Kuuket Skrevet 21. februar 2009 Rapporter Del Skrevet 21. februar 2009 (endret) Hei, har nå fått noen mail'er fra leverandøren vår om virus på linja. Trenger ganske fort hjelp før linja blir stengt. De snakker om downadup virus, også har jeg prøvd en del virus program, men de funker ikke og få fjernet dette:S EDIT: MBAM funker ikke på maskinen min, den bare sperrer all tilgang, fordi den sier at jeg ikke har ekte Windows lisens:S men det har jeg jo Mvh stefan Endret 21. februar 2009 av PoWerRaZer Lenke til kommentar
Kuuket Skrevet 21. februar 2009 Forfatter Rapporter Del Skrevet 21. februar 2009 Hijackthis. Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:30:18, on 21.02.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\CTHELPER.EXE C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\Logitech\G-series Software\LCDMon.exe C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\Programfiler\Winamp\winampa.exe C:\WINDOWS\system32\wltray.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Programfiler\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe C:\Programfiler\Creative\MediaSource5\Go\CTCMSGoU.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Programfiler\OpenOffice.org 3\program\soffice.exe C:\Programfiler\OpenOffice.org 3\program\soffice.bin C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\internet explorer\iexplore.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hardware.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [VolPanel] "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [NVIDIA nTune] C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Programfiler\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programfiler\Fellesfiler\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programfiler\Creative\Shared Files\CTAudSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Programfiler\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 9044 bytes Lenke til kommentar
norbat Skrevet 21. februar 2009 Rapporter Del Skrevet 21. februar 2009 Oppdater windows med riktig patch: http://www.microsoft.com/technet/security/...n/ms08-067.mspx Deretter laster du ned Microsoft Windows Malicious Software Removal Tool og kjører skann Lenke til kommentar
Kuuket Skrevet 22. februar 2009 Forfatter Rapporter Del Skrevet 22. februar 2009 noen annen måte og fjerne det på ? Fordi microsoft kommer jeg ikke inn på lengere, så lenge MBAM sperra maskina mi :S Lenke til kommentar
norbat Skrevet 22. februar 2009 Rapporter Del Skrevet 22. februar 2009 Du kommer deg inn på pc'n din? Prøv og kjør Combofix (se veiledningen) Lenke til kommentar
Kuuket Skrevet 25. februar 2009 Forfatter Rapporter Del Skrevet 25. februar 2009 Klikk for å se/fjerne innholdet nedenfor ComboFix 09-02-24.02 - Stefan 2009-02-25 19:04:37.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2046.1488 [GMT 1:00] Kjører fra: c:\documents and settings\Stefan\Skrivebord\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-25 til 2009-02-25 ))))))))))))))))))))))))))))))))) . 2009-02-25 18:28 . 2009-02-25 18:28 <DIR> d-------- c:\documents and settings\Stefan\Programdata\DivX 2009-02-25 18:27 . 2008-11-06 17:37 120,056 --------- c:\windows\system32\pxcpyi64.exe 2009-02-25 18:27 . 2008-11-06 17:37 118,520 --------- c:\windows\system32\pxinsi64.exe 2009-02-25 18:26 . 2009-02-25 18:27 <DIR> d-------- c:\programfiler\DivX 2009-02-24 17:50 . 2009-02-24 17:50 <DIR> d-------- c:\documents and settings\Stefan\Programdata\Grisoft 2009-02-24 17:50 . 2009-02-24 17:50 <DIR> d-------- c:\documents and settings\All Users\Programdata\Grisoft 2009-02-24 17:50 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys 2009-02-23 18:42 . 2009-02-23 18:42 <DIR> d-------- c:\windows\system32\LogFiles 2009-02-23 03:29 . 2009-02-02 10:05 290,816 --a------ C:\Leis.exe 2009-02-23 03:29 . 2009-02-02 09:50 1,505 --a------ C:\standard.ini 2009-02-22 17:38 . 2009-02-22 17:39 <DIR> d-------- c:\programfiler\Spyware Doctor 2009-02-22 17:38 . 2009-02-22 17:38 <DIR> d-------- c:\documents and settings\Stefan\Programdata\PC Tools 2009-02-22 17:38 . 2009-02-23 02:57 <DIR> d-a------ c:\documents and settings\All Users\Programdata\TEMP 2009-02-22 17:38 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2009-02-22 17:38 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2009-02-22 17:38 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2009-02-22 17:38 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2009-02-12 20:30 . 2009-02-12 20:30 <DIR> d-------- c:\documents and settings\Stefan\Programdata\OpenOffice.org 2009-02-12 20:28 . 2009-02-12 20:28 <DIR> d-------- c:\programfiler\OpenOffice.org 3 2009-02-12 20:08 . 2009-02-12 20:08 <DIR> d-------- c:\programfiler\NOS 2009-02-12 20:08 . 2009-02-12 20:08 <DIR> d-------- c:\documents and settings\All Users\Programdata\NOS 2009-02-12 20:07 . 2009-02-12 20:07 <DIR> d-------- c:\documents and settings\Stefan\Programdata\AdobeUM 2009-02-12 13:45 . 2009-02-12 13:45 382 --a------ c:\windows\ODBC.INI 2009-02-12 13:44 . 2009-02-12 13:44 <DIR> d-------- c:\programfiler\Microsoft ActiveSync 2009-02-12 13:44 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll 2009-02-12 13:43 . 2009-02-12 13:44 <DIR> d-------- c:\windows\SHELLNEW 2009-02-12 13:43 . 2009-02-12 13:43 <DIR> d-------- c:\programfiler\Microsoft.NET 2009-02-12 12:43 . 2009-02-12 12:43 <DIR> d-------- c:\documents and settings\Stefan\Programdata\DAEMON Tools Pro 2009-02-12 12:43 . 2009-02-12 12:43 <DIR> d-------- c:\documents and settings\Stefan\Programdata\DAEMON Tools 2009-02-12 12:42 . 2009-02-12 12:42 <DIR> d-------- c:\programfiler\DAEMON Tools Toolbar 2009-02-12 12:42 . 2009-02-12 18:03 <DIR> d-------- c:\programfiler\DAEMON Tools Lite 2009-02-12 12:42 . 2009-02-12 12:42 <DIR> d-------- c:\documents and settings\All Users\Programdata\DAEMON Tools Lite 2009-02-12 11:07 . 2009-02-12 13:43 <DIR> d-------- c:\documents and settings\Stefan\Programdata\DAEMON Tools Lite 2009-02-12 11:07 . 2009-02-12 11:07 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-02-11 17:54 . 2009-02-22 22:47 <DIR> d-------- c:\documents and settings\All Users\Programdata\TrackMania 2009-02-11 17:52 . 2009-02-11 17:53 <DIR> d-------- c:\programfiler\TmNationsForever 2009-02-09 00:35 . 2009-02-09 00:36 <DIR> d-------- c:\programfiler\PartyGaming 2009-02-01 03:21 . 2004-08-04 01:03 23,552 --a------ c:\windows\system32\OLD21D.tmp 2009-02-01 03:21 . 2004-08-04 01:03 4,096 --a------ c:\windows\system32\OLD21E.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-25 18:02 --------- d-----w c:\programfiler\Windows Live 2009-02-25 17:55 --------- d-----w c:\documents and settings\Stefan\Programdata\BitTorrent 2009-02-22 23:16 --------- d-----w c:\documents and settings\Stefan\Programdata\Creative 2009-02-22 16:31 --------- d-----w c:\documents and settings\Stefan\Programdata\LimeWire 2009-02-12 19:09 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2009-01-22 21:08 --------- d-----w c:\programfiler\Trend Micro 2009-01-20 23:06 --------- d-----w c:\documents and settings\Stefan\Programdata\Malwarebytes 2009-01-20 23:06 --------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes 2009-01-17 15:16 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-07 22:26 --------- d-----w c:\programfiler\YouTube Downloader 2009-01-06 03:43 --------- d-----w c:\documents and settings\Stefan\Programdata\mIRC 2009-01-06 03:10 --------- d-----w c:\programfiler\mIRC 2009-01-05 02:30 --------- d-----w c:\documents and settings\Stefan\Programdata\Ventrilo 2009-01-05 02:15 --------- d-----w c:\programfiler\Ventrilo 2009-01-05 02:15 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-01-04 23:15 --------- d-----w c:\programfiler\BitTorrent 2009-01-03 23:20 --------- d-----w c:\programfiler\Opera 2009-01-03 17:13 17,801 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-01-03 17:12 --------- d-----w c:\programfiler\Belkin 2009-01-03 17:04 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2009-01-01 02:38 --------- d-----w c:\programfiler\Winamp 2009-01-01 02:38 --------- d-----w c:\documents and settings\Stefan\Programdata\Winamp 2008-12-31 03:54 --------- d-----w c:\documents and settings\All Users\Programdata\FLEXnet 2008-12-31 03:33 --------- d-----w c:\programfiler\Bonjour 2008-12-31 03:28 --------- d-----w c:\programfiler\Fellesfiler\Macrovision Shared 2008-12-31 02:55 --------- d-----w c:\documents and settings\Stefan\Programdata\vlc 2008-12-30 23:57 --------- d-----w c:\programfiler\Fellesfiler\Creative Labs Shared 2008-12-30 23:39 --------- d--h--w c:\programfiler\Creative Installation Information 2008-12-30 23:37 --------- d-----w c:\programfiler\Creative 2008-12-30 23:34 --------- d-----w c:\documents and settings\All Users\Programdata\Creative 2008-12-30 21:59 --------- d-----w c:\programfiler\VideoLAN 2008-12-30 21:32 --------- d-----w c:\documents and settings\All Users\Programdata\Logitech 2008-12-30 21:31 --------- d-----w c:\programfiler\Logitech 2008-12-30 20:54 --------- d-----w c:\programfiler\NVIDIA Corporation 2008-12-30 20:42 --------- d-----w c:\programfiler\Windows Live SkyDrive 2008-12-30 20:42 --------- d-----w c:\programfiler\Microsoft 2008-12-30 20:40 --------- d-----w c:\documents and settings\All Users\Programdata\NVIDIA 2008-12-30 20:39 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2008-12-30 20:20 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-30 20:20 --------- d-----w c:\programfiler\Java 2008-12-30 20:14 --------- d-----w c:\documents and settings\All Users\Programdata\nView_Profiles 2008-12-30 20:11 --------- d-----w c:\programfiler\Fellesfiler\Creative 2008-12-30 19:49 --------- d-----w c:\documents and settings\All Users\Programdata\muvee Technologies 2008-12-30 19:40 --------- d-----w c:\programfiler\microsoft frontpage 2008-12-30 19:39 --------- d-----w c:\programfiler\Fellesfiler\Tjenester 2008-12-30 19:39 --------- d-----w c:\programfiler\Elektroniske tjenester 2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll 2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll 2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll 2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll 2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll 2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll 2007-10-29 12:00 164,746 --sha-r c:\windows\system32\qhxegmwf.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-22_22.29.04.39 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-12 12:44:18 110,592 ----a-w c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll + 2009-02-12 19:28:13 12,288 ----a-w c:\windows\assembly\GAC\cli_basetypes\1.0.12.0__ce2cb7e279207b9e\cli_basetypes.dll + 2009-02-12 19:28:28 34,816 ----a-w c:\windows\assembly\GAC\cli_cppuhelper\1.0.15.0__ce2cb7e279207b9e\cli_cppuhelper.dll + 2009-02-12 19:28:28 823,296 ----a-w c:\windows\assembly\GAC\cli_oootypes\1.0.1.0__ce2cb7e279207b9e\cli_oootypes.dll + 2009-02-12 19:28:13 8,192 ----a-w c:\windows\assembly\GAC\cli_ure\1.0.15.0__ce2cb7e279207b9e\cli_ure.dll + 2009-02-12 19:28:13 110,592 ----a-w c:\windows\assembly\GAC\cli_uretypes\1.0.1.0__ce2cb7e279207b9e\cli_uretypes.dll + 2009-02-11 16:54:11 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2009-02-11 16:54:11 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2009-02-11 16:54:12 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2009-02-11 16:54:08 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-11 16:54:09 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-11 16:54:09 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-11 16:54:10 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-11 16:54:10 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-11 16:54:10 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-11 16:54:10 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-11 16:54:11 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-11 16:54:11 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-11 16:54:12 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-02-11 16:54:12 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2009-02-11 16:54:12 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll + 2009-02-11 16:54:12 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2009-02-11 16:54:12 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2009-02-11 16:54:11 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2009-02-12 12:44:18 64,088 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll + 2009-02-12 12:44:18 229,376 ----a-w c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL + 2009-02-12 12:44:18 4,096 ----a-w c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll + 2009-02-12 12:44:17 223,800 ----a-w c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL + 2009-02-12 19:28:13 3,584 ----a-w c:\windows\assembly\GAC\policy.1.0.cli_basetypes\12.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll + 2009-02-12 19:28:30 3,584 ----a-w c:\windows\assembly\GAC\policy.1.0.cli_cppuhelper\15.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll + 2009-02-12 19:28:31 3,584 ----a-w c:\windows\assembly\GAC\policy.1.0.cli_oootypes\1.1.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll + 2009-02-12 19:28:13 3,072 ----a-w c:\windows\assembly\GAC\policy.1.0.cli_ure\15.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll + 2009-02-12 19:28:14 3,584 ----a-w c:\windows\assembly\GAC\policy.1.0.cli_uretypes\1.1.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll + 2009-02-12 12:44:18 16,384 ----a-w c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll + 2009-02-12 12:44:48 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2009-02-12 12:44:48 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2009-02-12 12:44:48 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2009-02-12 12:44:48 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2009-02-12 12:44:48 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2009-02-12 12:44:48 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2009-02-12 12:44:48 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-02-12 12:44:48 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-02-12 12:44:48 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2009-02-12 12:44:48 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2009-02-12 12:44:48 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2009-02-12 12:44:48 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-02-12 12:44:48 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2007-12-12 14:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1044-7B44-A90000000001}\SC_Reader.exe + 2009-02-12 19:28:47 7,434,240 ----a-r c:\windows\Installer\{DB3DB067-50F9-453A-9CCF-901EE50D450D}\soffice.exe + 2009-02-25 00:12:06 29,926 ----a-r c:\windows\Installer\{EAE7910E-5FF8-4322-8935-2A20AA2D28AF}\MsblIco.Exe + 2005-03-18 15:23:10 53,248 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll + 2005-03-18 15:23:10 12,800 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll + 2005-03-18 15:23:14 473,600 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll + 2004-09-29 11:38:58 2,676,224 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll + 2005-03-18 15:23:10 145,920 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll + 2005-03-18 15:23:10 159,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll + 2005-03-18 15:23:14 364,544 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll + 2005-03-18 15:23:12 178,176 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll + 2005-03-18 15:23:14 223,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll + 2004-12-01 14:53:06 2,846,720 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll + 2005-02-05 18:32:54 563,712 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll + 2005-03-18 16:23:14 567,296 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll + 2005-05-26 14:15:56 576,000 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll + 2005-07-22 16:21:34 577,024 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll + 2005-09-28 13:11:52 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll + 2005-12-05 16:20:50 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll + 2006-02-03 06:40:48 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll + 2006-03-31 10:27:50 578,560 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll + 2005-09-18 00:32:02 5,376 ----a-w c:\windows\system32\antiwpa.dll - 2008-12-30 19:43:22 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-02-12 19:08:13 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-12-30 19:43:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat + 2009-02-12 19:08:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat - 2008-12-30 19:43:22 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat + 2009-02-12 19:08:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat + 2009-01-29 20:24:39 241,664 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat + 2008-11-06 16:33:52 684,032 ----a-w c:\windows\system32\DivX.dll + 2008-11-06 16:33:54 823,296 ----a-w c:\windows\system32\divx_xx07.dll + 2008-11-06 16:33:54 815,104 ----a-w c:\windows\system32\divx_xx0a.dll + 2008-11-06 16:33:54 823,296 ----a-w c:\windows\system32\divx_xx0c.dll + 2008-11-06 16:33:54 802,816 ----a-w c:\windows\system32\divx_xx11.dll + 2008-11-06 16:37:36 524,288 ----a-w c:\windows\system32\DivXsm.exe + 2008-11-06 16:33:02 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll + 2005-08-10 12:44:04 50,688 ----a-w c:\windows\system32\drivers\sfdrv01.sys + 2005-05-16 13:20:39 6,656 ----a-w c:\windows\system32\drivers\sfhlp02.sys + 2005-11-03 14:40:07 63,488 ----a-w c:\windows\system32\drivers\sfvfs02.sys + 2003-08-03 09:56:16 1,146,184 ----a-w c:\windows\system32\FM20.DLL + 2003-07-14 21:57:04 32,584 ----a-w c:\windows\system32\FM20ENU.DLL - 2009-01-03 17:20:59 1,395,344 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-02-25 17:58:13 1,519,688 ----a-w c:\windows\system32\FNTCACHE.DAT + 2002-08-21 04:10:16 204,800 ----a-w c:\windows\system32\INKED.DLL + 2004-08-04 00:03:14 4,096 ----a-w c:\windows\system32\ksuser(2).dll + 2008-11-06 16:35:00 1,044,480 ----a-w c:\windows\system32\libdivx.dll + 1998-06-17 18:08:32 53,248 ----a-w c:\windows\system32\MFC42ENU.DLL + 2000-05-11 12:06:20 397,312 ----a-w c:\windows\system32\MSRDO20.DLL + 2000-05-23 21:45:58 118,784 ----a-w c:\windows\system32\MSSTDFMT.DLL + 1998-08-09 10:07:34 94,208 ----a-w c:\windows\system32\MSSTKPRP.DLL - 2009-01-22 20:38:11 58,596 ----a-w c:\windows\system32\perfc009.dat + 2009-02-25 18:02:21 58,596 ----a-w c:\windows\system32\perfc009.dat - 2009-01-22 20:38:11 66,686 ----a-w c:\windows\system32\perfc014.dat + 2009-02-25 18:02:21 66,686 ----a-w c:\windows\system32\perfc014.dat - 2009-01-22 20:38:11 392,296 ----a-w c:\windows\system32\perfh009.dat + 2009-02-25 18:02:21 392,296 ----a-w c:\windows\system32\perfh009.dat - 2009-01-22 20:38:11 396,586 ----a-w c:\windows\system32\perfh014.dat + 2009-02-25 18:02:21 396,586 ----a-w c:\windows\system32\perfh014.dat - 2007-03-07 23:51:00 547,576 ------w c:\windows\system32\px.dll + 2008-11-06 16:37:28 551,672 ------w c:\windows\system32\px.dll - 2007-03-07 23:51:00 129,784 ------w c:\windows\system32\pxafs.dll + 2008-11-06 16:37:28 129,784 ------w c:\windows\system32\pxafs.dll - 2007-03-07 23:51:00 64,760 ------w c:\windows\system32\pxcpya64.exe + 2008-11-06 16:37:28 66,296 ------w c:\windows\system32\pxcpya64.exe - 2007-03-07 23:51:00 510,712 ------w c:\windows\system32\pxdrv.dll + 2008-11-06 16:37:28 518,904 ------w c:\windows\system32\pxdrv.dll - 2007-03-07 23:51:00 72,440 ------w c:\windows\system32\pxhpinst.exe + 2008-11-06 16:37:30 72,440 ------w c:\windows\system32\pxhpinst.exe - 2007-03-07 23:51:00 64,760 ------w c:\windows\system32\pxinsa64.exe + 2008-11-06 16:37:28 64,760 ------w c:\windows\system32\pxinsa64.exe - 2007-03-07 23:51:00 187,128 ------w c:\windows\system32\pxmas.dll + 2008-11-06 16:37:30 187,128 ------w c:\windows\system32\pxmas.dll - 2007-03-07 23:51:00 1,628,920 ------w c:\windows\system32\pxsfs.dll + 2008-11-06 16:37:28 1,628,920 ------w c:\windows\system32\pxsfs.dll - 2007-03-07 23:51:00 379,640 ------w c:\windows\system32\pxwave.dll + 2008-11-06 16:37:28 379,640 ------w c:\windows\system32\pxwave.dll + 2008-11-06 16:37:32 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll + 2000-04-03 16:52:54 151,552 ----a-w c:\windows\system32\RDOCURS.DLL + 2009-02-01 02:33:09 99,760 ----a-w c:\windows\system32\Restore\rstrlog.dat + 1998-03-24 20:54:08 15,872 ----a-w c:\windows\system32\SCP32.DLL + 2003-06-18 16:31:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll + 2003-06-18 16:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll + 2003-06-18 16:31:44 758,784 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll + 2003-06-18 16:31:46 35,328 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll + 2003-06-18 16:31:48 18,944 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll + 2008-11-06 16:35:00 200,704 ----a-w c:\windows\system32\ssldivx.dll + 1999-11-24 17:40:50 40,960 ----a-w c:\windows\system32\VBAME.DLL - 2007-03-07 23:51:00 39,672 ------w c:\windows\system32\vxblock.dll + 2008-11-06 16:37:28 88,824 ------w c:\windows\system32\vxblock.dll + 2004-08-04 00:03:42 23,552 ----a-w c:\windows\system32\wdmaud(2).drv + 2002-08-21 04:13:12 189,952 ----a-w c:\windows\system32\WISPTIS.EXE + 2009-02-25 17:58:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_258.dat + 2009-02-25 17:58:32 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2b8.dat - 2009-01-22 21:24:57 1,500 ----a-w c:\windows\UI\BIOSCTL.DAT + 2009-02-25 17:58:37 1,500 ----a-w c:\windows\UI\BIOSCTL.DAT + 2006-12-01 21:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 21:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 21:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll . -- Snapshot resatt til dagens dato -- . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496] "Creative MediaSource Go"="c:\programfiler\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 143360] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="c:\windows\TBPanel.exe" [2007-03-23 2173744] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-23 7774208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-23 81920] "AudioDrvEmulator"="c:\programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-30 136600] "Launch LGDCore"="c:\programfiler\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304] "Launch LCDMon"="c:\programfiler\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152] "VolPanel"="c:\programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880] "WinampAgent"="c:\programfiler\Winamp\winampa.exe" [2008-08-04 36352] "wltray.exe"="c:\windows\system32\wltray.exe" [2005-06-08 778318] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "!AVG Anti-Spyware"="c:\programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "nwiz"="nwiz.exe" [2007-02-23 c:\windows\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [2006-05-24 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2008-10-07 c:\windows\system32\Ctxfihlp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-29 15360] c:\documents and settings\Stefan\Start-meny\Programmer\Oppstart\ OpenOffice.org 3.0.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-01-15 393216] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "f:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\BitTorrent\\bittorrent.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= "f:\\Programfiler\\Steam\\steamapps\\common\\oddworld abes oddysee demo\\AbeDemo.exe"= "f:\\Programfiler\\Steam\\steamapps\\nikkoboss\\counter-strike\\hl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4127:TCP"= 4127:TCP:eunkzvep R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] S2 detypkv;Security Network;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336] S3 bbbxzesm;bbbxzesm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programfiler\Fellesfiler\Creative Labs Shared\Service\CTAELicensing.exe [2008-12-31 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] S3 getPlus® Helper;getPlus® Helper;c:\programfiler\NOS\bin\getPlus_HelperSvc.exe [2009-02-12 33752] S3 sdAuxService;PC Tools Auxiliary Service;c:\programfiler\Spyware Doctor\pctsAuxs.exe [2009-02-22 356920] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - APPMGMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs detypkv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cabdafc3-d6b0-11dd-a51f-806d6172696f}] \Shell\AutoRun\command - D:\CDSETUP.EXE . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-MsnMsgr - c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://hardware.no/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvappfilter.dll FF - ProfilePath - c:\documents and settings\Stefan\Programdata\Mozilla\Firefox\Profiles\dwlx51ya.default\ FF - component: c:\programfiler\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - plugin: c:\programfiler\Opera\program\plugins\npdivx32.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-25 19:07:02 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bbbxzesm] "ImagePath"="\??\c:\windows\system32\01.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\detypkv] "ServiceDll"="c:\windows\system32\qhxegmwf.dll" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1068) c:\windows\system32\antiwpa.dll - - - - - - - > 'lsass.exe'(1136) c:\windows\system32\nvappfilter.dll . Tidspunkt ferdig: 2009-02-25 19:07:42 ComboFix-quarantined-files.txt 2009-02-25 18:07:41 ComboFix2.txt 2009-01-22 21:29:27 Pre-Run: 215 759 384 576 byte ledig Post-Run: 215,950,598,144 byte ledig 357 --- E O F --- 2009-01-03 17:11:29 Lenke til kommentar
raWrz Skrevet 25. februar 2009 Rapporter Del Skrevet 25. februar 2009 si ifra hvis du ikke ser filene som er listet opp Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: c:\windows\system32\qhxegmwf.dll c:\windows\system32\dpuGUI11.dll c:\windows\system32\dtu100.dll Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. Lenke til kommentar
norbat Skrevet 25. februar 2009 Rapporter Del Skrevet 25. februar 2009 Ja, du har downadup-infeksjon. Hvis du ikke får hentet Microsoft Windows Malicious Software Removal Tool, så prøv en av de andre linkene under: ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip http://www.symantec.com/content/en/us/glob...FixDownadup.exe Deretter poster du en ny combofix-logg, så tar vi resten manuelt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå