m0g1e Skrevet 15. mai 2007 Skrevet 15. mai 2007 (endret) Halloen, NB: Er snakk om 2 PC-er gjennom posten her. Har kjørt denne guiden om noen lurte: https://www.diskusjon.no/index.php?showtopic=691246 Min bror's PC først: Kjørt CCleaner i sikkerhetsmodus (som kanskje var feil?) slettet temp filer over 48 elns alternativet som guiden sier. Har kjørt SAS i sikkerhetsmodus og får denne loggen: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/15/2007 at 07:04 PM Application Version : 3.7.1018 Core Rules Database Version : 3238 Trace Rules Database Version: 1249 Scan type : Complete Scan Total Scan Time : 00:16:13 Memory items scanned : 157 Memory threats detected : 1 Registry items scanned : 3227 Registry threats detected : 7 File items scanned : 20980 File threats detected : 2 Adware.Vundo Variant D:\WINDOWS\SYSTEM32\DDCYY.DLL D:\WINDOWS\SYSTEM32\DDCYY.DLL HKLM\Software\Classes\CLSID\{2C45B1EA-1887-42ED-AA5C-494FC8F09F74} HKCR\CLSID\{2C45B1EA-1887-42ED-AA5C-494FC8F09F74} HKCR\CLSID\{2C45B1EA-1887-42ED-AA5C-494FC8F09F74}\InprocServer32 HKCR\CLSID\{2C45B1EA-1887-42ED-AA5C-494FC8F09F74}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C45B1EA-1887-42ED-AA5C-494FC8F09F74} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2EE5C44-C66D-499d-BEAE-A2A79189A63A} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddcyy Trojan.Downloader-SpyTool D:\DOCUMENTS AND SETTINGS\OSKAR\LOKALE INNSTILLINGER\TEMP\FLNEGLXQ.DLL Og så en HJT etter oppstart: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:27:29, on 15.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Eset\nod32kui.exe D:\Programfiler\Fellesfiler\System\btorrent16.exe D:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe D:\WINDOWS\system32\ctfmon.exe D:\Programfiler\Messenger\msmsgs.exe D:\Programfiler\Java\jre1.5.0_03\bin\jucheck.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\ObjectDock\ObjectDock.exe c:\Programfiler\Eset\nod32krn.exe D:\WINDOWS\system32\nvsvc32.exe C:\progra~1\mozill~1\firefox.exe D:\WINDOWS\system32\taskmgr.exe D:\WINDOWS\system32\rundll32.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\notepad.exe D:\Documents and Settings\Oskar\Skrivebord\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {2C45B1EA-1887-42ED-AA5C-494FC8F09F74} - (no file) O2 - BHO: (no name) - {7E751FEF-C65C-47C5-9901-83F0E044511F} - D:\WINDOWS\system32\tuvvwxy.dll O2 - BHO: (no name) - {B41B140D-A302-4A1E-A9B4-762A0BE211A1} - D:\WINDOWS\system32\mlljj.dll O2 - BHO: (no name) - {C1B6F993-AD84-4E31-A2A1-620825DA8961} - (no file) O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - D:\WINDOWS\system32\ubkyvpov.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [nod32kui] "c:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Windows Update] D:\Programfiler\Fellesfiler\System\btorrent16.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "D:\WINDOWS\system32\earqdxwn.dll",realset O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\ObjectDock\ObjectDock.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: mlljj - D:\WINDOWS\system32\mlljj.dll O20 - Winlogon Notify: tuvvwxy - D:\WINDOWS\SYSTEM32\tuvvwxy.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - c:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe -- End of file - 4684 bytes Får også en advarsel fra NOD32 ang spyware i Internet Explorer når jeg kjørte Windows Update nå: rootchk fant ikke noe: Klikk for å se/fjerne innholdet nedenfor ********************************* ROOTCHK-(02-05-07)-LOG, by ejvindh 15.05.2007 19:33:15,92 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-15 19:33:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Min egen PC: HJT etter en ren SAS scan som jeg ikke tok med. Rootchk fant ikke noe. Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:01:13, on 15.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Eset\nod32krn.exe I:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\Explorer.EXE I:\WINDOWS\system32\RUNDLL32.EXE F:\Programfiler\DAEMON Tools\daemon.exe I:\Programfiler\Sound Volume Hotkeys\SoundVolumeHotkeys.exe C:\Programfiler\Eset\nod32kui.exe I:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe D:\Downloads\Random Loads\yz_dck0083\YzDock.exe C:\Programfiler\Opera 9\Opera.exe I:\WINDOWS\system32\wuauclt.exe I:\Documents and Settings\Magnus\Skrivebord\HiJackThis_v2.exe I:\WINDOWS\system32\rundll32.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E751FEF-C65C-47C5-9901-83F0E044511F} - I:\WINDOWS\system32\hggdcaa.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "F:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [soundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}] I:\Programfiler\Sound Volume Hotkeys\SoundVolumeHotkeys.exe -a O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "I:\WINDOWS\system32\udwbiilu.dll",realset O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Shortcut to YzDock.exe.lnk = D:\Downloads\Random Loads\yz_dck0083\YzDock.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://c:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://*.update.microsoft.com O15 - Trusted Zone: http://download.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: hggdcaa - I:\WINDOWS\SYSTEM32\hggdcaa.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - I:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - I:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - I:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Programfiler\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Programfiler\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe -- End of file - 5549 bytes Er det mulig å finne ut direkte hvor kilden til spyware'n ligger ved hjelp av noe verktøy? Klarte det med HTJ på min PC og forstod i hvor og hvordan det kom fra. Broren min kan likevel ikke huske å ha gjort noe spesielt siden XP'n er helt nyinstallert, men likevel har han beholdt noen partisjoner urørt som kan vært kilden... Til dere som har peiling: uTorrent... er det klassifisert som spyware`? Vil bare avkrefte det kort og greit Edit:lagt til info om bruttern sin PC + litt redigering edit2: lagt til rootchk (ferdig) Endret 16. mai 2007 av nollie
Gjest medlem-105082 Skrevet 15. mai 2007 Skrevet 15. mai 2007 (endret) Dette er til broren din sin pc. Kjør Hijackthis og slett: O2 - BHO: (no name) - {2C45B1EA-1887-42ED-AA5C-494FC8F09F74} - (no file) O2 - BHO: (no name) - {C1B6F993-AD84-4E31-A2A1-620825DA8961} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Last ned VundoFix.exe * Dobbelklikk på VundoFix.exe. * Klikk på scan for Vundo knappen * Når VundoFix er ferdig å scanne, klikk på Remove Vundo knappen. * Du vil få et valg som spørr om du vil fjerne filene, klikk 'YES' * Når du har klikket 'yes', så vil desktopen din bli blank og VundoFix vil fjerne Vundo. * Når VundoFix er ferdig, så klikker 'yes' for å restarte maskinen. * Post loggen av VundoFix - C:\vundofix.txt og en ny HiJackThis logg her. Endret 15. mai 2007 av medlem-105082
m0g1e Skrevet 15. mai 2007 Forfatter Skrevet 15. mai 2007 vodo fix: Klikk for å se/fjerne innholdet nedenfor VundoFix V6.3.23 Checking Java version... Sun Java not detected Scan started at 20:14:13 15.05.2007 Listing files found while scanning.... D:\WINDOWS\system32\earqdxwn.dll D:\WINDOWS\system32\jjllm.bak1 D:\WINDOWS\system32\jjllm.ini D:\WINDOWS\system32\mlljj.dll D:\WINDOWS\system32\nwxdqrae.ini D:\WINDOWS\system32\ubkyvpov.dll Beginning removal... Attempting to delete D:\WINDOWS\system32\earqdxwn.dll D:\WINDOWS\system32\earqdxwn.dll Has been deleted! Attempting to delete D:\WINDOWS\system32\jjllm.bak1 D:\WINDOWS\system32\jjllm.bak1 Has been deleted! Attempting to delete D:\WINDOWS\system32\jjllm.ini D:\WINDOWS\system32\jjllm.ini Has been deleted! Attempting to delete D:\WINDOWS\system32\mlljj.dll D:\WINDOWS\system32\mlljj.dll Could not be deleted. Attempting to delete D:\WINDOWS\system32\nwxdqrae.ini D:\WINDOWS\system32\nwxdqrae.ini Has been deleted! Attempting to delete D:\WINDOWS\system32\ubkyvpov.dll D:\WINDOWS\system32\ubkyvpov.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete D:\WINDOWS\system32\mlljj.dll D:\WINDOWS\system32\mlljj.dll Has been deleted! Performing Repairs to the registry. Done! HJT logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 20:50:44, on 15.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Eset\nod32kui.exe D:\Programfiler\Fellesfiler\System\btorrent16.exe D:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe D:\WINDOWS\system32\ctfmon.exe D:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\ObjectDock\ObjectDock.exe c:\Programfiler\Eset\nod32krn.exe D:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\WINDOWS\system32\rundll32.exe D:\Documents and Settings\Oskar\Skrivebord\HiJackThis_v2.exe D:\WINDOWS\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E751FEF-C65C-47C5-9901-83F0E044511F} - D:\WINDOWS\system32\tuvvwxy.dll O2 - BHO: (no name) - {B41B140D-A302-4A1E-A9B4-762A0BE211A1} - D:\WINDOWS\system32\mlljj.dll (file missing) O2 - BHO: (no name) - {D31B17E2-9937-484A-8212-8D6DBC8B42D5} - D:\WINDOWS\system32\ddabc.dll O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - D:\WINDOWS\system32\lwwvpgip.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [nod32kui] "c:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Windows Update] D:\Programfiler\Fellesfiler\System\btorrent16.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "D:\WINDOWS\system32\earqdxwn.dll",realset O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\ObjectDock\ObjectDock.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ddabc - D:\WINDOWS\system32\ddabc.dll O20 - Winlogon Notify: tuvvwxy - D:\WINDOWS\SYSTEM32\tuvvwxy.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - c:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe -- End of file - 4618 bytes
Gjest medlem-105082 Skrevet 15. mai 2007 Skrevet 15. mai 2007 (endret) Last ned Avenger og pakk ut filen. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp, kopierer du og limer inn: Files to delete: D:\Programfiler\Fellesfiler\System\btorrent16.exe D:\WINDOWS\system32\earqdxwn.dll Klikk på Trafikklyset. Restart pc'n. Loggfilen som kommer opp etter restarter trenger du ikke å poste. Hent ComboFix og legg det på skrivebordet: Klikk: Start -> Kjør Kopier det som står under (i fet) og lim det inn i 'kjør-vinduet': "%userprofile%\Skrivebord\ComboFix.exe" /v tuvvwxy ddabc lwwvpgip Klikk OK, og følg anvisningen. Ikke klikk på på vinduet mens programmet kjører Når programmet er ferdig åpnes en loggfil: combofix.txt. Den poster du senere. Kjør HJT, sett merke framfor følgende linjer (om de er tilstede) og klikk 'Fix checked': O2 - BHO: (no name) - {7E751FEF-C65C-47C5-9901-83F0E044511F} - D:\WINDOWS\system32\tuvvwxy.dll O2 - BHO: (no name) - {B41B140D-A302-4A1E-A9B4-762A0BE211A1} - D:\WINDOWS\system32\mlljj.dll (file missing) O2 - BHO: (no name) - {D31B17E2-9937-484A-8212-8D6DBC8B42D5} - D:\WINDOWS\system32\ddabc.dll O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - D:\WINDOWS\system32\lwwvpgip.dll O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Windows Update]D:\Programfiler\Fellesfiler\System\btorrent16.exe O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "D:\WINDOWS\system32\earqdxwn.dll",realset O20 - Winlogon Notify: ddabc - D:\WINDOWS\system32\ddabc.dll O20 - Winlogon Notify: tuvvwxy - D:\WINDOWS\SYSTEM32\tuvvwxy.dll Post loggen fra combofix og en ny HJT-logg uTorrent er forresten et veldig godt torrent program. Det inneholder ikke noe spyware og bruker lite ressurser Endret 15. mai 2007 av medlem-105082
norbat Skrevet 15. mai 2007 Skrevet 15. mai 2007 nollie Mens NightBlade renser din brors pc for spyware, kan du kjøre Vundofix på din egen. Loggen fra Vundofix + en ny HJT-logg poster du i en ny tråd som du oppretter. Det er mer ryddig å ha "èn sak" pr. tråd.
m0g1e Skrevet 16. mai 2007 Forfatter Skrevet 16. mai 2007 (endret) ComboFix: Klikk for å se/fjerne innholdet nedenfor "brukernavn" - 2007-05-16 1:19:14 Service Pack 2 ComboFix 07-05.13.V - Running from: "D:\Documents and Settings\brukernavn\Skrivebord\" Command switches used :: "/v tuvvwxy ddabc lwwvpgip" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) D:\WINDOWS\system32\ljjkkki.dll D:\WINDOWS\system32\lwwvpgip.dll D:\WINDOWS\system32\pjdmputf.dll D:\WINDOWS\system32\byxxxvt.dll D:\WINDOWS\system32\cbxywxy.dll D:\WINDOWS\system32\khfcbxy.dll D:\WINDOWS\system32\cbadd.bak1 D:\WINDOWS\system32\cbadd.ini D:\WINDOWS\system32\tuvvwxy.dll D:\WINDOWS\system32\ddabc.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-16 )))))))))))))))))))))))))))))))))) 2007-05-16 01:14 <DIR> d-------- D:\avenger 2007-05-15 23:03 <DIR> d-------- D:\DOCUME~1\Oskar\Incomplete 2007-05-15 22:54 <DIR> d-------- D:\DOCUME~1\Oskar\PROGRA~1\LimeWire 2007-05-15 22:34 <DIR> d-------- D:\WINDOWS\system32\NtmsData 2007-05-15 20:14 <DIR> d-------- D:\VundoFix Backups 2007-05-15 18:45 689,336 ---hs---- D:\WINDOWS\system32\yycdd.bak1 2007-05-15 18:45 <DIR> dr-h----- D:\DOCUME~1\Oskar\Siste 2007-05-15 18:40 <DIR> d-------- D:\Programfiler\CCleaner 2007-05-15 18:16 699,835 ---hs---- D:\WINDOWS\system32\ijllm.ini2 2007-05-15 18:06 <DIR> d-------- D:\DOCUME~1\Oskar\PROGRA~1\SUPERAntiSpyware.com 2007-05-15 18:06 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-15 18:05 <DIR> d-------- D:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-05-15 17:53 689,336 ---hs---- D:\WINDOWS\system32\ijllm.bak1 2007-05-15 17:46 4,225,744 --a------ D:\WINDOWS\system32\exec1.exe 2007-05-15 17:46 1,316,864 --a------ D:\WINDOWS\system32\exec2.exe 2007-05-15 17:43 <DIR> d-------- D:\DOCUME~1\Oskar\PROGRA~1\uTorrent 2007-05-15 17:16 <DIR> d-------- D:\WINDOWS\system32\LogFiles 2007-05-15 17:16 <DIR> d-------- D:\WINDOWS\system32\drivers\UMDF 2007-05-15 17:16 <DIR> d-------- D:\Programfiler\Windows Media Connect 2 2007-05-15 17:08 <DIR> d-------- D:\Programfiler\Winamp 2007-05-15 16:58 87,424 --a------ D:\WINDOWS\system32\drivers\irda.sys 2007-05-15 16:58 8,192 --a------ D:\WINDOWS\system32\wshirda.dll 2007-05-15 16:58 57,344 --a------ D:\WINDOWS\system32\drivers\redbook.sys 2007-05-15 16:58 3,072 --a------ D:\WINDOWS\system32\drivers\audstub.sys 2007-05-15 16:58 27,136 --a------ D:\WINDOWS\system32\irmon.dll 2007-05-15 16:58 21,504 --a------ D:\WINDOWS\system32\hidserv.dll 2007-05-15 16:58 19,584 --a------ D:\WINDOWS\system32\drivers\rasirda.sys 2007-05-15 16:58 18,688 --a------ D:\WINDOWS\system32\drivers\irsir.sys 2007-05-15 16:58 152,576 --a------ D:\WINDOWS\system32\irftp.exe 2007-05-15 16:57 74,240 --a------ D:\WINDOWS\system32\usbui.dll 2007-05-15 16:57 <DIR> d--hs---- D:\WINDOWS\Installer 2007-05-15 16:57 <DIR> d-------- D:\Programfiler\Fellesfiler\ODBC 2007-05-15 16:56 9,936 --a------ D:\WINDOWS\system\LZEXPAND.DLL 2007-05-15 16:56 9,008 --a------ D:\WINDOWS\system\VER.DLL 2007-05-15 16:56 85,020 --a------ D:\WINDOWS\system32\dgsetup.dll 2007-05-15 16:56 82,944 --a------ D:\WINDOWS\system\OLECLI.DLL 2007-05-15 16:56 8,704 --a------ D:\WINDOWS\system32\batt.dll 2007-05-15 16:56 8,192 -ra------ D:\WINDOWS\system32\kbdhept.dll 2007-05-15 16:56 74,752 --a------ D:\WINDOWS\system32\storprop.dll 2007-05-15 16:56 7,168 -ra------ D:\WINDOWS\system32\kbdcz.dll 2007-05-15 16:56 69,824 --a------ D:\WINDOWS\system\AVICAP.DLL 2007-05-15 16:56 69,120 --a------ D:\WINDOWS\NOTEPAD.EXE 2007-05-15 16:56 68,976 --a------ D:\WINDOWS\system\MMSYSTEM.DLL 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdycl.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdsl1.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdsl.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdpl.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdhu.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdhela3.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdcz2.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdcz1.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\kbdcr.dll 2007-05-15 16:56 6,656 -ra------ D:\WINDOWS\system32\KBDAL.DLL 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdtuq.dll 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdtuf.dll 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdlv1.dll 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdlv.dll 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdhela2.dll 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdgkl.dll 2007-05-15 16:56 6,144 -ra------ D:\WINDOWS\system32\kbdest.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdro.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdpl1.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdmon.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdlt1.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdlt.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdkyr.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdhu1.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdhe319.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdhe220.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdhe.dll 2007-05-15 16:56 5,632 -ra------ D:\WINDOWS\system32\kbdazel.dll 2007-05-15 16:56 5,120 --a------ D:\WINDOWS\system\SHELL.DLL 2007-05-15 16:56 33,072 --a------ D:\WINDOWS\system\COMMDLG.DLL 2007-05-15 16:56 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll 2007-05-15 16:56 24,064 --a------ D:\WINDOWS\system\OLESVR.DLL 2007-05-15 16:56 19,200 --a------ D:\WINDOWS\system\TAPI.DLL 2007-05-15 16:56 176,157 --a------ D:\WINDOWS\system32\dgrpsetu.dll 2007-05-15 16:56 15,360 --a------ D:\WINDOWS\TASKMAN.EXE 2007-05-15 16:56 13,312 --a------ D:\WINDOWS\system32\irclass.dll 2007-05-15 16:56 126,912 --a------ D:\WINDOWS\system\MSVIDEO.DLL 2007-05-15 16:56 11,264 --a------ D:\WINDOWS\system32\drivers\irenum.sys 2007-05-15 16:56 109,488 --a------ D:\WINDOWS\system\AVIFILE.DLL 2007-05-15 16:56 103,424 --a------ D:\WINDOWS\system32\EqnClass.Dll 2007-05-15 16:56 <DIR> dr-h----- D:\DOCUME~1\DEFAUL~1\Programdata 2007-05-15 16:56 <DIR> dr-h----- D:\DOCUME~1\DEFAUL~1\Lokale innstillinger 2007-05-15 16:56 <DIR> dr-h----- D:\DOCUME~1\ALLUSE~1\Programdata 2007-05-15 16:56 <DIR> dr------- D:\Programfiler 2007-05-15 16:56 <DIR> dr------- D:\DOCUME~1\DEFAUL~1\Start-meny 2007-05-15 16:56 <DIR> dr------- D:\DOCUME~1\ALLUSE~1\Start-meny 2007-05-15 16:56 <DIR> dr------- D:\DOCUME~1\ALLUSE~1\Dokumenter 2007-05-15 16:56 <DIR> d--hs---- D:\System Volume Information 2007-05-15 16:56 <DIR> d--h----- D:\DOCUME~1\DEFAUL~1\Skrivere 2007-05-15 16:56 <DIR> d--h----- D:\DOCUME~1\DEFAUL~1\Siste 2007-05-15 16:56 <DIR> d--h----- D:\DOCUME~1\DEFAUL~1\Maler 2007-05-15 16:56 <DIR> d--h----- D:\DOCUME~1\DEFAUL~1\AndrMask 2007-05-15 16:56 <DIR> d--h----- D:\DOCUME~1\ALLUSE~1\Maler 2007-05-15 16:56 <DIR> d-------- D:\WINDOWS\system32\CatRoot2 2007-05-15 16:56 <DIR> d-------- D:\WINDOWS\system32\CatRoot 2007-05-15 16:56 <DIR> d-------- D:\Programfiler\Fellesfiler\SpeechEngines 2007-05-15 16:56 <DIR> d-------- D:\Documents and Settings 2007-05-15 16:56 <DIR> d-------- D:\DOCUME~1\DEFAUL~1\Skrivebord 2007-05-15 16:56 <DIR> d-------- D:\DOCUME~1\DEFAUL~1\Mine dokumenter 2007-05-15 16:56 <DIR> d-------- D:\DOCUME~1\DEFAUL~1\Favoritter 2007-05-15 16:56 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Skrivebord 2007-05-15 16:56 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\Favoritter 2007-05-15 16:50 <DIR> dr-hsc--- D:\WINDOWS\system32\dllcache 2007-05-15 16:50 <DIR> dr--s---- D:\WINDOWS\Fonts 2007-05-15 16:50 <DIR> dr------- D:\WINDOWS\Web 2007-05-15 16:50 <DIR> d--h----- D:\WINDOWS\inf 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\WinSxS 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\twain_32 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\wins 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\wbem 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\usmt 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\spool 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\ShellExt 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\Setup 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\ras 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\oobe 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\npp 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\mui 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\inetsrv 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\IME 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\icsxml 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\ias 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\export 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\drivers\etc 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\drivers\disdn 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\drivers 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\dhcp 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\config 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\3com_dmi 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\3076 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\2052 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1054 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1044 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1042 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1041 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1037 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1033 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1031 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1028 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32\1025 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system32 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\system 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\security 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Resources 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\repair 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Provisioning 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\PeerNet 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\pchealth 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\mui 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\msapps 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\msagent 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Media 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\ime 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Help 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\ehome 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Driver Cache 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Debug 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Cursors 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Connection Wizard 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\Config 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\AppPatch 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS\addins 2007-05-15 16:50 <DIR> d-------- D:\WINDOWS 2007-05-15 16:46 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\PROGRA~1\nView_Profiles 2007-05-15 16:44 2,560 --a------ D:\WINDOWS\_MSRSTRT.EXE 2007-05-15 16:38 <DIR> d-------- D:\WINDOWS\system32\nb-no 2007-05-15 16:25 <DIR> d-------- D:\Programfiler\Fellesfiler\Stardock 2007-05-15 16:14 <DIR> d-------- D:\WINDOWS\network diagnostic 2007-05-15 16:06 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys 2007-05-15 16:06 298,104 --a------ D:\WINDOWS\system32\imon.dll 2007-05-15 16:06 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys 2007-05-15 16:02 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\PROGRA~1\Windows Genuine Advantage 2007-05-15 15:59 0 --a------ D:\WINDOWS\nsreg.dat 2007-05-15 15:49 <DIR> d--hs---- D:\RECYCLER 2007-05-15 15:49 <DIR> d--h----- D:\WINDOWS\$hf_mig$ 2007-05-15 15:49 <DIR> d-------- D:\WINDOWS\system32\PreInstall 2007-05-15 15:46 82,944 --a------ D:\WINDOWS\system32\drivers\wdmaud.sys 2007-05-15 15:46 6,400 --a------ D:\WINDOWS\system32\drivers\splitter.sys 2007-05-15 15:46 54,272 --a------ D:\WINDOWS\system32\drivers\swmidi.sys 2007-05-15 15:46 52,864 --a------ D:\WINDOWS\system32\drivers\DMusic.sys 2007-05-15 15:46 142,464 --a------ D:\WINDOWS\system32\drivers\aec.sys 2007-05-15 15:46 <DIR> d-------- D:\WINDOWS\system32\Lang 2007-05-15 15:45 7,552 --a------ D:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-05-15 15:45 60,800 --a------ D:\WINDOWS\system32\drivers\sysaudio.sys 2007-05-15 15:45 60,288 --a------ D:\WINDOWS\system32\drivers\drmk.sys 2007-05-15 15:45 5,376 --a------ D:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-05-15 15:45 40,960 -r------- D:\WINDOWS\system32\ChCfg.exe 2007-05-15 15:45 4,992 --a------ D:\WINDOWS\system32\drivers\MSPQM.sys 2007-05-15 15:45 4,096 --a------ D:\WINDOWS\system32\ksuser.dll 2007-05-15 15:45 2,944 --a------ D:\WINDOWS\system32\drivers\drmkaud.sys 2007-05-15 15:45 172,416 --a------ D:\WINDOWS\system32\drivers\kmixer.sys 2007-05-15 15:45 135,168 -r------- D:\WINDOWS\system32\RtlCPAPI.dll 2007-05-15 15:45 <DIR> d-------- D:\WINDOWS\system32\RTCOM 2007-05-15 15:44 9,711,104 -r------- D:\WINDOWS\RTLCPL.exe 2007-05-15 15:44 86,016 -r------- D:\WINDOWS\SoundMan.exe 2007-05-15 15:44 69,632 -r------- D:\WINDOWS\Alcmtr.exe 2007-05-15 15:44 4,258,816 -r------- D:\WINDOWS\system32\drivers\RtkHDAud.Sys 2007-05-15 15:44 364,544 -r------- D:\WINDOWS\RtlUpd.exe 2007-05-15 15:44 23,856 --a------ D:\WINDOWS\system32\spupdsvc.exe 2007-05-15 15:44 2,809,344 -r------- D:\WINDOWS\alcwzrd.exe 2007-05-15 15:44 2,158,592 -r------- D:\WINDOWS\MicCal.exe 2007-05-15 15:44 16,120,832 -r------- D:\WINDOWS\RTHDCPL.exe 2007-05-15 15:44 <DIR> d--h----- D:\Programfiler\InstallShield Installation Information 2007-05-15 15:44 <DIR> d-------- D:\Programfiler\Realtek 2007-05-15 15:43 487,424 -r------- D:\WINDOWS\RtlExUpd.dll 2007-05-15 15:43 180,224 --a------ D:\WINDOWS\system32\nvudisp.exe 2007-05-15 15:43 <DIR> d-------- D:\WINDOWS\nview 2007-05-15 15:41 99,840 -ra------ D:\WINDOWS\system32\drivers\nvata.sys 2007-05-15 15:41 35,840 -ra------ D:\WINDOWS\system32\NVCOI.DLL 2007-05-15 15:41 290,304 -ra------ D:\WINDOWS\system32\idecoiins.dll 2007-05-15 15:41 290,304 -ra------ D:\WINDOWS\system32\idecoi.dll 2007-05-15 15:41 208,896 --------- D:\WINDOWS\system32\nvuide.exe 2007-05-15 15:41 <DIR> d-------- D:\WINDOWS\system32\SoftwareDistribution 2007-05-15 15:40 52,736 -ra------ D:\WINDOWS\system32\drivers\NVENETFD.sys 2007-05-15 15:40 36,352 -ra------ D:\WINDOWS\system32\drivers\AmdK8.sys 2007-05-15 15:40 35,840 -ra------ D:\WINDOWS\system32\nvconrm.dll 2007-05-15 15:40 261,120 -ra------ D:\WINDOWS\system32\drivers\nvsnpu.sys 2007-05-15 15:40 208,896 -ra------ D:\WINDOWS\system32\nvusmb.exe 2007-05-15 15:40 208,896 --a------ D:\WINDOWS\system32\nvunrm.exe 2007-05-15 15:40 208,896 --a------ D:\WINDOWS\system32\NVUNINST.EXE 2007-05-15 15:40 208,384 -ra------ D:\WINDOWS\system32\fdco1ins.dll 2007-05-15 15:40 208,384 -ra------ D:\WINDOWS\system32\fdco1.dll 2007-05-15 15:40 18,944 -ra------ D:\WINDOWS\system32\drivers\nvnetbus.sys 2007-05-15 15:40 159,232 -ra------ D:\WINDOWS\system32\fdco_l1036.dll 2007-05-15 15:40 159,232 -ra------ D:\WINDOWS\system32\fdco_l1034.dll 2007-05-15 15:40 159,232 -ra------ D:\WINDOWS\system32\fdco_l1031.dll 2007-05-15 15:40 158,720 -ra------ D:\WINDOWS\system32\fdco_l1046.dll 2007-05-15 15:40 158,720 -ra------ D:\WINDOWS\system32\fdco_l1040.dll 2007-05-15 15:40 156,672 -ra------ D:\WINDOWS\system32\fdco_l1042.dll 2007-05-15 15:40 156,672 -ra------ D:\WINDOWS\system32\fdco_l1041.dll 2007-05-15 15:40 155,648 -ra------ D:\WINDOWS\system32\fdco_l1028.dll 2007-05-15 15:40 155,136 -ra------ D:\WINDOWS\system32\fdco_l2052.dll 2007-05-15 15:40 109,568 -ra------ D:\WINDOWS\system32\drivers\nvtcp.sys 2007-05-15 15:40 10,240 -ra------ D:\WINDOWS\system32\bdco1ins.dll 2007-05-15 15:40 10,240 -ra------ D:\WINDOWS\system32\bdco1.dll 2007-05-15 15:40 1,068,800 -ra------ D:\WINDOWS\system32\drivers\nvnrm.sys 2007-05-15 15:40 <DIR> d-------- D:\WINDOWS\system32\ReinstallBackups 2007-05-15 15:40 <DIR> d-------- D:\WINDOWS\NV1572756.TMP 2007-05-15 15:40 <DIR> d-------- D:\Programfiler\Fellesfiler\InstallShield 2007-05-15 15:37 1,310,720 --ah----- D:\DOCUME~1\Oskar\NTUSER.DAT 2007-05-15 15:37 <DIR> dr-h----- D:\DOCUME~1\Oskar\Programdata 2007-05-15 15:37 <DIR> dr------- D:\DOCUME~1\Oskar\Start-meny 2007-05-15 15:37 <DIR> dr------- D:\DOCUME~1\Oskar\Mine dokumenter 2007-05-15 15:37 <DIR> dr------- D:\DOCUME~1\Oskar\Favoritter 2007-05-15 15:37 <DIR> d--h----- D:\DOCUME~1\Oskar\Skrivere 2007-05-15 15:37 <DIR> d--h----- D:\DOCUME~1\Oskar\Maler 2007-05-15 15:37 <DIR> d--h----- D:\DOCUME~1\Oskar\Lokale innstillinger 2007-05-15 15:37 <DIR> d--h----- D:\DOCUME~1\Oskar\AndrMask 2007-05-15 15:37 <DIR> d-------- D:\DOCUME~1\Oskar\Skrivebord 2007-05-15 15:21 225,280 --ah----- D:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-05-15 15:21 <DIR> d--h----- D:\DOCUME~1\LOCALS~1\Lokale innstillinger 2007-05-15 15:21 <DIR> d-------- D:\WINDOWS\SoftwareDistribution 2007-05-15 15:21 <DIR> d-------- D:\WINDOWS\Prefetch 2007-05-15 15:21 <DIR> d-------- D:\DOCUME~1\LOCALS~1\Programdata 2007-05-15 15:18 225,280 --ah----- D:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-05-15 15:18 <DIR> d--h----- D:\DOCUME~1\NETWOR~1\Lokale innstillinger 2007-05-15 15:18 <DIR> d-------- D:\DOCUME~1\NETWOR~1\Programdata 2007-05-15 15:14 225,280 ---h----- D:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-05-15 15:14 112,128 --a------ D:\WINDOWS\system32\mapi32.dll 2007-05-15 15:14 <DIR> d-------- D:\WINDOWS\system32\xircom 2007-05-15 15:14 <DIR> d-------- D:\Programfiler\microsoft frontpage 2007-05-15 15:13 11,264 --a------ D:\WINDOWS\system32\atrace.dll 2007-05-15 15:13 <DIR> dr------- D:\WINDOWS\Offline Web Pages 2007-05-15 15:13 <DIR> d--hs---- D:\DOCUME~1\ALLUSE~1\DRM 2007-05-15 15:13 <DIR> d--h----- D:\Programfiler\WindowsUpdate 2007-05-15 15:13 <DIR> d---s---- D:\WINDOWS\Downloaded Program Files 2007-05-15 15:13 <DIR> d-------- D:\WINDOWS\system32\DirectX 2007-05-15 15:13 <DIR> d-------- D:\Programfiler\Elektroniske tjenester 2007-05-15 15:12 81,920 --a------ D:\WINDOWS\system32\isign32.dll 2007-05-15 15:12 81,920 --a------ D:\WINDOWS\system32\ils.dll 2007-05-15 15:12 8,192 --a------ D:\WINDOWS\system32\bitsprx2.dll 2007-05-15 15:12 73,728 --a------ D:\WINDOWS\system32\icwdial.dll 2007-05-15 15:12 73,344 --a------ D:\WINDOWS\system32\drivers\sr.sys 2007-05-15 15:12 7,168 --a------ D:\WINDOWS\system32\bitsprx3.dll 2007-05-15 15:12 69,632 --a------ D:\WINDOWS\system32\msconf.dll 2007-05-15 15:12 679,424 --a------ D:\WINDOWS\system32\inetcomm.dll 2007-05-15 15:12 67,584 --a------ D:\WINDOWS\system32\srclient.dll 2007-05-15 15:12 65,536 --a------ D:\WINDOWS\system32\icwphbk.dll 2007-05-15 15:12 64,512 --a------ D:\WINDOWS\system32\acctres.dll 2007-05-15 15:12 6,656 --a------ D:\WINDOWS\system32\wuauserv.dll 2007-05-15 15:12 47,616 --a------ D:\WINDOWS\system32\inetres.dll 2007-05-15 15:12 465,176 --a------ D:\WINDOWS\system32\wuapi.dll 2007-05-15 15:12 45,568 --a------ D:\WINDOWS\system32\safrslv.dll 2007-05-15 15:12 43,520 --a------ D:\WINDOWS\system32\safrcdlg.dll 2007-05-15 15:12 43,520 --a------ D:\WINDOWS\system32\racpldlg.dll 2007-05-15 15:12 41,240 --a------ D:\WINDOWS\system32\wups.dll 2007-05-15 15:12 382,464 --a------ D:\WINDOWS\system32\qmgr.dll 2007-05-15 15:12 34,560 --a------ D:\WINDOWS\system32\mnmdd.dll 2007-05-15 15:12 32,768 --a------ D:\WINDOWS\system32\mnmsrvc.exe 2007-05-15 15:12 32,768 --a------ D:\WINDOWS\system32\isrdbg32.dll 2007-05-15 15:12 29,696 --a------ D:\WINDOWS\system32\safrdm.dll 2007-05-15 15:12 28,672 --a------ D:\WINDOWS\system32\nmmkcert.dll 2007-05-15 15:12 278,528 --a------ D:\WINDOWS\system32\inetcfg.dll 2007-05-15 15:12 275,968 --a------ D:\WINDOWS\system32\mstask.dll 2007-05-15 15:12 252,928 --a------ D:\WINDOWS\system32\msoeacct.dll 2007-05-15 15:12 240,128 --a------ D:\WINDOWS\system32\srrstr.dll 2007-05-15 15:12 23,040 --a------ D:\WINDOWS\system32\fltmc.exe 2007-05-15 15:12 21,704 --a------ D:\WINDOWS\system32\emptyregdb.dat 2007-05-15 15:12 194,840 --a------ D:\WINDOWS\system32\wuaueng1.dll 2007-05-15 15:12 190,976 --a------ D:\WINDOWS\system32\schedsvc.dll 2007-05-15 15:12 18,944 --a------ D:\WINDOWS\system32\qmgrprxy.dll 2007-05-15 15:12 174,360 --a------ D:\WINDOWS\system32\wuauclt1.exe 2007-05-15 15:12 173,536 --a------ D:\WINDOWS\system32\wuweb.dll 2007-05-15 15:12 170,496 --a------ D:\WINDOWS\system32\srsvc.dll 2007-05-15 15:12 16,896 --a------ D:\WINDOWS\system32\fltlib.dll 2007-05-15 15:12 16,384 --a------ D:\WINDOWS\system32\icfgnt5.dll 2007-05-15 15:12 128,896 --a------ D:\WINDOWS\system32\drivers\fltmgr.sys 2007-05-15 15:12 127,768 --a------ D:\WINDOWS\system32\wucltui.dll 2007-05-15 15:12 124,696 --a------ D:\WINDOWS\system32\wuauclt.exe 2007-05-15 15:12 12,288 --a------ D:\WINDOWS\system32\nmevtmsg.dll 2007-05-15 15:12 12,288 --a------ D:\WINDOWS\system32\mstinit.exe 2007-05-15 15:12 105,984 --a------ D:\WINDOWS\system32\msoert2.dll 2007-05-15 15:12 1,343,768 --a------ D:\WINDOWS\system32\wuaueng.dll 2007-05-15 15:12 <DIR> d---s---- D:\WINDOWS\Tasks 2007-05-15 15:12 <DIR> d-------- D:\WINDOWS\system32\Restore 2007-05-15 15:12 <DIR> d-------- D:\WINDOWS\system32\Macromed 2007-05-15 15:12 <DIR> d-------- D:\WINDOWS\srchasst 2007-05-15 15:12 <DIR> d-------- D:\Programfiler\Movie Maker 2007-05-15 15:12 <DIR> d-------- D:\Programfiler\Fellesfiler\Tjenester 2007-05-15 15:12 <DIR> d-------- D:\Programfiler\Fellesfiler\MSSoap 2007-05-15 15:11 97,792 --a------ D:\WINDOWS\system32\comrepl.dll 2007-05-15 15:11 956,416 --a------ D:\WINDOWS\system32\msdtctm.dll 2007-05-15 15:11 93,696 --a------ D:\WINDOWS\system32\tscfgwmi.dll 2007-05-15 15:11 91,136 --a------ D:\WINDOWS\system32\mtxoci.dll 2007-05-15 15:11 9,728 --a------ D:\WINDOWS\system32\reset.exe 2007-05-15 15:11 87,176 --a------ D:\WINDOWS\system32\rdpwsx.dll 2007-05-15 15:11 85,504 --a------ D:\WINDOWS\system32\catsrvps.dll 2007-05-15 15:11 80,384 --a------ D:\WINDOWS\system32\charmap.exe 2007-05-15 15:11 73,216 --a------ D:\WINDOWS\system32\avwav.dll 2007-05-15 15:11 67,072 --a------ D:\WINDOWS\system32\rdshost.exe 2007-05-15 15:11 655,360 --a------ D:\WINDOWS\system32\mstscax.dll 2007-05-15 15:11 625,152 --a------ D:\WINDOWS\system32\catsrvut.dll 2007-05-15 15:11 62,464 --a------ D:\WINDOWS\system32\rdpclip.exe 2007-05-15 15:11 605,696 --a------ D:\WINDOWS\system32\getuname.dll 2007-05-15 15:11 60,928 --a------ D:\WINDOWS\system32\remotepg.dll 2007-05-15 15:11 60,416 --a------ D:\WINDOWS\system32\colbact.dll 2007-05-15 15:11 6,144 --a------ D:\WINDOWS\system32\msdtc.exe 2007-05-15 15:11 58,880 --a------ D:\WINDOWS\system32\msdtclog.dll 2007-05-15 15:11 58,880 --a------ D:\WINDOWS\system32\licwmi.dll 2007-05-15 15:11 56,832 --a------ D:\WINDOWS\system32\sol.exe 2007-05-15 15:11 56,320 --a------ D:\WINDOWS\system32\servdeps.dll 2007-05-15 15:11 55,296 --a------ D:\WINDOWS\system32\freecell.exe 2007-05-15 15:11 540,160 --a------ D:\WINDOWS\system32\comuid.dll 2007-05-15 15:11 54,272 --a------ D:\WINDOWS\system32\stclient.dll 2007-05-15 15:11 538,624 --a------ D:\WINDOWS\system32\spider.exe 2007-05-15 15:11 5,632 --a------ D:\WINDOWS\system32\write.exe 2007-05-15 15:11 5,120 --a------ D:\WINDOWS\system32\dcomcnfg.exe 2007-05-15 15:11 498,688 --a------ D:\WINDOWS\system32\clbcatq.dll 2007-05-15 15:11 44,544 --a------ D:\WINDOWS\system32\tscupgrd.exe 2007-05-15 15:11 44,544 --a------ D:\WINDOWS\system32\hticons.dll 2007-05-15 15:11 426,496 --a------ D:\WINDOWS\system32\msdtcprx.dll 2007-05-15 15:11 408,064 --a------ D:\WINDOWS\system32\mstsc.exe 2007-05-15 15:11 4,096 --a------ D:\WINDOWS\system32\rdpcfgex.dll 2007-05-15 15:11 4,096 --a------ D:\WINDOWS\system32\mtxex.dll 2007-05-15 15:11 38,912 --a------ D:\WINDOWS\system32\cfgbkend.dll 2007-05-15 15:11 35,328 --a------ D:\WINDOWS\system32\winchat.exe 2007-05-15 15:11 348,672 --a------ D:\WINDOWS\system32\hypertrm.dll 2007-05-15 15:11 344,064 --a------ D:\WINDOWS\system32\mspaint.exe 2007-05-15 15:11 33,792 --a------ D:\WINDOWS\system32\regini.exe 2007-05-15 15:11 294,912 --a------ D:\WINDOWS\system32\termsrv.dll 2007-05-15 15:11 25,600 --a------ D:\WINDOWS\system32\comaddin.dll 2007-05-15 15:11 25,088 --a------ D:\WINDOWS\system32\mtxlegih.dll 2007-05-15 15:11 228,864 --a------ D:\WINDOWS\system32\avtapi.dll 2007-05-15 15:11 225,792 --a------ D:\WINDOWS\system32\catsrv.dll 2007-05-15 15:11 22,528 --a------ D:\WINDOWS\system32\qwinsta.exe 2007-05-15 15:11 21,896 --a------ D:\WINDOWS\system32\drivers\tdtcp.sys 2007-05-15 15:11 20,992 --a------ D:\WINDOWS\system32\msg.exe 2007-05-15 15:11 20,480 --a------ D:\WINDOWS\system32\qprocess.exe 2007-05-15 15:11 20,480 --a------ D:\WINDOWS\system32\mtxdm.dll 2007-05-15 15:11 19,968 --a------ D:\WINDOWS\system32\rdpsnd.dll 2007-05-15 15:11 186,368 --a------ D:\WINDOWS\system32\cmprops.dll 2007-05-15 15:11 185,344 --a------ D:\WINDOWS\system32\accwiz.exe 2007-05-15 15:11 17,408 --a------ D:\WINDOWS\system32\qappsrv.exe 2007-05-15 15:11 17,408 --a------ D:\WINDOWS\system32\mmfutil.dll 2007-05-15 15:11 161,280 --a------ D:\WINDOWS\system32\msdtcuiu.dll 2007-05-15 15:11 16,896 --a------ D:\WINDOWS\system32\tsshutdn.exe 2007-05-15 15:11 16,384 --a------ D:\WINDOWS\system32\tskill.exe 2007-05-15 15:11 16,384 --a------ D:\WINDOWS\system32\avmeter.dll 2007-05-15 15:11 15,872 --a------ D:\WINDOWS\system32\rwinsta.exe 2007-05-15 15:11 15,872 --a------ D:\WINDOWS\system32\cdmodem.dll 2007-05-15 15:11 15,360 --a------ D:\WINDOWS\system32\logoff.exe 2007-05-15 15:11 147,968 --a------ D:\WINDOWS\system32\rdchost.dll 2007-05-15 15:11 147,456 --a------ D:\WINDOWS\system32\comsnap.dll 2007-05-15 15:11 140,288 --a------ D:\WINDOWS\system32\sessmgr.exe 2007-05-15 15:11 14,848 --a------ D:\WINDOWS\system32\tsdiscon.exe 2007-05-15 15:11 14,848 --a------ D:\WINDOWS\system32\tscon.exe 2007-05-15 15:11 14,848 --a------ D:\WINDOWS\system32\shadow.exe 2007-05-15 15:11 139,528 --a------ D:\WINDOWS\system32\drivers\rdpwd.sys 2007-05-15 15:11 139,264 --a------ D:\WINDOWS\system32\sndvol32.exe 2007-05-15 15:11 131,584 --a------ D:\WINDOWS\system32\sndrec32.exe 2007-05-15 15:11 13,824 --a------ D:\WINDOWS\system32\rdsaddin.exe 2007-05-15 15:11 127,488 --a------ D:\WINDOWS\system32\mshearts.exe 2007-05-15 15:11 123,392 --a------ D:\WINDOWS\system32\mplay32.exe 2007-05-15 15:11 12,040 --a------ D:\WINDOWS\system32\drivers\tdpipe.sys 2007-05-15 15:11 119,808 --a------ D:\WINDOWS\system32\winmine.exe 2007-05-15 15:11 114,688 --a------ D:\WINDOWS\system32\calc.exe 2007-05-15 15:11 110,080 --a------ D:\WINDOWS\system32\clbcatex.dll 2007-05-15 15:11 11,776 --a------ D:\WINDOWS\system32\xolehlp.dll 2007-05-15 15:11 11,264 --a------ D:\WINDOWS\system32\icaapi.dll 2007-05-15 15:11 102,912 --a------ D:\WINDOWS\system32\clipbrd.exe 2007-05-15 15:11 1,267,200 --a------ D:\WINDOWS\system32\comsvcs.dll 2007-05-15 15:11 1,161 --a------ D:\WINDOWS\system32\usrlogon.cmd 2007-05-15 15:11 <DIR> d-------- D:\WINDOWS\system32\MsDtc 2007-05-15 15:11 <DIR> d-------- D:\WINDOWS\system32\Com 2007-05-15 15:11 <DIR> d-------- D:\WINDOWS\Registration 2007-05-15 15:11 <DIR> d-------- D:\Programfiler\Windows NT 2007-05-15 15:11 <DIR> d-------- D:\Programfiler\MSN Gaming Zone 2007-05-15 15:11 <DIR> d-------- D:\Programfiler\Messenger 2007-05-15 15:10 40,840 --a------ D:\WINDOWS\system32\drivers\termdd.sys 2007-05-15 15:10 196,864 --a------ D:\WINDOWS\system32\drivers\rdpdr.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-15 14:44:59 2,560 ----a-w D:\WINDOWS\_MSRSTRT.EXE 2007-05-15 14:08:56 46,134 ----a-w D:\WINDOWS\system32\perfc014.dat 2007-05-15 14:08:56 318,652 ----a-w D:\WINDOWS\system32\perfh014.dat 2007-03-17 13:45:38 292,864 ----a-w D:\WINDOWS\system32\winsrv.dll 2007-03-08 15:39:11 577,536 ----a-w D:\WINDOWS\system32\user32.dll 2007-03-08 15:39:11 40,960 ----a-w D:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:11 281,600 ----a-w D:\WINDOWS\system32\gdi32.dll 2007-03-08 15:38:06 1,843,584 ----a-w D:\WINDOWS\system32\win32k.sys 2007-02-05 20:19:38 185,344 ----a-w D:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {B41B140D-A302-4A1E-A9B4-762A0BE211A1}=D:\WINDOWS\system32\mlljj.dll [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "nod32kui"="\"c:\\Programfiler\\Eset\\nod32kui.exe\" /WAITSERVICE" "Windows Update"="D:\\Programfiler\\Fellesfiler\\System\\btorrent16.exe" "SunJavaUpdateSched"="\"D:\\Programfiler\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-03-09 15:29] "nwiz"="nwiz.exe" [2006-03-09 15:29 D:\WINDOWS\system32\nwiz.exe]) "NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 15:29] "RTHDCPL"="RTHDCPL.EXE" []) "Alcmtr"="ALCMTR.EXE" []) "nod32kui"="c:\Programfiler\Eset\nod32kui.exe" [2007-05-15 16:05] "Windows Update"="D:\Programfiler\Fellesfiler\System\btorrent16.exe" [] "SunJavaUpdateSched"="D:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00] "MSMSGS"="D:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-01 09:29] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="D:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"D:\\Programfiler\\Messenger\\msmsgs.exe\" /background" "SUPERAntiSpyware"="C:\\Programfiler\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 WudfServiceGroup WUDFSvc\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070515-201335-449 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) backup-20070515-201335-116 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) backup-20070515-201335-452 O2 - BHO: (no name) - {2C45B1EA-1887-42ED-AA5C-494FC8F09F74} - (no file) backup-20070515-201335-336 O2 - BHO: (no name) - {C1B6F993-AD84-4E31-A2A1-620825DA8961} - (no file) ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-16 01:21:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-16 1:21:08 - machine was rebooted D:\ComboFix-quarantined-files.txt ... 2007-05-16 01:21 HJT logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 02:13:45, on 16.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Eset\nod32kui.exe D:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe D:\WINDOWS\system32\ctfmon.exe D:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\ObjectDock\ObjectDock.exe c:\Programfiler\Eset\nod32krn.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\explorer.exe D:\WINDOWS\system32\notepad.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programfiler\Winamp\winamp.exe D:\Documents and Settings\Oskar\Skrivebord\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nod32kui] "c:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Programfiler\ObjectDock\ObjectDock.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programfiler\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - c:\Programfiler\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe -- End of file - 3648 bytes Endret 16. mai 2007 av nollie
m0g1e Skrevet 16. mai 2007 Forfatter Skrevet 16. mai 2007 (endret) Loggen fra Vundofix + en ny HJT-logg poster du i en ny tråd som du oppretter. Det er mer ryddig å ha "èn sak" pr. tråd. 8622919[/snapback] Skulle akkurat til å si det... Ble litt fram og tilbake her siden vi hadde samme problemet. Ny tråd for min PC: https://www.diskusjon.no/index.php?showtopic=766183 Endret 16. mai 2007 av nollie
Gjest medlem-105082 Skrevet 16. mai 2007 Skrevet 16. mai 2007 Hvordan kjører broren din sin pc nå? Får han noen advarsler fra Nod32 e.l?
m0g1e Skrevet 16. mai 2007 Forfatter Skrevet 16. mai 2007 Hvordan kjører broren din sin pc nå? Får han noen advarsler fra Nod32 e.l? 8626067[/snapback] Clean as a babybottom! Tusen virkelig takk for hjelpen HJT viser ikke noe ved stygt ved automatisk analyse via webben hijackthis.de/en heller.. så det er vel løst håper jeg
Gjest medlem-105082 Skrevet 16. mai 2007 Skrevet 16. mai 2007 Ingen årsak! Bra at maskinen er ren. Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Ha en ellers fin dag
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå