|
| |||||||
 |
 |
| | Thread Tools |
|
#1
16 oktober 2008, 09:51
| |||
| |||
| Uansett hva jeg gjør jeg ikke kan kvitte seg med TROJAN.VUNDO.H Jeg har prøvd mange ganger med Malwarebytes å slette VUNDO.H virus. Det ledetekster for å starte på nytt og kjøre Malwarebytes igjen bare for å finne det fortsatt er på systemet. Jeg har også slått av systemer gjenopprette før disse. Takk for hjelpen! |
|
#2
16 oktober 2008, 11:27
| |||
| |||
| Uansett hva jeg gjør jeg ikke kan kvitte seg med TROJAN.VUNDO.H Åpne HijackThis og velg Gjør et søk. Sett et merke ved siden av følgende oppføringer: (hvis det)
Avslutt HijackThis. ---------- Laste ned OTMoveIt2 av OldTimer og lagre den på Desktop. Merk: Hvis du kjører på Vista, høyreklikk på OTMoveIt2.exe og velge Kjør som Administrator. 1. Dobbeltklikk OTMoveIt2.exe å kjøre den. 2. Kopier linjene i codebox nedenfor. Code: [drepe explorer] C: \ WINDOWS \ system32 \ digestp.dll EmptyTemp [start explorer] 4. Klikk på den røde Moveit! knappen. 5. Kopier alt i resultatene vinduet (under den grønne linjen) og lime den inn i din neste svar. 6. Lukke OTMoveIt2 Merk: Hvis en fil eller mappe som ikke kan flyttes umiddelbart kan du bli bedt om å starte datamaskinen på nytt for å fullføre flyttingen prosessen. Hvis du blir bedt om å starte på nytt, velger Ja. Hvis ikke, reboot uansett.
__________________  |
|
#3
16 oktober 2008, 12:39
| |||
| |||
| Uansett hva jeg gjør jeg ikke kan kvitte seg med TROJAN.VUNDO.H Vel Jeg løp alt du postet. The Hijack gikk fint, og 2 filer slettes. Den OTMOVEIT2 program - Jeg kopierte 4 linjer [drepe explorer] C: \ WINDOWS \ system32 \ digestp.dll EmptyTemp [start explorer under den gule linjen og utvalgte MOVEIT. Under den grønne boksen programmene sa utforske drept vellykket men jeg fikk en feil dialogboksen. Sa OTMOVEIT2 OTMOVEIT2.EXE - Dårlig bilde Programmet eller DLL c: \ windows \ rakxhfy.dll er ikke en gyldig Windows bilde. Kontroller dette mot installtion disk. Jeg måtte starte på nytt og OTMOVEIT kom opp igjen og jeg kom opp med samme feildialog som over. Hvordan kan jeg bli kvitt denne OTMOVEIT2 når det reboots. Er det noe annet som må gjøres? |
|
#4
16 oktober 2008, 12:45
| |||
| |||
| Uansett hva jeg gjør jeg ikke kan kvitte seg med TROJAN.VUNDO.H Ja det er mer å gjøre. Ikke bekymre deg om de feilmelding ... Laste ned tilfeldig system informasjon verktøyet (RSIT) av en tilfeldig / tilfeldig fra og lagre det til skrivebordet ditt.
__________________ |
|
#5
16 oktober 2008, 13:26
| |||
| |||
| Uansett hva jeg gjør jeg ikke kan kvitte seg med TROJAN.VUNDO.H Log.txt: Filen over 28.7 KB bytes overskrider forum's grense på 19,5 KB for denne filtypen. Jeg måtte winzip loggfilen å få det til du trenger å cdonstraints datamaskin Juice vedlegg av filer. |
|
#6
16 oktober 2008, 13:34
| |||
| |||
| Uansett hva jeg gjør jeg ikke kan kvitte seg med TROJAN.VUNDO.H Loggfilplassering Logfile tilfeldig system informasjon verktøyet 1,04 (skrevet av tilfeldige / tilfeldig) Drives av eieren på 2008-10-16 15:56:08 Microsoft Windows XP Home Edition Service Pack 3 Systemstasjonen C: har 136 GB (92%) uten 149 GB Totalt RAM: 382 MB (30% gratis) Logfile of Trend Micro HijackThis v2.0.2 Scan lagret 3:56:33 PM, on 10/16/2008 Plattform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Kjører prosesser: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ Lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Programfiler \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe C: \ Programfiler \ Ahead \ InCD \ InCDsrv.exe C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ Programfiler \ Fellesfiler \ New Boundary \ PrismXL \ PRISMXL.SYS C: \ Programfiler \ QuickTime \ qttask.exe C: \ Programfiler \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe C: \ Programfiler \ Messenger \ msmsgs.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Programfiler \ Olympus \ DeviceDetector \ DevDtct2.exe C: \ Programfiler \ Google \ Google Updater \ GoogleUpdater.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Programfiler \ Internet Explorer \ iexplore.exe C: \ Documents and Settings \ Eier \ Lokale innstillinger \ Temporary Internet Files \ Content.IE5 \ 6QBVSP54 \ RSIT [1]. Exe C: \ Programfiler \ Fellesfiler \ Symantec Shared \ COH \ coh32.exe C: \ Programfiler \ Trend Micro \ HijackThis \ Owner.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.emachines.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: RealPlayer Download og Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Programfiler \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: NCO 2.0 IE BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ coShared \ Browser \ 2.6 \ coIEPlg.dll O2 - BHO: Symantec inntrenging Prevention - (6D53EC84-6AAE-4787-AEEE-F4628F01010C) - c: \ progra ~ 1 \ FELLES ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programfiler \ Google \ googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programfiler \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - c: \ windows \ system32 \ digestp.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ coShared \ Browser \ 2.6 \ CoIEPlg.dll O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Programfiler \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe" O4 - HKLM \ .. \ Run: [osCheck] "C: \ Programfiler \ Norton 360 \ osCheck.exe" O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programfiler \ Messenger \ msmsgs.exe" / background O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - Global Startup: Enhet Detector 3.lnk = C: \ Programfiler \ Olympus \ DeviceDetector \ DevDtct2.exe O4 - Global Startup: Google Updater.lnk = C: \ Programfiler \ Google \ Google Updater \ GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C: \ Programfiler \ Microsoft Office \ Office \ OSA9.EXE O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000 O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Extra knappen: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: (2D8ED06D-3C30-438B-96AE-4D110FDC1FB8) (ActiveScan 2.0 Installer klasse) -- http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Klassifikasjon) -- http://www.update.microsoft.com/wind...?1211623928390 O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasse) -- http://www.update.microsoft.com/micr...?1211630845500 O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll O20 - Winlogon Notify: paubftzz - C: \ WINDOWS \ system32 \ digestp.dll O23 - Service: ATI Hurtigtast Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: Automatisk LiveUpdate Scheduler - Symantec Corporation - C: \ Programfiler \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ VAScanner \ comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: InCD Filsystem Service (InCDsrv) - Ahead Software - C: \ Programfiler \ Ahead \ InCD \ InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C: \ Programfiler \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C: \ Programfiler \ Fellesfiler \ New Boundary \ PrismXL \ PRISMXL.SYS O23 - Service: Symantec Core LC - Unknown owner - C: \ progra ~ 1 \ FELLES ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe -- End of file - 7993 bytes ====== Planlagte oppgaver mappe ====== C: \ WINDOWS \ oppgaver \ Automatisk Full Backup.job C: \ WINDOWS \ oppgaver \ Daglig Changed Files.job C: \ WINDOWS \ oppgaver \ PEACTREE UKENTLIG TILBAKE UP.job ====== Registerkontroll dump ====== [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3)] Adobe PDF Reader Link Helper - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (3049C3E9-B461-4BC5-8870-4C09146192CA)] RealPlayer Download og Record Plugin for Internet Explorer - C: \ Programfiler \ Real \ RealPlayer \ rpbrowserrecordplugin.dll [2008-04-19 308856] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408)] C: \ Programfiler \ Fellesfiler \ Symantec Shared \ coShared \ Browser \ 2.6 \ coIEPlg.dll [2008-06-30 349552] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (6D53EC84-6AAE-4787-AEEE-F4628F01010C)] Symantec inntrenging Forebygging - C: \ progra ~ 1 \ FELLES ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll [2008-10-16 116088] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AA58ED58-01DD-4d91-8333-CF10577473F7)] Google Toolbar Helper - c: \ Programfiler \ Google \ googletoolbar1.dll [2007-06-04 2554944] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AF69DE43-7D58-4638-B6FA-CE66B5AD205D)] Google Toolbar Notifier BHO - C: \ Programfiler \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll [2008-09-26 737776] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] c: \ windows \ system32 \ digestp.dll [2004-08-04 105984] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Internet Explorer \ Toolbar] (EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll [2005-08-04 343112] (2318C2B1-4965-11D4-9B18-009027A5CD4F) - og Google - C: \ Programfiler \ Google \ googletoolbar1.dll [2007-06-04 2554944] ID (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - Show Norton Toolbar - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ coShared \ Browser \ 2.6 \ CoIEPlg.dll [2008-06-30 349552] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Run] "QuickTime Task" = C: \ Programfiler \ QuickTime \ qttask.exe [2005-01-28 98304] "Adobe Photo Downloader" = C: \ Programfiler \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe [2005-06-06 57344] "Adobe Reader Speed Launcher" = C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe [2008-01-11 39792] "TkBellExe" = C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe [2008-04-19 185896] "ccApp" = C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe [2008-02-18 51048] "osCheck" = C: \ Programfiler \ Norton 360 \ osCheck.exe [2008-02-26 988512] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "MSMSGS" = C: \ Programfiler \ Messenger \ msmsgs.exe [2008-04-13 1695232] "Ctfmon.exe" = C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-13 15360] "SUPERAntiSpyware" = C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe [2008-05-28 1506544] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ATIPTA] C: \ Programfiler \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe [2004-11-12 344064] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ccApp] C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe [2008-02-18 51048] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CHotkey] C: \ WINDOWS \ zHotkey.exe [2004-05-17 543232] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ InCD] C: \ Programfiler \ Ahead \ InCD \ InCD.exe [2003-09-01 1200178] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ MSMSGS] C: \ Programfiler \ Messenger \ msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE [2002-09-13 212992] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl] C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe [2003-10-31 32768] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ShowWnd] C: \ WINDOWS \ ShowWnd.exe [2003-09-19 36864] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SoundMan] C: \ WINDOWS \ SOUNDMAN.EXE [2004-11-15 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunKistEM] C: \ Programfiler \ Digital Media Reader \ shwiconem.exe [2004-11-15 135168] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ UpdateManager] C: \ Programfiler \ Fellesfiler \ Sonic \ Update Manager \ sgtray.exe [2003-08-19 110592] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ BigFix.lnk] C: \ progra ~ 1 \ BigFix \ BigFix.exe [2002-07-31 1742384] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] C: \ progra ~ 1 \ micros ~ 2 \ Office \ OSA9.EXE [2000-01-21 65588] C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Oppstart Enhet Detector 3.lnk - C: \ Programfiler \ Olympus \ DeviceDetector \ DevDtct2.exe Google Updater.lnk - C: \ Programfiler \ Google \ Google Updater \ GoogleUpdater.exe Microsoft Office.lnk - C: \ Programfiler \ Microsoft Office \ Office \ OSA9.EXE [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll [2007-04-19 294912] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ AtiExtEvent] C: \ WINDOWS \ system32 \ Ati2evxx.dll [2006-02-21 61440] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz] C: \ WINDOWS \ system32 \ digestp.dll [2004-08-04 105984] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ ShellServiceObjectDelayLoad] UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \ WINDOWS \ system32 \ upnpui.dll [2008-04-13 239616] WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Programfiler \ SUPERAntiSpyware \ SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Policies \ System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Policies \ Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ standard profil \ authorizedapplications \ listen] "% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019" "C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLDial.exe" = "C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL" "C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLacsd.exe" = "C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL" "C: \ Programfiler \ America Online 9.0 \ waol.exe" = "C: \ Programfiler \ America Online 9.0 \ waol.exe: *: Enabled: America Online 9.0" "% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000" "C: \ Programfiler \ Internet Explorer \ iexplore.exe" = "C: \ Programfiler \ Internet Explorer \ iexplore.exe: *: Disabled: Internet Explorer" "C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe" = "C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe: *: Enabled: LogMeIn Rescue" [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ tjenester es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ listen] "% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: Enabled: @ xpsp2res.dll, -22019" "C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLDial.exe" = "C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL" "C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLacsd.exe" = "C: \ Programfiler \ Fellesfiler \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL" "C: \ Programfiler \ America Online 9.0 \ waol.exe" = "C: \ Programfiler \ America Online 9.0 \ waol.exe: *: Enabled: America Online 9.0" "% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000" [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)] shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe Shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-b301-806d6172696f)] shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe Shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480 ====== Liste over filer / mapper opprettet i de siste 1 mnd ====== 2008-10-16 15:56:08 ---- D ---- C: \ rsit 2008-10-16 15:19:05 ---- D ---- C: \ _OTMoveIt 2008-10-16 14:07:16 ---- D ---- C: \ Program Files \ Panda Security 2008-10-16 13:48:04 ---- B ---- C: \ WINDOWS \ system32 \ CF23987.exe 2008-10-16 13:47:57 ---- B ---- C: \ Bug.txt 2008-10-16 13:20:06 ---- D ---- C: \ VundoFix sikkerhetskopier 2008-10-16 13:20:06 ---- B ---- C: \ VundoFix.txt 2008-10-16 12:26:25 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-10-16 12:25:40 ---- D ---- C: \ Programfiler \ SUPERAntiSpyware 2008-10-16 12:25:39 ---- D ---- C: \ Documents and Settings \ Eier \ Programdata \ SUPERAntiSpyware.com 2008-10-16 12:25:12 ---- D ---- C: \ Programfiler \ Fellesfiler \ Wise Installation Wizard 2008-10-16 11:20:45 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956803 $ 2008-10-16 11:20:36 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956391 $ 2008-10-16 11:20:27 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB957095 $ 2008-10-16 11:17:11 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB954211 $ 2008-10-16 11:16:54 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956841 $ 2008-10-16 11:08:22 ---- D ---- C: \ WINDOWS \ system32 \ N360_BACKUP 2008-10-16 10:48:03 ---- DC ---- C: \ WINDOWS \ system32 \ DRVSTORE 2008-10-16 10:47:42 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008-10-16 10:24:37 ---- D ---- C: \ Program Files \ Windows Sidebar 2008-10-16 10:24:06 ---- D ---- C: \ Programfiler \ Norton 360 2008-10-16 10:22:49 ---- B ---- C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008-10-15 17:26:20 ---- D ---- C: \ Programfiler \ NoNAV 2008-10-15 16:41:28 ---- D ---- C: \ SymNoNav 2008-10-15 16:22:38 ---- D ---- C: \ WINDOWS \ LMI42.tmp 2008-10-15 15:10:33 ---- D ---- C: \ Programfiler \ Trend Micro 2008-10-11 12:25:41 ---- D ---- C: \ WINDOWS \ søndag 2008-10-11 12:25:41 ---- D ---- C: \ Documents and Settings \ Eier \ Programdata \ søndag 2008-10-11 12:00:57 ---- D ---- C: \ Programfiler \ CCleaner 2008-10-11 11:38:42 ---- D ---- C: \ Documents and Settings \ Eier \ Programdata \ Malwarebytes 2008-10-11 11:38:37 ---- D ---- C: \ Programfiler \ Malwarebytes' Anti-Malware 2008-10-11 11:38:37 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes ====== Liste over filer / mapper endret de siste 1 mnd ====== 2008-10-16 15:44:12 ---- D ---- C: \ Programfiler \ Fellesfiler \ Symantec Shared 2008-10-16 15:43:38 ---- D ---- C: \ WINDOWS \ Temp 2008-10-16 15:27:24 ---- D ---- C: \ WINDOWS \ system32 \ Catroot2 2008-10-16 15:25:42 ---- B ---- C: \ WINDOWS \ SchedLgU.Txt 2008-10-16 15:12:27 ---- B ---- C: \ WINDOWS \ hpbafd.ini 2008-10-16 15:12:19 ---- B ---- C: \ WINDOWS \ system32 \ NTS5CSET.INI 2008-10-16 15:05:13 ---- D ---- C: \ WINDOWS 2008-10-16 14:13:35 ---- D ---- C: \ WINDOWS \ system32 \ drivers 2008-10-16 14:07:16 ---- RD ---- C: \ Program Files 2008-10-16 14:07:16 ---- HD ---- C: \ WINDOWS \ inf 2008-10-16 14:06:35 ---- SD ---- C: \ WINDOWS \ Downloaded Program Files 2008-10-16 13:49:56 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Google Updater 2008-10-16 13:48:11 ---- D ---- C: \ WINDOWS \ system32 2008-10-16 12:26:10 ---- SHD ---- C: \ WINDOWS \ Installer 2008-10-16 12:25:12 ---- D ---- C: \ Program Files \ Common Files 2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Minidump 2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Debug 2008-10-16 11:20:47 ---- RSHDC ---- C: \ WINDOWS \ system32 \ dllcache 2008-10-16 11:20:43 ---- HD ---- C: \ WINDOWS \ $ hf_mig $ 2008-10-16 11:20:07 ---- D ---- C: \ Programfiler \ Internet Explorer 2008-10-16 11:19:54 ---- D ---- C: \ WINDOWS \ ie7updates 2008-10-16 11:19:07 ---- B ---- C: \ WINDOWS \ Win.ini 2008-10-16 11:08:11 ---- D ---- C: \ Documents and Settings \ Eier \ Programdata \ Symantec 2008-10-16 11:04:17 ---- D ---- C: \ Programfiler \ Symantec 2008-10-16 11:01:12 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008-10-16 10:46:55 ---- D ---- C: \ WINDOWS \ Prefetch 2008-10-15 17:42:01 ---- D ---- C: \ Documents and Settings 2008-10-15 15:38:45 ---- D ---- C: \ WINDOWS \ WinSxS 2008-10-15 15:38:45 ---- D ---- C: \ Programfiler \ Fellesfiler \ Microsoft Shared 2008-10-15 14:55:27 ---- D ---- C: \ WINDOWS \ system32 \ restore 2008-10-15 13:23:32 ---- B ---- C: \ WINDOWS \ PCW120.ini 2008-10-15 13:23:22 ---- D ---- C: \ SHAREDAT 2008-10-14 14:58:10 ---- D ---- C: \ Shardata 2008-10-11 11:30:23 ---- SHD ---- C: \ System Volume Information 2008-10-07 15:19:40 ---- B ---- C: \ WINDOWS \ system32 \ Mrt.exe 2008-10-03 13:41:15 ---- B ---- C: \ WINDOWS \ system32 \ ieframe.dll 2008-09-24 08:36:56 ---- D ---- C: \ Programfiler \ Fellesfiler \ Peach ====== Liste over drivere (R = Running, S = stoppet, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = funksjonshemmede )====== R1 AmdPPM; AMD HwPState Processor Driver; C: \ WINDOWS \ system32 \ drivers \ AmdPPM.sys [2007-04-16 33792] R1 eeCtrl; Symantec Eraser Control driver; \? \ C: \ Programfiler \ Fellesfiler \ Symantec Shared \ EENGINE \ eeCtrl.sys [] R1 InCDPass; InCDPass; C: \ WINDOWS \ system32 \ drivers \ InCDPass.sys [2003-09-01 28528] R1 incdrm; InCD EasyWrite Reader; C: \ WINDOWS \ system32 \ drivers \ incdrm.sys [2003-08-21 25520] R1 SASDIFSV; SASDIFSV; \? \ C: \ Programfiler \ SUPERAntiSpyware \ SASDIFSV.SYS [] R1 SASKUTIL; SASKUTIL; \? \ C: \ Programfiler \ SUPERAntiSpyware \ SASKUTIL.sys [] R1 SPBBCDrv; SPBBCDrv; \? \ C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SPBBC \ SPBBCDrv.sys [] R1 SRTSPX; SRTSPX; C: \ WINDOWS \ system32 \ Drivers \ SRTSPX.SYS [2008-01-31 43696] R1 SYMTDI; SYMTDI; C: \ WINDOWS \ system32 \ Drivers \ SYMTDI.SYS [2008-06-13 184240] R2 CO_Mon; CO_Mon; \? \ C: \ WINDOWS \ system32 \ drivers \ CO_Mon.sys [] R2 mdmxsdk; mdmxsdk; C: \ WINDOWS \ system32 \ drivers \ mdmxsdk.sys [2004-03-17 13059] R2 tmcomm; tmcomm; \? \ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys [] R3 ALCXWDM; Service for Realtek AC97 Audio (WDM); C: \ WINDOWS \ system32 \ drivers \ ALCXWDM.SYS [2004-11-18 2297664] R3 Arp1394; 1394 ARP Kundekommentarer Protocol; C: \ WINDOWS \ system32 \ drivers \ arp1394.sys [2008-04-13 60800] R3 ati2mtag; ati2mtag; C: \ WINDOWS \ system32 \ drivers \ ati2mtag.sys [2006-02-21 1505792] R3 COH_Mon; COH_Mon; \? \ C: \ WINDOWS \ system32 \ drivers \ COH_Mon.sys [] R3 EraserUtilRebootDrv; EraserUtilRebootDrv; \? \ C: \ Programfiler \ Fellesfiler \ Symantec Shared \ EENGINE \ EraserUtilRebootDrv.sys [] R3 GEARAspiWDM; Gear ASPI Filter Driver; C: \ WINDOWS \ system32 \ Drivers \ GEARAspiWDM.sys [2008-04-17 15464] R3 HSF_DP; HSF_DP; C: \ WINDOWS \ system32 \ drivers \ HSF_DP.sys [2004-06-17 1041536] R3 HSFHWBS2; HSFHWBS2; C: \ WINDOWS \ system32 \ drivers \ HSFHWBS2.sys [2004-06-17 220032] R3 NAVENG; NAVENG; \? \ C: \ progra ~ 1 \ FELLES ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVENG.SYS [] R3 NAVEX15; NAVEX15; \? \ C: \ progra ~ 1 \ FELLES ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVEX15.SYS [] R3 NIC1394; 1394 Net Driver; C: \ WINDOWS \ system32 \ drivers \ nic1394.sys [2008-04-13 61824] R3 rtl8139; Realtek RTL8139 (A / B / C)-baserte PCI Fast Ethernet Adapter NT Driver; C: \ WINDOWS \ system32 \ drivers \ RTL8139.SYS [2004-08-04 20992] R3 SASENUM; SASENUM; \? \ C: \ Programfiler \ SUPERAntiSpyware \ SASENUM.SYS [] R3 SRTSP; SRTSP; C: \ WINDOWS \ system32 \ Drivers \ SRTSP.SYS [2008-01-31 279088] R3 SunkFilt; Alcor Micro AS Reader; \? \ C: \ WINDOWS \ system32 \ Drivers \ sunkfilt.sys [] R3 SYMDNS; SYMDNS; C: \ WINDOWS \ system32 \ Drivers \ SYMDNS.SYS [2008-06-13 13616] R3 SymEvent; SymEvent; \? \ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS [] R3 SYMFW; SYMFW; C: \ WINDOWS \ system32 \ Drivers \ SYMFW.SYS [2008-06-13 96432] R3 SYMIDS; SYMIDS; C: \ WINDOWS \ system32 \ Drivers \ SYMIDS.SYS [2008-06-13 38576] R3 SYMIDSCO; SYMIDSCO; \? \ C: \ progra ~ 1 \ FELLES ~ 1 \ SYMANT ~ 1 \ SymcData \ ipsdefs \ 20081014.001 \ SymIDSCo.sys [] R3 SymIMMP; SymIMMP; C: \ WINDOWS \ system32 \ drivers \ SymIM.sys [2008-06-13 31280] R3 SYMNDIS; SYMNDIS; C: \ WINDOWS \ system32 \ Drivers \ SYMNDIS.SYS [2008-06-13 37424] R3 SYMREDRV; SYMREDRV; C: \ WINDOWS \ system32 \ Drivers \ SYMREDRV.SYS [2008-06-13 22320] R3 usbehci; Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ drivers \ usbehci.sys [2008-04-13 30208] R3 usbhub; USB2 Enabled Hub; C: \ WINDOWS \ system32 \ drivers \ Usbhub.sys [2008-04-13 59520] R3 usbohci; Microsoft USB Open Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ drivers \ usbohci.sys [2008-04-13 17152] R3 USBSTOR; USB Mass Storage Driver; C: \ WINDOWS \ system32 \ drivers \ USBSTOR.SYS [2008-04-13 26368] R3 winachsf; winachsf; C: \ WINDOWS \ system32 \ drivers \ HSF_CNXT.sys [2004-06-17 685056] R4 InCDfs; InCD Filsystem; C: \ WINDOWS \ system32 \ drivers \ InCDfs.sys [2003-09-01 88800] S1 P3; Intel PentiumIII Processor Driver; C: \ WINDOWS \ system32 \ drivers \ p3.sys [2008-04-13 42752] S3 Bridge; MAC Bridge, C: \ WINDOWS \ system32 \ drivers \ bridge.sys [2008-04-13 71552] S3 BridgeMP; MAC Bridge Miniport; C: \ WINDOWS \ system32 \ drivers \ bridge.sys [2008-04-13 71552] S3 mxnic; Macronix MX987xx Familie Fast Ethernet NT Driver; C: \ WINDOWS \ system32 \ drivers \ mxnic.sys [2001-08-17 19968] S3 NV; nv, C: \ WINDOWS \ system32 \ drivers \ nv4_mini.sys [2004-08-04 1897408] S3 SRTSPL; SRTSPL; C: \ WINDOWS \ system32 \ Drivers \ SRTSPL.SYS [2008-01-31 317616] S3 SymIM; Symantec Network Security Intermediate Filter Service; C: \ WINDOWS \ system32 \ drivers \ SymIM.sys [2008-06-13 31280] S3 usbuhci; Microsoft USB Universal Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ drivers \ usbuhci.sys [2008-04-13 20608] S3 VNUSB; VN Serie Enhet; C: \ WINDOWS \ system32 \ drivers \ VNUSB.sys [2003-12-15 38448] S3 wanatw; WAN Miniport (ATW); C: \ WINDOWS \ system32 \ drivers \ wanatw4.sys [] S3 WudfPf; Windows Driver Foundation - User-mode Driver Framework Platform Driver; C: \ WINDOWS \ system32 \ drivers \ WudfPf.sys [2006-09-28 77568] S3 WudfRd; Windows Driver Foundation - User-mode Driver Framework reflektor, C: \ WINDOWS \ system32 \ drivers \ wudfrd.sys [2006-09-28 82944] S4 sr; Systemgjenoppretting Filter Driver; C: \ WINDOWS \ system32 \ drivers \ sr.sys [2008-04-13 73472] ====== Liste over tjenester (R = Running, S = stoppet, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = funksjonshemmede )====== R2 ati Hurtigtast Poller; ati Hurtigtast Poller; C: \ WINDOWS \ system32 \ Ati2evxx.exe [2006-02-21 405504] R2 Automatisk LiveUpdate Scheduler; Automatisk LiveUpdate Scheduler; C: \ Programfiler \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe [2008-02-21 238968] R2 ccEvtMgr; Symantec Event Manager, C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 ccSetMgr; Symantec Settings Manager, C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 CLTNetCnService; Symantec Lic NetConnect service; C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 gusvc; Google Updater Service; C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe [2007-06-04 138680] R2 InCDsrv; InCD Filsystem Service; C: \ Programfiler \ Ahead \ InCD \ InCDsrv.exe [2003-09-01 798772] R2 LiveUpdate Notice; LiveUpdate Notice; C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 MDM; Machine Debug Manager, C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ VS7DEBUG \ MDM.EXE [2003-06-19 322120] R2 PrismXL; PrismXL; C: \ Programfiler \ Fellesfiler \ New Boundary \ PrismXL \ PRISMXL.SYS [2005-01-28 172032] S3 aspnet_state; ASP.NET State Service; C: \ WINDOWS \ Microsoft.NET \ Framework \ v1.1.4322 \ aspne t_state.exe [2004-07-15 32768] S3 comHost; COM Host; C: \ Programfiler \ Fellesfiler \ Symantec Shared \ VAScanner \ comHost.exe [2007-08-22 55640] S3 LiveUpdate; LiveUpdate, C: \ Programfiler \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE [2008-09-05 3220856] S3 ose; Office Source Engine; C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Source Engine \ Ose.exe [2003-07-28 89136] S3 Symantec Core LC; Symantec Core LC, c: \ progra ~ 1 \ FELLES ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe [2008-10-16 1245064] S3 WMPNetworkSvc; Windows Media Player Network Sharing Service; C: \ Programfiler \ Windows Media Player \ WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc; Windows Driver Foundation - User-mode Driver Framework, C: \ WINDOWS \ system32 \ Svchost.exe [2008-04-13 14336] ----------------- EOF ----------------- |
|
#7
16 oktober 2008, 13:50
| |||
| |||
| Uansett hva jeg gjør jeg ikke kan kvitte seg med TROJAN.VUNDO.H Den, det digestp.dll er fortsatt ikke borte. Først: Laste ned Deaktiver / Fjern Windows Messenger på skrivebordet for å fjerne Windows Messenger. Må ikke forveksles Windows Messenger med MSN Messenger fordi de ikke er det samme. Windows Messenger er en hyppig årsak til popups. Unzip filen på skrivebordet. Åpne MessengerDisable.exe og velg den nederste boksen -- Avinstallere Windows Messenger og klikk Søke. Avslutt ut av MessengerDisable deretter slette to filer som ble satt på skrivebordet. ---------- Merk: nedenstående instruksjoner ble laget spesielt for denne brukeren. Hvis du ikke bruker, IKKE Følg disse skiltene fordi de kan ødelegge hjemkomsten til systemet Gå til Start> Kjør og skriver Notepad.exe deretter OK Kopier og lim inn nedenfor i Notepad og lagre som fixme.reg til ditt Desktop Code: REGEDIT4 [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] [-HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ MSMSGS] [-- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz] Kontroller at du fortelle meg hvis du mottar en suksess beskjed om å legge det over til registret. Hvis du ikke blir en suksess melding, det fungerte ikke. Slett fixme.reg fra Desktop. ---------- Java er utdatert. Eldre versjoner har sårbarheter som skadelige nettsteder kan bruke til å infisere maskinen. Først installerer den nye Sun Java Runtime Environment Husk å lukke alle webleservinduer før du begynner å installere. Fjern den gamle versjonen (e) Laste ned JavaRa
Mistenkelige filer for å skanne Vennligst gå til VirSCAN.org GRATIS on-line scan service (Hvis flere filer må skannes de må lages separat og logger postet for hver) 1. Kopier og lim inn følgende filbane i Mistenkelige filer for å skanne øverst på siden. Code: C: \ WINDOWS \ system32 \ CF23987.exe 3. Trykk Ctrl + V på tastaturet (begge samtidig) for å lime inn filbanen i vinduet. 4. Klikk på Last opp knappen. Dette vil utføre en skanning på tvers av flere ulike virussøk motorer. Filen vil muligens bli inngått en kø som normalt tar mindre enn et minutt å fjerne. Viktig: Vent til alle de skanning motorer å fullføre. 5. Når skanningen er fullført, blar du ned og klikker på Kopier til utklippstavlen knappen. Dette vil kopiere koblingen av rapporten i utklippstavlen. 6. Lime inn innholdet på utklippstavlen i neste svaret. ---------- Etter oppslaget i VirSCAN.org resultater. Laste ned ATF Cleaner ved Atribune til skrivebordet ditt. Alternative nedlastingskoblingen Merk: Vista-brukere må bruke Kjør som Administrator
Viktig: Start maskinen på nytt før du fortsetter.
__________________ |
|
#8
16 oktober 2008, 14:39
| |||
| |||
| Uansett hva jeg gjør jeg ikke kan kvitte seg med TROJAN.VUNDO.H 1. Suksess i Fixme.reg 2. Så her er det 2 Loggfilene du ville ha meg til å sende A. JavaRa 11.1 Fjerning Logg. Rapporten følger etter linje. ------------------------------------ Den JavaRa fjerningsprosessen ble startet på Tor Okt 16 17:23:09 2008 Funnet og fjernet: C: \ Windows \ System32 \ jpicpl32.cpl Funnet og fjernet: C: \ Windows \ Installer \ (7148F0A8-6813-11D6-A77B-00B0D0142000) Funnet og fjernet: SOFTWARE \ Javasofts \ Java Runtime Environment \ 1.4 Funnet og fjernet: Software \ Microsoft \ Windows \ CurrentVersion \ Uninstal l \ (7148F0A8-6813-11D6-A77B-00B0D0142000) Funnet og fjernet: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA) Funnet og fjernet: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB) Funnet og fjernet: SOFTWARE \ Classes \ Installer \ Products \ 8A0F841731866D 117AB7000B0D410200 Funnet og fjernet: Software \ Microsoft \ Windows \ CurrentVersion \ Installe r \ userdata \ S-1-5-18 \ Products \ 8A0F841731866D117AB7000B0D410200 Funnet og fjernet: SOFTWARE \ Classes \ JavaPlugin.142 Funnet og fjernet: SOFTWARE \ Javasofts \ Java Plug-in \ 1.4.2 Funnet og fjernet: SOFTWARE \ Javasofts \ Java Runtime Environment \ 1.4.2 Funnet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.4.2 Funnet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.0.1 Funnet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.0.1_02 Funnet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.0.1_03 Funnet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.0.1_04 Funnet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.2 Funnet og fjernet: SOFTWARE \ Javasofts \ Java Web Start \ 1.2.0_01 ------------------------------------ Ferdig rapportering. JavaRa 11.1 Fjerning Logg. Rapporten følger etter linje. ------------------------------------ Den JavaRa fjerningsprosessen ble startet på Tor Okt 16 17:23:18 2008 ------------------------------------ Ferdig rapportering. B. VirSCAN. Org Skannet Rapport: Skannet tid: 2008/10/16 17:27:59 (EDT) Scanner resultater: Alle skannere rapporterte ikke finner malware! Filnavn: CF23987.exe Filstørrelse: 389120 byte Filtype: PE32 kjørbare for MS Windows (konsollen) Intel 80386 32-bit MD5: b65faf059812f22a1058ecfcb520e47b SHA1: 8148c039b0f0a166bc1a1801fe6d14716bdcec1f Online rapporten: http://virscan.org/report/36cd3be0f2...66947033e.html Scanner Engine Ver Sig Ver Sig Dato Tid Scan resultat a-kvadrerte 4.0.0.16 2008.10.15 2008-10-15 1,54 -- AhnLab V3 ... .. - 0,18 -- AntiVir 7.9.0.5 7.0.7.51 2008-10-16 0,08 -- Antiy 2.0.18 20081016,1488960 2008-10-16 0,12 -- Arcavir 1.0.5 200810161244 2008-10-16 1,23 -- Authentium 5.1.1 200810150216 2008-10-15 1,17 -- Avast! 3.0.1 081015-0 2008-10-15 0,72 -- AVG 7.5.52.442 270.8.1/1728 2008-10-16 1,68 -- BitDefender 7.60825.1875439 7,21294 2008-10-17 3,13 -- CA (VET) 9.0.0.143 31.6.6151 2008-10-16 5,37 -- ClamAV 0,94 8435 2008 -10-17 0,13 -- Comodo 2,11 2.0.0.678 2008-10-16 0,44 -- CP Secure 1.1.0.715 2008.10.17 2008-10-17 6,26 -- Dr.Web 4.44.0.9170 2008.10.16 2008-10-16 3,41 -- ewido 4.0.0.2 2008.10.16 2008-10-16 2,90 -- F-Prot 4.4.4.56 20081016 2008-10-16 1,19 -- F-Secure 5.51.6100 2008 .10.16.09 2008-10-16 3,55 -- Fortinet 2.81-3.113 9,647 2008-10-15 0,23 -- GData 19.1058/19.65 20081016 2008-10-16 2,65 -- ViRobot 20081016 2008.10.16 2008-10-16 0,40 -- Ikarus T3.1.01.34 2008.10.16.71662 2008-10-16 3,99 -- JiangMin 11.0.706 2008.10.16 2008-10-16 1,26 -- Kaspersky 5.5.10 2008.10.16 2008-10-16 0,04 -- KingSoft 2008.9.8.18 2008.10.16.17 2008-10-16 0,66 -- McAfee 5.3.00 5406 2008-10-15 2,13 -- Microsoft 1,4005 2008.10.16 2008-10-16 3,93 -- mks_vir 2,01 2008.10.16 2008-10-16 2,75 -- Norman 5.93.01 5.93.00 2008-10-16 5,21 -- Panda 9.05.01 2008.10.16 2008-10-16 2,28 -- Trend Micro 8.700-1004 5.604.11 2008-10-16 0,03 -- Quick Heal 9,50 2008.10.16 2008-10-16 1,99 -- Rising 20,0 20.66.32.00 2008-10-16 0,77 -- Sophos 2.79.0 4,34 2008-10-17 1,86 -- Sunbelt 3.1.1728.1 2317 2008-10-16 0,48 -- Symantec 1.3.0.24 20081016,004 2008-10-16 0,05 -- nProtect 2008-10-16.00 2247055 2008-10-16 4,22 -- The Hacker 6.3.1.0 v00116 2008-10-16 0,45 -- VBA32 3.12.8.7 20081016,1009 2008-10-16 1,43 -- VirusBuster 4.5.11.10 10.90.4/651643 2008-10-16 0,99 -- |
|
#9
16 oktober 2008, 14:41
| |||
| |||
| Uansett hva jeg gjør jeg ikke kan kvitte seg med TROJAN.VUNDO.H Last ned ComboFix av ubåter fra én av de nedenfor koblinger. Pass på at toppen lagre det til Desktop. Link # 1 Link # 2 ** Merk: Det er viktig at det er lagret direkte til skrivebordet ditt Lukk alle åpne weblesere. (Firefox, Internet Explorer, osv.) før du starter ComboFix. Midlertidig deaktivere din antivirus, Og eventuelle antispyware sanntid beskyttelse før utføre en skanning. Klikk denne koblingen å se en liste over sikkerhetsprogrammer som skal være deaktivert og hvordan du deaktiverer dem. Dobbeltklikk combofix.exe og følg instruksjonene. Når du er ferdig ComboFix vil produsere en logg for deg. Poste ComboFix logg i neste svaret. Viktig: Ikke mouseclick ComboFix's vinduet mens den kjører. Det kan føre til stall. Husk å aktivere din antivirus og antispyware beskyttelse når ComboFix er fullført.
__________________ |
|
#10
16 oktober 2008, 15:11
| |||
| |||
| Uansett hva jeg gjør jeg ikke kan kvitte seg med TROJAN.VUNDO.H ComboFix 08-10-16.01 - Eier 2008-10-16 17:52:25.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95 [GMT -4:00] Running from: C: \ Documents and Settings \ Eier \ Skrivebord \ ComboFix.exe * Opprettet et nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ WINDOWS \ jestertb.dll D: \ Autorun.inf . ((((((((((((((((((((((((( Files Created fra 2008-09-16 til 2008-10-16 ))))))))))) )))))))))))))))))))) . 2008-10-16 16:16. 2008-10-16 16:17 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ WinZip 2008-10-16 15:56. 2008-10-16 16:23 <DIR> d -------- C: \ rsit 2008-10-16 15:19. 2008-10-16 15:19 <DIR> d -------- C: \ _OTMoveIt 2008-10-16 14:07. 2008-10-16 14:07 <DIR> d -------- C: \ Program Files \ Panda Security 2008-10-16 14:07. 2008-06-19 17:24 28.544 - en ------ C: \ WINDOWS \ system32 \ drivers \ pavboot.sys 2008-10-16 13:20. 2008-10-16 13:20 <DIR> d -------- C: \ VundoFix sikkerhetskopier 2008-10-16 12:26. 2008-10-16 12:26 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-10-16 12:25. 2008-10-16 13:40 <DIR> d -------- C: \ Programfiler \ SUPERAntiSpyware 2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Wise Installation Wizard 2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Documents and Settings \ Eier \ Programdata \ SUPERAntiSpyware.com 2008-10-16 11:08. 2008-10-16 11:08 <DIR> d -------- C: \ WINDOWS \ system32 \ N360_BACKUP 2008-10-16 10:48. 2008-10-16 10:48 <DIR> d ---- c --- C: \ WINDOWS \ system32 \ DRVSTORE 2008-10-16 10:47. 2008-10-16 10:47 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008-10-16 10:24. 2008-10-16 10:24 <DIR> d -------- C: \ Program Files \ Windows Sidebar 2008-10-16 10:24. 2008-10-16 11:44 <DIR> d -------- C: \ Programfiler \ Norton 360 2008-10-16 10:22. 2008-10-16 11:04 123.952 - en ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS 2008-10-16 10:22. 2008-10-16 11:04 60.800 - en ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008-10-16 10:22. 2008-10-16 11:04 10.671 - en ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.CAT 2008-10-16 10:22. 2008-10-16 11:04 805 - en ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.INF 2008-10-16 10:16. 2008-09-08 06:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Srv.sys 2008-10-16 10:15. 2008-08-14 06:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe 2008-10-16 10:15. 2008-08-14 06:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlmp.exe 2008-10-16 10:15. 2008-08-14 05:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlpa.exe 2008-10-16 10:15. 2008-08-14 05:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrpamp.exe 2008-10-16 10:15. 2008-09-15 08:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys 2008-10-16 10:09. 2008-10-16 10:10 <DIR> d -------- C: \ Documents and Settings \ Administrator \. Housecall6.6 2008-10-15 17:42. 2004-08-27 05:54 <DIR> d -------- C: \ Documents and Settings \ Administrator \ WINDOWS 2008-10-15 17:42. 2005-01-28 05:22 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SampleView 2008-10-15 17:42. 2005-01-28 05:26 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ McAfee 2008-10-15 17:42. 2008-10-15 17:42 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes 2008-10-15 17:42. 2008-10-16 10:09 <DIR> d -------- C: \ Documents and Settings \ Administrator 2008-10-15 17:26. 2008-10-15 17:26 <DIR> d -------- C: \ Programfiler \ NoNAV 2008-10-15 16:41. 2008-10-15 17:26 <DIR> d -------- C: \ SymNoNav 2008-10-15 16:22. 2008-10-15 17:27 <DIR> d -------- C: \ WINDOWS \ LMI42.tmp 2008-10-15 15:10. 2008-10-15 15:10 <DIR> d -------- C: \ Programfiler \ Trend Micro 2008-10-11 13:05. 2008-10-11 12:33 102.664 - en ------ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys 2008-10-11 12:33. 2008-10-15 15:21 <DIR> d -------- C: \ Documents and Settings \ Eier \. Housecall6.6 2008-10-11 12:25. 2008-10-11 12:25 <DIR> d -------- C: \ WINDOWS \ søndag 2008-10-11 12:00. 2008-10-11 12:01 <DIR> d -------- C: \ Programfiler \ CCleaner 2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Programfiler \ Malwarebytes' Anti-Malware 2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ Eier \ Programdata \ Malwarebytes 2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-10-11 11:38. 2008-09-10 00:04 38.528 - en ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008-10-11 11:38. 2008-09-10 00:03 17.200 - en ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008-09-23 13:17. 2008-09-23 13:17 133 - en ------ C: \ Documents and Settings \ All Users \ Application Data \ ustore.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-10-16 21:53 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Symantec Shared 2008-10-16 17:49 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Google Updater 2008-10-16 15:08 --------- d ----- w C: \ Documents and Settings \ Eier \ Programdata \ Symantec 2008-10-16 15:04 --------- d ----- w C: \ Programfiler \ Symantec 2008-10-16 15:01 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008-09-24 12:36 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Peach 2008-09-08 10:41 333.824 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys 2008-08-19 10:32 --------- d ----- w C: \ Programfiler \ Microsoft Silverlight 2005-10-20 18:06 76-c ---- w C: \ Documents and Settings \ Eier \ Programdata \ wklnhst.dat 2005-05-27 00:43 0-csha-w C: \ WINDOWS \ SMINST \ HPCD.sys 2008-05-24 13:39 32.768-csha-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Lokale innstillinger \ Logg \ History.IE5 \ MSHist012008052420080 525 \ index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries ikke vises REGEDIT4 [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] 2004-08-04 15:00 105984 - en ------ c: \ windows \ system32 \ digestp.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ shelliconoverlayidentifiers \ OV erlayExcluded] @ = "(4433A54A-1AC8-432F-90FC-85F045CF383C)" [HKEY_CLASSES_ROOT \ CLSID \ (4433A54A-1AC8-432F-90FC-85F045CF383C)] 2008-02-26 04:34 576352 - en ------ C: \ Programfiler \ Fellesfiler \ Symantec Shared \ Backup \ buShell.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ shelliconoverlayidentifiers \ OV erlayPending] @ = "(F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)" [HKEY_CLASSES_ROOT \ CLSID \ (F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)] 2008-02-26 04:34 576352 - en ------ C: \ Programfiler \ Fellesfiler \ Symantec Shared \ Backup \ buShell.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ shelliconoverlayidentifiers \ OV erlayProtected] @ = "(476D0EA3-80F9-48B5-B70B-05E677C9C148)" [HKEY_CLASSES_ROOT \ CLSID \ (476D0EA3-80F9-48B5-B70B-05E677C9C148)] 2008-02-26 04:34 576352 - en ------ C: \ Programfiler \ Fellesfiler \ Symantec Shared \ Backup \ buShell.dll [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-13 15360] "SUPERAntiSpyware" = "C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2008-05-28 1506544] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "QuickTime Task" = "C: \ Programfiler \ QuickTime \ qttask.exe" [2005-01-28 98304] "Adobe Photo Downloader" = "C: \ Programfiler \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe" [2005-06-06 57344] "Adobe Reader Speed Launcher" = "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792] "TkBellExe" = "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe" [2008-04-19 185896] "ccApp" = "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe" [2008-02-18 51048] "osCheck" = "C: \ Programfiler \ Norton 360 \ osCheck.exe" [2008-02-26 988512] C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Startup Enhet Detector 3.lnk - C: \ Programfiler \ Olympus \ DeviceDetector \ DevDtct2.exe [2007-06-27 114688] Google Updater.lnk - C: \ Programfiler \ Google \ Google Updater \ GoogleUpdater.exe [2007-06-04 125624] Microsoft Office.lnk - C: \ Programfiler \ Microsoft Office \ Office \ OSA9.EXE [2000-01-21 65588] WinZip Quick Pick.lnk - C: \ Programfiler \ WinZip \ WZQKPICK.EXE [2008-09-11 525664] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Programfiler \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2007-04-19 13:41 294912 C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz] 2004-08-04 15:00 105984 C: \ WINDOWS \ system32 \ digestp.dll [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ BigFix.lnk] path = C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Startup BigFix.lnk backup = C: \ WINDOWS \ PSS \ BigFix.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Oppstart \ Microsoft Office.lnk backup = C: \ WINDOWS \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ATIPTA] - a - c --- 2004-11-12 01:10 344064 C: \ Programfiler \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ccApp] - en ------ 2008-02-18 15:37 51048 C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Ctfmon.exe] - en ------ 2008-04-13 20:12 15360 C: \ WINDOWS \ system32 \ Ctfmon.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ InCD] - en ------ 2003-09-01 09:32 1200178 C: \ Programfiler \ Ahead \ InCD \ InCD.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroCheck] - en ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroFilterCheck] - en ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Recguard] - a - c --- 2002-09-13 16:42 212992 C: \ WINDOWS \ SMINST \ Recguard.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl] - a - c --- 2003-10-31 23:42 32768 C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunKistEM] - a - c --- 2004-11-15 19:04 135168 C: \ Programfiler \ Digital Media Reader \ shwiconEM.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ UpdateManager] - a - c --- 2003-08-19 01:01 110592 C: \ Programfiler \ Fellesfiler \ Sonic \ Update Manager \ sgtray.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CHotkey] - a - c --- 2004-05-17 22:30 543232 C: \ WINDOWS \ zHotkey.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ShowWnd] - a - c --- 2003-09-19 13:09 36864 C: \ WINDOWS \ ShowWnd.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SoundMan] - a - c --- 2004-11-15 23:20 77824 C: \ WINDOWS \ SOUNDMAN.EXE [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = R0 pavboot; pavboot; C: \ WINDOWS \ system32 \ drivers \ pavboo t.sys [2008-06-19 28544] R0 shsizubv; shsizubv; C: \ WINDOWS \ system32 \ drivers \ shsi zubv.sys [2004-08-04 23424] S3 COH_Mon; COH_Mon; C: \ WINDOWS \ system32 \ drivers \ COH_Mo n.sys [2008-07-30 23888] S3 VNUSB; VN Serie Enhet; C: \ WINDOWS \ system32 \ drivers \ VNUSB.sys [2003-12-15 38448] HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs qfbydciq [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)] \ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe Shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-b301-806d6172696f)] \ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe Shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480 * Newly Created Service * - COMHOST * Newly Created Service * - PROCEXP90 . Innholdet i "Scheduled Tasks"-mappen 2008-10-12 C: \ WINDOWS \ Tasks \ Automatisk Full Backup.job - C: \ Programfiler \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10] 2008-10-15 C: \ WINDOWS \ Tasks \ Daglig Changed Files.job - C: \ Programfiler \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10] 2008-10-11 C: \ WINDOWS \ Tasks \ PEACTREE UKENTLIG TILBAKE UP.job - C: \ Programfiler \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10] . - - - - Orphans fjernet - - - -- Toolbar-ID - (no file) . ------- Tilleggsavtale Scan ------- . R0 -: HKCU-Main, Start Page = hxxp: / / www.emachines.com/ R0 -: HKCU-Main, SearchMigratedDefaultURL = hxxp: / / www.google.com/search?q = (searchTerms) & sourceid = ie7 & rls = com.micros ofte: en-US & ie = utf8 & oe = utf8 R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s O8 -: E & ksporter til Microsoft Excel - C: \ progra ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000 . ************************************************** ************************ CatchMe 0.3.1361 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-16 17:54:24 Windows 5.1.2600 Service Pack 3 NTFS skanning skjulte prosesser ... scanning hidden autostart entries ... skanning skjulte filer ... skanning er fullført skjulte filer: 0 ************************************************** ************************ . Fullføringstidspunkt: 2008-10-16 17:56:31 ComboFix-karantene-files.txt 2008-10-16 21:56:27 Pre-Run: 142914838528 bytes gratis Post-Run: 142911078400 bytes gratis WindowsXP-KB310994-SP2-Home-bootdisk-ENU.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S [operating systems] C: \ Cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro myk Windows XP Home Edition" / noexecute = OptIn / fastdetect 208 --- EOF --- 2008-10-16 15:20:49 |
