:\users\*************\Siste 2008-12-29 23:05 . 2008-12-30 23:48 <DIR> d-------- c:\progs\Garena 2008-12-29 14:11 . 2009-01-02 20:29 <DIR> d-------- c:\users\*************\Tracing 2008-12-29 14:09 . 2008-12-29 14:09 <DIR> d-------- c:\progs\Windows Live SkyDrive 2008-12-29 14:09 . 2008-12-29 14:09 <DIR> d-------- c:\progs\Microsoft 2008-12-29 14:03 . 2008-12-29 14:03 <DIR> d-------- c:\progs\Common\Windows Live 2008-12-25 12:54 . 2008-12-25 16:54 <DIR> d-------- c:\users\*************\Programdata\dvdcss 2008-12-21 04:52 . 2008-12-21 04:52 <DIR> d-------- c:\progs\NeoDownloader 2008-12-20 19:20 . 2008-12-20 19:20 <DIR> d-------- c:\progs\Atari 2008-12-18 15:12 . 2008-12-18 20:14 <DIR> d-------- c:\users\*************\Programdata\Vso 2008-12-18 15:12 . 2008-12-18 15:12 <DIR> d-------- c:\progs\VSO 2008-12-18 15:12 . 2004-05-04 12:53 1,645,320 --a------ c:\windows\gdiplus.dll 2008-12-18 15:12 . 2006-05-20 17:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll 2008-12-18 15:12 . 2006-05-11 20:21 626,688 --a------ c:\windows\system32\vp7vfw.dll 2008-12-18 15:12 . 2006-09-29 13:24 217,127 --a------ c:\windows\system32\drv43260.dll 2008-12-18 15:12 . 2006-09-29 13:25 208,935 --a------ c:\windows\system32\drv33260.dll 2008-12-18 15:12 . 2006-09-29 13:26 176,165 --a------ c:\windows\system32\drv23260.dll 2008-12-18 15:12 . 2007-03-18 21:37 65,602 --a------ c:\windows\system32\cook3260.dll 2008-12-18 15:12 . 2008-12-18 15:12 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-12-18 15:12 . 2008-12-18 15:12 47,360 --a------ c:\users\*************\Programdata\pcouffin.sys 2008-12-16 17:51 . 2008-12-16 17:51 <DIR> d-------- c:\users\*************\Programdata\NeoDownloader 2008-12-15 19:00 . 1994-09-21 02:00 12,800 --a------ c:\windows\system\WING32.DLL 2008-12-15 18:59 . 2008-12-15 18:59 <DIR> d-------- c:\progs\3DO 2008-12-15 18:59 . 1994-09-21 02:00 12,800 --a------ c:\windows\system32\WING32.DLL 2008-12-15 18:58 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-12-10 14:24 . 2008-12-10 14:24 <DIR> d-------- c:\users\*************\Programdata\WinPatrol 2008-12-10 14:23 . 2008-12-10 14:23 <DIR> d-------- c:\progs\BillP Studios 2008-12-09 11:16 . 2008-12-09 11:16 <DIR> d-------- c:\users\*************\Programdata\Apple Computer 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\users\All Users\Programdata\Apple Computer 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\progs\QuickTime 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\progs\Common\Apple 2008-12-09 11:12 . 2008-12-09 11:12 <DIR> d-------- c:\users\All Users\Programdata\Apple 2008-12-09 11:12 . 2008-12-09 11:12 <DIR> d-------- c:\progs\Apple Software Update 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\users\*************\Programdata\Sony 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\users\*************\Programdata\Publish Providers 2008-12-09 11:04 . 2008-12-09 11:31 <DIR> d-a------ c:\users\All Users\Programdata\TEMP 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\progs\VSTplugins 2008-12-09 10:57 . 2008-12-09 10:57 <DIR> d-------- c:\users\All Users\Programdata\Sony 2008-12-09 10:57 . 2008-12-09 10:57 <DIR> d-------- c:\progs\Sony 2008-12-09 10:47 . 2008-12-09 10:47 <DIR> d-------- c:\progs\MSBuild 2008-12-09 10:45 . 2008-12-09 10:45 <DIR> d-------- c:\users\All Users\Programdata\Messenger Plus! 2008-12-09 10:45 . 2008-12-23 18:14 <DIR> d-------- c:\progs\StuffPlug3 2008-12-09 10:44 . 2008-12-09 10:44 <DIR> d-------- c:\windows\system32\XPSViewer 2008-12-09 10:44 . 2008-12-09 10:44 <DIR> d-------- c:\progs\Reference Assemblies 2008-12-09 10:43 . 2008-12-09 11:48 <DIR> d-------- c:\progs\Messenger Plus! Live 2008-12-09 10:43 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-12-09 10:35 . 2008-12-09 10:36 <DIR> d-------- c:\users\*************\Programdata\Sony Setup 2008-12-09 10:35 . 2008-12-09 10:35 <DIR> d-------- c:\progs\Sony Setup 2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-02 18:30 --------- d-----w c:\users\*************\Programdata\NoNameScript 2009-01-02 16:12 --------- d-----w c:\progs\Malwarebytes' Anti-Malware 2009-01-02 16:10 --------- d-----w c:\users\*************\Programdata\foobar2000 2009-01-02 15:47 31 ----a-w c:\users\*************\jagex_runescape_preferences.dat 2009-01-02 13:12 --------- d-----w c:\progs\mIRC 2009-01-01 20:19 --------- d-----w c:\progs\Warcraft III 2009-01-01 14:01 --------- d-----w c:\progs\Norman 2008-12-29 22:05 --------- d--h--w c:\progs\InstallShield Installation Information 2008-12-29 13:08 --------- d-----w c:\progs\Windows Live 2008-12-28 22:03 --------- d-----w c:\users\*************\Programdata\uTorrent 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-01 19:57 --------- d-----w c:\progs\Trend Micro 2008-12-01 19:37 --------- d-----w c:\users\*************\Programdata\Malwarebytes 2008-12-01 19:37 --------- d-----w c:\users\All Users\Programdata\Malwarebytes 2008-11-28 20:41 --------- d-----w c:\progs\WC3Banlist 2008-11-17 15:44 --------- d-----w c:\progs\WinPcap 2008-11-17 15:38 2,829 ----a-w c:\windows\War3Unin.pif 2008-11-17 15:38 139,264 ----a-w c:\windows\War3Unin.exe 2008-11-16 02:01 --------- d-----w c:\users\*************\Programdata\vlc 2008-11-16 02:00 --------- d-----w c:\progs\VideoLAN 2008-11-15 19:17 --------- d-----w c:\progs\DAEMON Tools Lite 2008-11-15 19:11 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-15 19:11 --------- d-----w c:\users\*************\Programdata\DAEMON Tools 2008-11-15 17:41 --------- d-----w c:\progs\DVD Decrypter 2008-11-15 15:54 --------- d-----w c:\progs\Microsoft IntelliType Pro 2008-11-15 15:54 --------- d-----w c:\progs\Microsoft IntelliPoint 2008-11-15 15:48 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-11-15 15:48 --------- d-----w c:\progs\Java 2008-11-15 00:05 --------- d-----w c:\users\*************\Programdata\teamspeak2 2008-11-15 00:05 --------- d-----w c:\progs\Teamspeak2_RC2 2008-11-14 13:38 --------- d-----w c:\progs\uTorrent 2008-11-14 13:18 --------- d-----w c:\progs\foobar2000 2008-11-14 07:17 --------- d-----w c:\progs\Spybot - Search & Destroy 2008-11-13 10:45 --------- d-----w c:\users\*************\Programdata\mIRC 2008-11-13 10:27 --------- d-----w c:\progs\CCleaner 2008-11-13 10:23 --------- dcsh--w c:\progs\Common\WindowsLiveInstaller 2008-11-13 10:20 --------- d-----w c:\users\All Users\Programdata\Spybot - Search & Destroy 2008-11-13 10:16 --------- d-----w c:\users\All Users\Programdata\WLInstaller 2008-11-13 10:13 --------- d-----w c:\progs\TeaTimer (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\SDHelper (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\Misc. Support Library (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\File Scanner Library (Spybot - Search & Destroy) 2008-10-22 10:32 268,435,456 --sha-w C:\WinPEpge.sys 2008-07-11 12:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008071120080712\index.dat 2008-07-14 10:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Programdata\Microsoft\Internet Explorer\UserData\index.dat . ((((((((((((((((((((((((((((( snapshot_2009-01-02_ 2.01.18.39 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-24 18:07:27 101,991 ----a-w c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat + 2009-01-02 14:15:04 101,991 ----a-w c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat - 2009-01-01 20:38:51 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll + 2009-01-02 14:09:40 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll - 2009-01-01 20:38:51 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll + 2009-01-02 14:09:40 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\progs\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-09 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-09 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-09 135168] "Norman ZANDA"="c:\progs\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "SigmatelSysTrayApp"="c:\progs\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progs\Common\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\progs\Common\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "SSConfig"="c:\sys.000\SW.exe" [2008-10-01 10489856] "ProcMon"="c:\sys.000\hostsw.exe" [2008-06-23 217088] "WinPatrol"="c:\progs\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-04-23 c:\windows\system32\advpack.dll] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableChangePassword"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-790525478-1644491937-682003330-62552\Scripts\Logon\0\0] "Script"=%logonserver%\netlogon\pwdcheck.bat [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Progs\\mIRC\\mirc.exe"= "c:\\Progs\\uTorrent\\uTorrent.exe"= "c:\\Users\\*************\\Skrivebord\\Listchecker\\pickup.listchecker.exe"= "c:\\Progs\\Warcraft III\\Frozen Throne.exe"= "c:\\Progs\\Warcraft III\\Warcraft III.exe"= "c:\\Progs\\Atari\\Deer Hunter 2005\\DH2005.exe"= "c:\\Progs\\Java\\jre6\\bin\\javaw.exe"= "c:\\Progs\\Java\\jre6\\bin\\java.exe"= "c:\\Progs\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Progs\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Progs\\Garena\\Garena.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:wc3 "6112:UDP"= 6112:UDP:wc3 "6113:TCP"= 6113:TCP:wc3 "6113:UDP"= 6113:UDP:123 "6114:TCP"= 6114:TCP:45 "6114:UDP"= 6114:UDP:231523 "6115:TCP"= 6115:TCP:listchecker "6115:UDP"= 6115:UDP:listchecker "6111:TCP"= 6111:TCP:listchecker "6111:UDP"= 6111:UDP:listchecker R2 MASEL;Event Log Audit;c:\sys.000\Evl.exe [2008-07-10 126976] R2 Ndiskio;Ndiskio;\??\c:\progs\Norman\Nse\bin\NDISKIO.SYS [2008-07-11 20448] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512] R3 nsesvc;Norman Scanner Engine Service;"c:\progs\Norman\nse\bin\NSESVC.EXE" -daemon [2008-07-11 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2008-07-11 19512] R3 nvcoas;Norman Virus Control on-access component;"c:\progs\Norman\Nvc\bin\nvcoas.exe" [2008-07-11 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\progs\Norman\Nvc\BIN\NVCSCHED.EXE [2008-07-11 146488] S3 GarenaPEngine;GarenaPEngine;\??\c:\users\SEBAST~1.L\LOKALE~1\Temp\SKLD4.tmp [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7f0e0c1-4f42-11dd-aade-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe *Newly Created Service* - AEC *Newly Created Service* - ASYNCMAC *Newly Created Service* - MBAMSWISSARMY . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\progs\Microsoft IntelliPoint\ipoint.exe [2006-11-22 02:09] 2008-11-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\progs\Microsoft IntelliType Pro\itype.exe [2006-11-22 02:08] . . ------- Tilleggsskanning ------- . uStart Page = https://itsl.ntvgs.no/ uInternet Settings,ProxyOverride = <local> IE: E&ksporter til Microsoft Excel - c:\progs\MICROS~2\OFFICE11\EXCEL.EXE/3000 c:\windows\Downloaded Program Files\DirectEdit.dll - O16 -: DirectEdit hxxps://www.itslearning.com//file/DirectEdit.CAB c:\windows\Downloaded Program Files\OSD12D4.OSD FF - ProfilePath - c:\users\*************\Programdata\Mozilla\Firefox\Profiles\145bttw6.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-02 20:43:57 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\users\SEBAST~1.L\LOKALE~1\Temp\SKLD4.tmp" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(936) c:\windows\system32\igfxdev.dll . Tidspunkt ferdig: 2009-01-02 20:44:49 ComboFix-quarantined-files.txt 2009-01-02 19:44:46 ComboFix2.txt 2009-01-02 01:02:17 ComboFix3.txt 2008-12-01 20:29:16 Pre-Run: 4,468,637,696 byte ledig Post-Run: 4,458,561,536 byte ledig 224
raWrz Skrevet 2. januar 2009 Skrevet 2. januar 2009 gjorde du det med notis blokk og dra over? fila finnes fremdeles
hautainn Skrevet 3. januar 2009 Forfatter Skrevet 3. januar 2009 Usikker på hva du mener. Gjorde det en gang til. Kjørte .txt fila (med kopiert tekst) i Combofix. .txt fila forsvant ComboFix 09-01-01.02 - ******* 2009-01-03 5:48:54.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1014.539 [GMT 1:00] Kjører fra: c:\users\*******\Skrivebord\ComboFix.exe Command switches brukt :: c:\users\*******\Skrivebord\CFScript.txt * Opprettet nytt gjenopprettingspunkt * Resident AV is active . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-03 til 2009-01-03 ))))))))))))))))))))))))))))))))) . 2009-01-02 01:29 . 2009-01-03 05:47 <DIR> dr-h----- c:\users\*******\Siste 2008-12-29 23:05 . 2008-12-30 23:48 <DIR> d-------- c:\progs\Garena 2008-12-29 14:11 . 2009-01-02 20:47 <DIR> d-------- c:\users\*******\Tracing 2008-12-29 14:09 . 2008-12-29 14:09 <DIR> d-------- c:\progs\Windows Live SkyDrive 2008-12-29 14:09 . 2008-12-29 14:09 <DIR> d-------- c:\progs\Microsoft 2008-12-29 14:03 . 2008-12-29 14:03 <DIR> d-------- c:\progs\Common\Windows Live 2008-12-25 12:54 . 2008-12-25 16:54 <DIR> d-------- c:\users\*******\Programdata\dvdcss 2008-12-21 04:52 . 2008-12-21 04:52 <DIR> d-------- c:\progs\NeoDownloader 2008-12-20 19:20 . 2008-12-20 19:20 <DIR> d-------- c:\progs\Atari 2008-12-18 15:12 . 2008-12-18 20:14 <DIR> d-------- c:\users\*******\Programdata\Vso 2008-12-18 15:12 . 2008-12-18 15:12 <DIR> d-------- c:\progs\VSO 2008-12-18 15:12 . 2004-05-04 12:53 1,645,320 --a------ c:\windows\gdiplus.dll 2008-12-18 15:12 . 2006-05-20 17:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll 2008-12-18 15:12 . 2006-05-11 20:21 626,688 --a------ c:\windows\system32\vp7vfw.dll 2008-12-18 15:12 . 2006-09-29 13:24 217,127 --a------ c:\windows\system32\drv43260.dll 2008-12-18 15:12 . 2006-09-29 13:25 208,935 --a------ c:\windows\system32\drv33260.dll 2008-12-18 15:12 . 2006-09-29 13:26 176,165 --a------ c:\windows\system32\drv23260.dll 2008-12-18 15:12 . 2007-03-18 21:37 65,602 --a------ c:\windows\system32\cook3260.dll 2008-12-18 15:12 . 2008-12-18 15:12 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-12-18 15:12 . 2008-12-18 15:12 47,360 --a------ c:\users\*******\Programdata\pcouffin.sys 2008-12-16 17:51 . 2008-12-16 17:51 <DIR> d-------- c:\users\*******\Programdata\NeoDownloader 2008-12-15 19:00 . 1994-09-21 02:00 12,800 --a------ c:\windows\system\WING32.DLL 2008-12-15 18:59 . 2008-12-15 18:59 <DIR> d-------- c:\progs\3DO 2008-12-15 18:59 . 1994-09-21 02:00 12,800 --a------ c:\windows\system32\WING32.DLL 2008-12-15 18:58 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-12-10 14:24 . 2008-12-10 14:24 <DIR> d-------- c:\users\*******\Programdata\WinPatrol 2008-12-10 14:23 . 2008-12-10 14:23 <DIR> d-------- c:\progs\BillP Studios 2008-12-09 11:16 . 2008-12-09 11:16 <DIR> d-------- c:\users\*******\Programdata\Apple Computer 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\users\All Users\Programdata\Apple Computer 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\progs\QuickTime 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\progs\Common\Apple 2008-12-09 11:12 . 2008-12-09 11:12 <DIR> d-------- c:\users\All Users\Programdata\Apple 2008-12-09 11:12 . 2008-12-09 11:12 <DIR> d-------- c:\progs\Apple Software Update 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\users\*******\Programdata\Sony 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\users\*******\Programdata\Publish Providers 2008-12-09 11:04 . 2008-12-09 11:31 <DIR> d-a------ c:\users\All Users\Programdata\TEMP 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\progs\VSTplugins 2008-12-09 10:57 . 2008-12-09 10:57 <DIR> d-------- c:\users\All Users\Programdata\Sony 2008-12-09 10:57 . 2008-12-09 10:57 <DIR> d-------- c:\progs\Sony 2008-12-09 10:47 . 2008-12-09 10:47 <DIR> d-------- c:\progs\MSBuild 2008-12-09 10:45 . 2008-12-09 10:45 <DIR> d-------- c:\users\All Users\Programdata\Messenger Plus! 2008-12-09 10:45 . 2008-12-23 18:14 <DIR> d-------- c:\progs\StuffPlug3 2008-12-09 10:44 . 2008-12-09 10:44 <DIR> d-------- c:\windows\system32\XPSViewer 2008-12-09 10:44 . 2008-12-09 10:44 <DIR> d-------- c:\progs\Reference Assemblies 2008-12-09 10:43 . 2008-12-09 11:48 <DIR> d-------- c:\progs\Messenger Plus! Live 2008-12-09 10:43 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-12-09 10:35 . 2008-12-09 10:36 <DIR> d-------- c:\users\*******\Programdata\Sony Setup 2008-12-09 10:35 . 2008-12-09 10:35 <DIR> d-------- c:\progs\Sony Setup . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-02 20:49 --------- d-----w c:\progs\Warcraft III 2009-01-02 18:30 --------- d-----w c:\users\*******\Programdata\NoNameScript 2009-01-02 16:12 --------- d-----w c:\progs\Malwarebytes' Anti-Malware 2009-01-02 16:10 --------- d-----w c:\users\*******\Programdata\foobar2000 2009-01-02 15:47 31 ----a-w c:\users\*******\jagex_runescape_preferences.dat 2009-01-02 13:12 --------- d-----w c:\progs\mIRC 2009-01-01 14:01 --------- d-----w c:\progs\Norman 2008-12-29 22:05 --------- d--h--w c:\progs\InstallShield Installation Information 2008-12-29 13:08 --------- d-----w c:\progs\Windows Live 2008-12-28 22:03 --------- d-----w c:\users\*******\Programdata\uTorrent 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-12-01 19:57 --------- d-----w c:\progs\Trend Micro 2008-12-01 19:37 --------- d-----w c:\users\*******\Programdata\Malwarebytes 2008-12-01 19:37 --------- d-----w c:\users\All Users\Programdata\Malwarebytes 2008-11-28 20:41 --------- d-----w c:\progs\WC3Banlist 2008-11-17 15:44 --------- d-----w c:\progs\WinPcap 2008-11-17 15:38 2,829 ----a-w c:\windows\War3Unin.pif 2008-11-17 15:38 139,264 ----a-w c:\windows\War3Unin.exe 2008-11-16 02:01 --------- d-----w c:\users\*******\Programdata\vlc 2008-11-16 02:00 --------- d-----w c:\progs\VideoLAN 2008-11-15 19:17 --------- d-----w c:\progs\DAEMON Tools Lite 2008-11-15 19:11 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-15 19:11 --------- d-----w c:\users\*******\Programdata\DAEMON Tools 2008-11-15 17:41 --------- d-----w c:\progs\DVD Decrypter 2008-11-15 15:54 --------- d-----w c:\progs\Microsoft IntelliType Pro 2008-11-15 15:54 --------- d-----w c:\progs\Microsoft IntelliPoint 2008-11-15 15:48 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-11-15 15:48 --------- d-----w c:\progs\Java 2008-11-15 00:05 --------- d-----w c:\users\*******\Programdata\teamspeak2 2008-11-15 00:05 --------- d-----w c:\progs\Teamspeak2_RC2 2008-11-14 13:38 --------- d-----w c:\progs\uTorrent 2008-11-14 13:18 --------- d-----w c:\progs\foobar2000 2008-11-14 07:17 --------- d-----w c:\progs\Spybot - Search & Destroy 2008-11-13 10:45 --------- d-----w c:\users\*******\Programdata\mIRC 2008-11-13 10:27 --------- d-----w c:\progs\CCleaner 2008-11-13 10:23 --------- dcsh--w c:\progs\Common\WindowsLiveInstaller 2008-11-13 10:20 --------- d-----w c:\users\All Users\Programdata\Spybot - Search & Destroy 2008-11-13 10:16 --------- d-----w c:\users\All Users\Programdata\WLInstaller 2008-11-13 10:13 --------- d-----w c:\progs\TeaTimer (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\SDHelper (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\Misc. Support Library (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\File Scanner Library (Spybot - Search & Destroy) 2008-10-22 10:32 268,435,456 --sha-w C:\WinPEpge.sys 2008-07-11 12:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008071120080712\index.dat 2008-07-14 10:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Programdata\Microsoft\Internet Explorer\UserData\index.dat . ((((((((((((((((((((((((((((( snapshot_2009-01-02_ 2.01.18.39 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-24 18:07:27 101,991 ----a-w c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat + 2009-01-02 14:15:04 101,991 ----a-w c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat - 2009-01-01 20:38:51 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll + 2009-01-02 14:09:40 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll - 2009-01-01 20:38:51 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll + 2009-01-02 14:09:40 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\progs\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-09 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-09 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-09 135168] "Norman ZANDA"="c:\progs\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "SigmatelSysTrayApp"="c:\progs\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progs\Common\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\progs\Common\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "SSConfig"="c:\sys.000\SW.exe" [2008-10-01 10489856] "ProcMon"="c:\sys.000\hostsw.exe" [2008-06-23 217088] "WinPatrol"="c:\progs\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-04-23 c:\windows\system32\advpack.dll] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableChangePassword"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-790525478-1644491937-682003330-62552\Scripts\Logon\0\0] "Script"=%logonserver%\netlogon\pwdcheck.bat [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Progs\\mIRC\\mirc.exe"= "c:\\Progs\\uTorrent\\uTorrent.exe"= "c:\\Users\\*******\\Skrivebord\\Listchecker\\pickup.listchecker.exe"= "c:\\Progs\\Warcraft III\\Frozen Throne.exe"= "c:\\Progs\\Warcraft III\\Warcraft III.exe"= "c:\\Progs\\Atari\\Deer Hunter 2005\\DH2005.exe"= "c:\\Progs\\Java\\jre6\\bin\\javaw.exe"= "c:\\Progs\\Java\\jre6\\bin\\java.exe"= "c:\\Progs\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Progs\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Progs\\Garena\\Garena.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:wc3 "6112:UDP"= 6112:UDP:wc3 "6113:TCP"= 6113:TCP:wc3 "6113:UDP"= 6113:UDP:123 "6114:TCP"= 6114:TCP:45 "6114:UDP"= 6114:UDP:231523 "6115:TCP"= 6115:TCP:listchecker "6115:UDP"= 6115:UDP:listchecker "6111:TCP"= 6111:TCP:listchecker "6111:UDP"= 6111:UDP:listchecker R2 MASEL;Event Log Audit;c:\sys.000\Evl.exe [2008-07-10 126976] R2 Ndiskio;Ndiskio;\??\c:\progs\Norman\Nse\bin\NDISKIO.SYS [2008-07-11 20448] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512] R3 nsesvc;Norman Scanner Engine Service;"c:\progs\Norman\nse\bin\NSESVC.EXE" -daemon [2008-07-11 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2008-07-11 19512] R3 nvcoas;Norman Virus Control on-access component;"c:\progs\Norman\Nvc\bin\nvcoas.exe" [2008-07-11 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\progs\Norman\Nvc\BIN\NVCSCHED.EXE [2008-07-11 146488] S3 GarenaPEngine;GarenaPEngine;\??\c:\users\SEBAST~1.L\LOKALE~1\Temp\SKLD4.tmp [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7f0e0c1-4f42-11dd-aade-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe *Newly Created Service* - AEC *Newly Created Service* - ASYNCMAC *Newly Created Service* - MBAMSWISSARMY . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\progs\Microsoft IntelliPoint\ipoint.exe [2006-11-22 02:09] 2008-11-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\progs\Microsoft IntelliType Pro\itype.exe [2006-11-22 02:08] . . ------- Tilleggsskanning ------- . uStart Page = https://itsl.ntvgs.no/ uInternet Settings,ProxyOverride = <local> IE: E&ksporter til Microsoft Excel - c:\progs\MICROS~2\OFFICE11\EXCEL.EXE/3000 c:\windows\Downloaded Program Files\DirectEdit.dll - O16 -: DirectEdit hxxps://www.itslearning.com//file/DirectEdit.CAB c:\windows\Downloaded Program Files\OSD12D4.OSD FF - ProfilePath - c:\users\*******\Programdata\Mozilla\Firefox\Profiles\145bttw6.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-03 05:50:44 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\users\SEBAST~1.L\LOKALE~1\Temp\SKLD4.tmp" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(936) c:\windows\system32\igfxdev.dll . Tidspunkt ferdig: 2009-01-03 5:51:34 ComboFix-quarantined-files.txt 2009-01-03 04:51:31 ComboFix2.txt 2009-01-02 19:44:50 ComboFix3.txt 2009-01-02 01:02:17 ComboFix4.txt 2008-12-01 20:29:16 Pre-Run: 4,551,069,696 byte ledig Post-Run: 4,540,354,560 byte ledig 225
snippsat Skrevet 3. januar 2009 Skrevet 3. januar 2009 Ja hjelper til litt. Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: c:\users\SEBAST~1.L\LOKALE~1\Temp\SKLD4.tmp Driver:: GarenaPEngine Registry:: [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine] "ImagePath"=-
hautainn Skrevet 5. januar 2009 Forfatter Skrevet 5. januar 2009 Gjør som dere forklarer, men i det jeg trekker CFScript.txt over på Combofix.exe får jeg beskjed om at det finnes en nyere versjon av Combofix tilgjengelig.. Regner med at jeg skal kjøre denne oppdateringen?
hautainn Skrevet 5. januar 2009 Forfatter Skrevet 5. januar 2009 ComboFix 09-01-04.01 - ********* 2009-01-05 12:11:05.5 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1014.585 [GMT 1:00] Kjører fra: c:\users\*********\Skrivebord\ComboFix.exe Command switches brukt :: c:\users\*********\Skrivebord\CFScript.txt * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-05 til 2009-01-05 ))))))))))))))))))))))))))))))))) . 2009-01-02 01:29 . 2009-01-05 12:05 <DIR> dr-h----- c:\users\*********\Siste 2008-12-29 23:05 . 2008-12-30 23:48 <DIR> d-------- c:\progs\Garena 2008-12-29 14:11 . 2009-01-05 11:58 <DIR> d-------- c:\users\*********\Tracing 2008-12-29 14:09 . 2008-12-29 14:09 <DIR> d-------- c:\progs\Windows Live SkyDrive 2008-12-29 14:09 . 2008-12-29 14:09 <DIR> d-------- c:\progs\Microsoft 2008-12-29 14:03 . 2008-12-29 14:03 <DIR> d-------- c:\progs\Common\Windows Live 2008-12-25 12:54 . 2008-12-25 16:54 <DIR> d-------- c:\users\*********\Programdata\dvdcss 2008-12-21 04:52 . 2008-12-21 04:52 <DIR> d-------- c:\progs\NeoDownloader 2008-12-20 19:20 . 2008-12-20 19:20 <DIR> d-------- c:\progs\Atari 2008-12-18 15:12 . 2008-12-18 20:14 <DIR> d-------- c:\users\*********\Programdata\Vso 2008-12-18 15:12 . 2008-12-18 15:12 <DIR> d-------- c:\progs\VSO 2008-12-18 15:12 . 2004-05-04 12:53 1,645,320 --a------ c:\windows\gdiplus.dll 2008-12-18 15:12 . 2006-05-20 17:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll 2008-12-18 15:12 . 2006-05-11 20:21 626,688 --a------ c:\windows\system32\vp7vfw.dll 2008-12-18 15:12 . 2006-09-29 13:24 217,127 --a------ c:\windows\system32\drv43260.dll 2008-12-18 15:12 . 2006-09-29 13:25 208,935 --a------ c:\windows\system32\drv33260.dll 2008-12-18 15:12 . 2006-09-29 13:26 176,165 --a------ c:\windows\system32\drv23260.dll 2008-12-18 15:12 . 2007-03-18 21:37 65,602 --a------ c:\windows\system32\cook3260.dll 2008-12-18 15:12 . 2008-12-18 15:12 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-12-18 15:12 . 2008-12-18 15:12 47,360 --a------ c:\users\*********\Programdata\pcouffin.sys 2008-12-16 17:51 . 2008-12-16 17:51 <DIR> d-------- c:\users\*********\Programdata\NeoDownloader 2008-12-15 19:00 . 1994-09-21 02:00 12,800 --a------ c:\windows\system\WING32.DLL 2008-12-15 18:59 . 2008-12-15 18:59 <DIR> d-------- c:\progs\3DO 2008-12-15 18:59 . 1994-09-21 02:00 12,800 --a------ c:\windows\system32\WING32.DLL 2008-12-15 18:58 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-12-10 14:24 . 2008-12-10 14:24 <DIR> d-------- c:\users\*********\Programdata\WinPatrol 2008-12-10 14:23 . 2008-12-10 14:23 <DIR> d-------- c:\progs\BillP Studios 2008-12-09 11:16 . 2008-12-09 11:16 <DIR> d-------- c:\users\*********\Programdata\Apple Computer 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\users\All Users\Programdata\Apple Computer 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\progs\QuickTime 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\progs\Common\Apple 2008-12-09 11:12 . 2008-12-09 11:12 <DIR> d-------- c:\users\All Users\Programdata\Apple 2008-12-09 11:12 . 2008-12-09 11:12 <DIR> d-------- c:\progs\Apple Software Update 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\users\*********\Programdata\Sony 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\users\*********\Programdata\Publish Providers 2008-12-09 11:04 . 2008-12-09 11:31 <DIR> d-a------ c:\users\All Users\Programdata\TEMP 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\progs\VSTplugins 2008-12-09 10:57 . 2008-12-09 10:57 <DIR> d-------- c:\users\All Users\Programdata\Sony 2008-12-09 10:57 . 2008-12-09 10:57 <DIR> d-------- c:\progs\Sony 2008-12-09 10:47 . 2008-12-09 10:47 <DIR> d-------- c:\progs\MSBuild 2008-12-09 10:45 . 2008-12-09 10:45 <DIR> d-------- c:\users\All Users\Programdata\Messenger Plus! 2008-12-09 10:45 . 2008-12-23 18:14 <DIR> d-------- c:\progs\StuffPlug3 2008-12-09 10:44 . 2008-12-09 10:44 <DIR> d-------- c:\windows\system32\XPSViewer 2008-12-09 10:44 . 2008-12-09 10:44 <DIR> d-------- c:\progs\Reference Assemblies 2008-12-09 10:43 . 2008-12-09 11:48 <DIR> d-------- c:\progs\Messenger Plus! Live 2008-12-09 10:43 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-12-09 10:35 . 2008-12-09 10:36 <DIR> d-------- c:\users\*********\Programdata\Sony Setup 2008-12-09 10:35 . 2008-12-09 10:35 <DIR> d-------- c:\progs\Sony Setup . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-05 10:56 --------- d-----w c:\progs\Norman 2009-01-04 20:01 --------- d-----w c:\users\*********\Programdata\NoNameScript 2009-01-04 19:19 31 ----a-w c:\users\*********\jagex_runescape_preferences.dat 2009-01-04 17:58 --------- d-----w c:\progs\mIRC 2009-01-02 20:49 --------- d-----w c:\progs\Warcraft III 2009-01-02 16:12 --------- d-----w c:\progs\Malwarebytes' Anti-Malware 2009-01-02 16:10 --------- d-----w c:\users\*********\Programdata\foobar2000 2008-12-29 22:05 --------- d--h--w c:\progs\InstallShield Installation Information 2008-12-29 13:08 --------- d-----w c:\progs\Windows Live 2008-12-28 22:03 --------- d-----w c:\users\*********\Programdata\uTorrent 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-12-01 19:57 --------- d-----w c:\progs\Trend Micro 2008-12-01 19:37 --------- d-----w c:\users\*********\Programdata\Malwarebytes 2008-12-01 19:37 --------- d-----w c:\users\All Users\Programdata\Malwarebytes 2008-11-28 20:41 --------- d-----w c:\progs\WC3Banlist 2008-11-17 15:44 --------- d-----w c:\progs\WinPcap 2008-11-17 15:38 2,829 ----a-w c:\windows\War3Unin.pif 2008-11-17 15:38 139,264 ----a-w c:\windows\War3Unin.exe 2008-11-16 02:01 --------- d-----w c:\users\*********\Programdata\vlc 2008-11-16 02:00 --------- d-----w c:\progs\VideoLAN 2008-11-15 19:17 --------- d-----w c:\progs\DAEMON Tools Lite 2008-11-15 19:11 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-15 19:11 --------- d-----w c:\users\*********\Programdata\DAEMON Tools 2008-11-15 17:41 --------- d-----w c:\progs\DVD Decrypter 2008-11-15 15:54 --------- d-----w c:\progs\Microsoft IntelliType Pro 2008-11-15 15:54 --------- d-----w c:\progs\Microsoft IntelliPoint 2008-11-15 15:48 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-11-15 15:48 --------- d-----w c:\progs\Java 2008-11-15 00:05 --------- d-----w c:\users\*********\Programdata\teamspeak2 2008-11-15 00:05 --------- d-----w c:\progs\Teamspeak2_RC2 2008-11-14 13:38 --------- d-----w c:\progs\uTorrent 2008-11-14 13:18 --------- d-----w c:\progs\foobar2000 2008-11-14 07:17 --------- d-----w c:\progs\Spybot - Search & Destroy 2008-11-13 10:45 --------- d-----w c:\users\*********\Programdata\mIRC 2008-11-13 10:27 --------- d-----w c:\progs\CCleaner 2008-11-13 10:23 --------- dcsh--w c:\progs\Common\WindowsLiveInstaller 2008-11-13 10:20 --------- d-----w c:\users\All Users\Programdata\Spybot - Search & Destroy 2008-11-13 10:16 --------- d-----w c:\users\All Users\Programdata\WLInstaller 2008-11-13 10:13 --------- d-----w c:\progs\TeaTimer (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\SDHelper (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\Misc. Support Library (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\File Scanner Library (Spybot - Search & Destroy) 2008-10-22 10:32 268,435,456 --sha-w C:\WinPEpge.sys 2008-07-11 12:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008071120080712\index.dat 2008-07-14 10:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Programdata\Microsoft\Internet Explorer\UserData\index.dat . ((((((((((((((((((((((((((((( snapshot_2009-01-02_ 2.01.18.39 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-24 18:07:27 101,991 ----a-w c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat + 2009-01-02 14:15:04 101,991 ----a-w c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat - 2009-01-01 20:38:51 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll + 2009-01-04 19:19:38 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll - 2009-01-01 20:38:51 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll + 2009-01-04 19:19:38 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll + 2009-01-05 10:56:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1a8.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\progs\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-09 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-09 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-09 135168] "Norman ZANDA"="c:\progs\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "SigmatelSysTrayApp"="c:\progs\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progs\Common\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\progs\Common\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "SSConfig"="c:\sys.000\SW.exe" [2008-10-01 10489856] "ProcMon"="c:\sys.000\hostsw.exe" [2008-06-23 217088] "WinPatrol"="c:\progs\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-04-23 c:\windows\system32\advpack.dll] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableChangePassword"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-790525478-1644491937-682003330-62552\Scripts\Logon\0\0] "Script"=%logonserver%\netlogon\pwdcheck.bat [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Progs\\mIRC\\mirc.exe"= "c:\\Progs\\uTorrent\\uTorrent.exe"= "c:\\Users\\*********\\Skrivebord\\Listchecker\\pickup.listchecker.exe"= "c:\\Progs\\Warcraft III\\Frozen Throne.exe"= "c:\\Progs\\Warcraft III\\Warcraft III.exe"= "c:\\Progs\\Atari\\Deer Hunter 2005\\DH2005.exe"= "c:\\Progs\\Java\\jre6\\bin\\javaw.exe"= "c:\\Progs\\Java\\jre6\\bin\\java.exe"= "c:\\Progs\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Progs\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Progs\\Garena\\Garena.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:wc3 "6112:UDP"= 6112:UDP:wc3 "6113:TCP"= 6113:TCP:wc3 "6113:UDP"= 6113:UDP:123 "6114:TCP"= 6114:TCP:45 "6114:UDP"= 6114:UDP:231523 "6115:TCP"= 6115:TCP:listchecker "6115:UDP"= 6115:UDP:listchecker "6111:TCP"= 6111:TCP:listchecker "6111:UDP"= 6111:UDP:listchecker R3 nsesvc;Norman Scanner Engine Service;c:\progs\Norman\Nse\Bin\Nsesvc.exe [2008-07-11 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2008-07-11 19512] R3 nvcoas;Norman Virus Control on-access component;c:\progs\Norman\NVC\bin\Nvcoas.exe [2008-07-11 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\progs\Norman\NVC\bin\Nvcsched.exe [2008-07-11 146488] R4 MASEL;Event Log Audit;c:\sys.000\Evl.exe [2008-07-10 126976] R4 Ndiskio;Ndiskio;c:\progs\Norman\Nse\Bin\Ndiskio.sys [2008-07-11 20448] S3 GarenaPEngine;GarenaPEngine;\??\c:\users\SEBAST~1.L\LOKALE~1\Temp\SKLD4.tmp --> c:\users\SEBAST~1.L\LOKALE~1\Temp\SKLD4.tmp [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512] ---- Other Services/Drivers In Memory ---- mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7f0e0c1-4f42-11dd-aade-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\progs\Microsoft IntelliPoint\ipoint.exe [2006-11-22 02:09] 2008-11-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\progs\Microsoft IntelliType Pro\itype.exe [2006-11-22 02:08] . . ------- Tilleggsskanning ------- . uStart Page = https://itsl.ntvgs.no/ uInternet Settings,ProxyOverride = <local> IE: E&ksporter til Microsoft Excel - c:\progs\MICROS~2\OFFICE11\EXCEL.EXE/3000 c:\windows\Downloaded Program Files\DirectEdit.dll - O16 -: DirectEdit hxxps://www.itslearning.com//file/DirectEdit.CAB c:\windows\Downloaded Program Files\OSD12D4.OSD FF - ProfilePath - c:\users\*********\Programdata\Mozilla\Firefox\Profiles\145bttw6.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-05 12:13:00 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\users\SEBAST~1.L\LOKALE~1\Temp\SKLD4.tmp" . Tidspunkt ferdig: 2009-01-05 12:13:51 ComboFix-quarantined-files.txt 2009-01-05 11:13:48 ComboFix2.txt 2009-01-03 04:51:35 ComboFix3.txt 2009-01-02 19:44:50 ComboFix4.txt 2009-01-02 01:02:17 ComboFix5.txt 2009-01-05 11:10:16 Pre-Run: 4,524,564,480 byte ledig Post-Run: 4,514,025,472 byte ledig 221
snippsat Skrevet 5. januar 2009 Skrevet 5. januar 2009 Prøve igjen med denne,CFScript har ikke virket. http://rapidshare.com/files/179984119/CFScript.txt.html Lagre på skrivebordet og gjør som forklart før.
hautainn Skrevet 5. januar 2009 Forfatter Skrevet 5. januar 2009 Ok, virket som det funket nå. Det ble krevd en restart av pc'n. ComboFix 09-01-04.01 - *********** 2009-01-05 12:51:21.6 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1014.559 [GMT 1:00] Kjører fra: c:\users\***********\Skrivebord\ComboFix.exe Command switches brukt :: c:\users\***********\Skrivebord\CFScript.txt * Opprettet nytt gjenopprettingspunkt FILE :: c:\users\SEBAST~1.L\LOKALE~1\Temp\SKLD4.tmp . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GARENAPENGINE -------\Service_GarenaPEngine ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-05 til 2009-01-05 ))))))))))))))))))))))))))))))))) . 2009-01-02 01:29 . 2009-01-05 12:49 <DIR> dr-h----- c:\users\***********\Siste 2008-12-29 23:05 . 2008-12-30 23:48 <DIR> d-------- c:\progs\Garena 2008-12-29 14:11 . 2009-01-05 12:56 <DIR> d-------- c:\users\***********\Tracing 2008-12-29 14:09 . 2008-12-29 14:09 <DIR> d-------- c:\progs\Windows Live SkyDrive 2008-12-29 14:09 . 2008-12-29 14:09 <DIR> d-------- c:\progs\Microsoft 2008-12-29 14:03 . 2008-12-29 14:03 <DIR> d-------- c:\progs\Common\Windows Live 2008-12-25 12:54 . 2008-12-25 16:54 <DIR> d-------- c:\users\***********\Programdata\dvdcss 2008-12-21 04:52 . 2008-12-21 04:52 <DIR> d-------- c:\progs\NeoDownloader 2008-12-20 19:20 . 2008-12-20 19:20 <DIR> d-------- c:\progs\Atari 2008-12-18 15:12 . 2008-12-18 20:14 <DIR> d-------- c:\users\***********\Programdata\Vso 2008-12-18 15:12 . 2008-12-18 15:12 <DIR> d-------- c:\progs\VSO 2008-12-18 15:12 . 2004-05-04 12:53 1,645,320 --a------ c:\windows\gdiplus.dll 2008-12-18 15:12 . 2006-05-20 17:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll 2008-12-18 15:12 . 2006-05-11 20:21 626,688 --a------ c:\windows\system32\vp7vfw.dll 2008-12-18 15:12 . 2006-09-29 13:24 217,127 --a------ c:\windows\system32\drv43260.dll 2008-12-18 15:12 . 2006-09-29 13:25 208,935 --a------ c:\windows\system32\drv33260.dll 2008-12-18 15:12 . 2006-09-29 13:26 176,165 --a------ c:\windows\system32\drv23260.dll 2008-12-18 15:12 . 2007-03-18 21:37 65,602 --a------ c:\windows\system32\cook3260.dll 2008-12-18 15:12 . 2008-12-18 15:12 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys 2008-12-18 15:12 . 2008-12-18 15:12 47,360 --a------ c:\users\***********\Programdata\pcouffin.sys 2008-12-16 17:51 . 2008-12-16 17:51 <DIR> d-------- c:\users\***********\Programdata\NeoDownloader 2008-12-15 19:00 . 1994-09-21 02:00 12,800 --a------ c:\windows\system\WING32.DLL 2008-12-15 18:59 . 2008-12-15 18:59 <DIR> d-------- c:\progs\3DO 2008-12-15 18:59 . 1994-09-21 02:00 12,800 --a------ c:\windows\system32\WING32.DLL 2008-12-15 18:58 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-12-10 14:24 . 2008-12-10 14:24 <DIR> d-------- c:\users\***********\Programdata\WinPatrol 2008-12-10 14:23 . 2008-12-10 14:23 <DIR> d-------- c:\progs\BillP Studios 2008-12-09 11:16 . 2008-12-09 11:16 <DIR> d-------- c:\users\***********\Programdata\Apple Computer 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\users\All Users\Programdata\Apple Computer 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\progs\QuickTime 2008-12-09 11:13 . 2008-12-09 11:13 <DIR> d-------- c:\progs\Common\Apple 2008-12-09 11:12 . 2008-12-09 11:12 <DIR> d-------- c:\users\All Users\Programdata\Apple 2008-12-09 11:12 . 2008-12-09 11:12 <DIR> d-------- c:\progs\Apple Software Update 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\users\***********\Programdata\Sony 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\users\***********\Programdata\Publish Providers 2008-12-09 11:04 . 2008-12-09 11:31 <DIR> d-a------ c:\users\All Users\Programdata\TEMP 2008-12-09 11:04 . 2008-12-09 11:04 <DIR> d-------- c:\progs\VSTplugins 2008-12-09 10:57 . 2008-12-09 10:57 <DIR> d-------- c:\users\All Users\Programdata\Sony 2008-12-09 10:57 . 2008-12-09 10:57 <DIR> d-------- c:\progs\Sony 2008-12-09 10:47 . 2008-12-09 10:47 <DIR> d-------- c:\progs\MSBuild 2008-12-09 10:45 . 2008-12-09 10:45 <DIR> d-------- c:\users\All Users\Programdata\Messenger Plus! 2008-12-09 10:45 . 2008-12-23 18:14 <DIR> d-------- c:\progs\StuffPlug3 2008-12-09 10:44 . 2008-12-09 10:44 <DIR> d-------- c:\windows\system32\XPSViewer 2008-12-09 10:44 . 2008-12-09 10:44 <DIR> d-------- c:\progs\Reference Assemblies 2008-12-09 10:43 . 2008-12-09 11:48 <DIR> d-------- c:\progs\Messenger Plus! Live 2008-12-09 10:43 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-12-09 10:35 . 2008-12-09 10:36 <DIR> d-------- c:\users\***********\Programdata\Sony Setup 2008-12-09 10:35 . 2008-12-09 10:35 <DIR> d-------- c:\progs\Sony Setup . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-05 11:54 --------- d-----w c:\progs\Norman 2009-01-05 11:50 --------- d-----w c:\users\***********\Programdata\NoNameScript 2009-01-05 11:34 31 ----a-w c:\users\***********\jagex_runescape_preferences.dat 2009-01-05 11:33 --------- d-----w c:\progs\mIRC 2009-01-02 20:49 --------- d-----w c:\progs\Warcraft III 2009-01-02 16:12 --------- d-----w c:\progs\Malwarebytes' Anti-Malware 2009-01-02 16:10 --------- d-----w c:\users\***********\Programdata\foobar2000 2008-12-29 22:05 --------- d--h--w c:\progs\InstallShield Installation Information 2008-12-29 13:08 --------- d-----w c:\progs\Windows Live 2008-12-28 22:03 --------- d-----w c:\users\***********\Programdata\uTorrent 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-12-01 19:57 --------- d-----w c:\progs\Trend Micro 2008-12-01 19:37 --------- d-----w c:\users\***********\Programdata\Malwarebytes 2008-12-01 19:37 --------- d-----w c:\users\All Users\Programdata\Malwarebytes 2008-11-28 20:41 --------- d-----w c:\progs\WC3Banlist 2008-11-17 15:44 --------- d-----w c:\progs\WinPcap 2008-11-17 15:38 2,829 ----a-w c:\windows\War3Unin.pif 2008-11-17 15:38 139,264 ----a-w c:\windows\War3Unin.exe 2008-11-16 02:01 --------- d-----w c:\users\***********\Programdata\vlc 2008-11-16 02:00 --------- d-----w c:\progs\VideoLAN 2008-11-15 19:17 --------- d-----w c:\progs\DAEMON Tools Lite 2008-11-15 19:11 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-15 19:11 --------- d-----w c:\users\***********\Programdata\DAEMON Tools 2008-11-15 17:41 --------- d-----w c:\progs\DVD Decrypter 2008-11-15 15:54 --------- d-----w c:\progs\Microsoft IntelliType Pro 2008-11-15 15:54 --------- d-----w c:\progs\Microsoft IntelliPoint 2008-11-15 15:48 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-11-15 15:48 --------- d-----w c:\progs\Java 2008-11-15 00:05 --------- d-----w c:\users\***********\Programdata\teamspeak2 2008-11-15 00:05 --------- d-----w c:\progs\Teamspeak2_RC2 2008-11-14 13:38 --------- d-----w c:\progs\uTorrent 2008-11-14 13:18 --------- d-----w c:\progs\foobar2000 2008-11-14 07:17 --------- d-----w c:\progs\Spybot - Search & Destroy 2008-11-13 10:45 --------- d-----w c:\users\***********\Programdata\mIRC 2008-11-13 10:27 --------- d-----w c:\progs\CCleaner 2008-11-13 10:23 --------- dcsh--w c:\progs\Common\WindowsLiveInstaller 2008-11-13 10:20 --------- d-----w c:\users\All Users\Programdata\Spybot - Search & Destroy 2008-11-13 10:16 --------- d-----w c:\users\All Users\Programdata\WLInstaller 2008-11-13 10:13 --------- d-----w c:\progs\TeaTimer (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\SDHelper (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\Misc. Support Library (Spybot - Search & Destroy) 2008-11-13 10:13 --------- d-----w c:\progs\File Scanner Library (Spybot - Search & Destroy) 2008-10-22 10:32 268,435,456 --sha-w C:\WinPEpge.sys 2008-07-11 12:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008071120080712\index.dat 2008-07-14 10:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Programdata\Microsoft\Internet Explorer\UserData\index.dat . ((((((((((((((((((((((((((((( snapshot_2009-01-02_ 2.01.18.39 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-24 18:07:27 101,991 ----a-w c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat + 2009-01-02 14:15:04 101,991 ----a-w c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat - 2009-01-01 20:38:51 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll + 2009-01-05 11:33:52 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll - 2009-01-01 20:38:51 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll + 2009-01-05 11:33:52 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll + 2009-01-05 11:54:34 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1b4.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\progs\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-09 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-09 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-09 135168] "Norman ZANDA"="c:\progs\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "SigmatelSysTrayApp"="c:\progs\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progs\Common\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\progs\Common\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "SSConfig"="c:\sys.000\SW.exe" [2008-10-01 10489856] "ProcMon"="c:\sys.000\hostsw.exe" [2008-06-23 217088] "WinPatrol"="c:\progs\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-04-23 c:\windows\system32\advpack.dll] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableChangePassword"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-790525478-1644491937-682003330-62552\Scripts\Logon\0\0] "Script"=%logonserver%\netlogon\pwdcheck.bat [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Progs\\mIRC\\mirc.exe"= "c:\\Progs\\uTorrent\\uTorrent.exe"= "c:\\Users\\***********\\Skrivebord\\Listchecker\\pickup.listchecker.exe"= "c:\\Progs\\Warcraft III\\Frozen Throne.exe"= "c:\\Progs\\Warcraft III\\Warcraft III.exe"= "c:\\Progs\\Atari\\Deer Hunter 2005\\DH2005.exe"= "c:\\Progs\\Java\\jre6\\bin\\javaw.exe"= "c:\\Progs\\Java\\jre6\\bin\\java.exe"= "c:\\Progs\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Progs\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Progs\\Garena\\Garena.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:wc3 "6112:UDP"= 6112:UDP:wc3 "6113:TCP"= 6113:TCP:wc3 "6113:UDP"= 6113:UDP:123 "6114:TCP"= 6114:TCP:45 "6114:UDP"= 6114:UDP:231523 "6115:TCP"= 6115:TCP:listchecker "6115:UDP"= 6115:UDP:listchecker "6111:TCP"= 6111:TCP:listchecker "6111:UDP"= 6111:UDP:listchecker R3 nsesvc;Norman Scanner Engine Service;c:\progs\Norman\Nse\Bin\Nsesvc.exe [2008-07-11 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2008-07-11 19512] R3 nvcoas;Norman Virus Control on-access component;c:\progs\Norman\NVC\bin\Nvcoas.exe [2008-07-11 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\progs\Norman\NVC\bin\Nvcsched.exe [2008-07-11 146488] R4 MASEL;Event Log Audit;c:\sys.000\Evl.exe [2008-07-10 126976] R4 Ndiskio;Ndiskio;c:\progs\Norman\Nse\Bin\Ndiskio.sys [2008-07-11 20448] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512] ---- Other Services/Drivers In Memory ---- mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7f0e0c1-4f42-11dd-aade-806d6172696f}] \Shell\AutoRun\command - D:\setup.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\progs\Microsoft IntelliPoint\ipoint.exe [2006-11-22 02:09] 2008-11-15 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\progs\Microsoft IntelliType Pro\itype.exe [2006-11-22 02:08] . . ------- Tilleggsskanning ------- . uStart Page = https://itsl.ntvgs.no/ uInternet Settings,ProxyOverride = <local> IE: E&ksporter til Microsoft Excel - c:\progs\MICROS~2\OFFICE11\EXCEL.EXE/3000 c:\windows\Downloaded Program Files\DirectEdit.dll - O16 -: DirectEdit hxxps://www.itslearning.com//file/DirectEdit.CAB c:\windows\Downloaded Program Files\OSD12D4.OSD FF - ProfilePath - c:\users\***********\Programdata\Mozilla\Firefox\Profiles\145bttw6.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-05 12:56:01 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\users\SEBAST~1.L\LOKALE~1\Temp\tzk4.tmp 843 bytes skanning vellykket skjulte filer: 1 ************************************************************************** . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\progs\Norman\Npm\Bin\elogsvc.exe c:\progs\Norman\Npm\Bin\Zanda.exe c:\windows\system32\scardsvr.exe c:\progs\Java\jre6\bin\jqs.exe c:\progs\Common\Microsoft Shared\VS7DEBUG\MDM.EXE c:\progs\Dell\QuickSet\NicConfigSvc.exe c:\progs\Norman\Npm\Bin\Njeeves.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\igfxsrvc.exe c:\progs\Norman\NVC\bin\Nip.exe c:\windows\system32\rundll32.exe c:\progs\Norman\NVC\bin\CClaw.exe c:\sys.000\svpr.exe . ************************************************************************** . Tidspunkt ferdig: 2009-01-05 12:58:27 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-01-05 11:58:23 ComboFix2.txt 2009-01-05 11:13:52 ComboFix3.txt 2009-01-03 04:51:35 ComboFix4.txt 2009-01-02 19:44:50 ComboFix5.txt 2009-01-05 11:50:40 Pre-Run: 4,499,091,456 byte ledig Post-Run: 4,484,640,768 byte ledig 246
snippsat Skrevet 5. januar 2009 Skrevet 5. januar 2009 Ser greit ut. Slett det du har i temp mappe. c:\users\SEBAST~1.L\LOKALE~1\Temp\tzk4.tmp 843 bytes Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt.
hautainn Skrevet 5. januar 2009 Forfatter Skrevet 5. januar 2009 Ser greit ut. Slett det du har i temp mappe. c:\users\SEBAST~1.L\LOKALE~1\Temp\tzk4.tmp 843 bytes Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Ok. Takk for hjelpen
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå