Gå til innhold

NorwegianAssassin

Medlemmer
 Vis profil  Se deres aktivitet

  • Innlegg

    11

  • Ble med

  • Besøkte siden sist

 Innholdstype 

Innlegg skrevet av NorwegianAssassin

    MSN Virus Problemer

    i Maskinen fungerer ikke

    Skrevet

    Vel, har sendt ut en melding til VG, siden hvis du leser VG så er det en artikkel om akkurat det problemet, dette er meldingen jeg skrev til reporteren(løsning) :

     

    Hei, jeg hadde dette viruset for noen dager siden, og jeg fant en måte å fjerne dette på:

     

    Først tar du og laster ned Combofix.exe fra denne linken: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

     

    Legg Combofix.exe på skrivebordet, nå kjører du combofix. Combofix lager nå en logg, Du må ikke klikke på vinduet mens programmet kjører. Hvis du nå ser på loggen og finner noe mistenkelig som:

     

    C:\WINDOWS\ntmngr.exe

    C:\WINDOWS\lssas.exe

    C:\445930.exe

    C:\WINDOWS\images.zip

     

    De kan også bli sett som dette i Hijackthis:

     

    O4 - HKLM\..\Run: [MSN] lssas.exe

    O4 - HKLM\..\Run: [MSN] ntmngr.exe

     

    Hvis du fant noe som ser ut som det, så gjør du dette: trykk START nede i høyre hjørnet, trykk på KJØR og skriv inn: Combofix /u

     

    Dette vil fjerne alle virus som combofix har funnet, og det vil også fjerne Combofix.exe

     

    Det finnes også andre anbefalte programmer som: Hijackthis of MSNfix.

     

    Veiledning MSNFix

    Last ned http://sosvirus.changelog.fr/MSNFix.zip, og pakk det ut på skrivebordet.

    Kjør filen 'MSNFix.bat'. Følg veiledningen

     

    Veiledning Hijackthis:

    Hijackthis kan på en enkel måte fjerne registeroppføringene knyttet til denne infeksjonen.

     

    Last ned http://www.trendsecure.com/portal/en-US/to...ckthis/download Legg det i en egen mappe på skrivebordet.

    Start programmet, velg "Do a system scan only".

    Sett er merke framfor følgende linjer, om de er tilstede, og klikk Fix checked:

     

    O4 - HKLM\..\Run: [MSN] lssas.exe

    O4 - HKLM\..\Run: [MSN] ntmngr.exe

     

    Det er lite sannsynlig at begge er tilstede samtidig.

     

    Oppdater ditt antivirusprogram og kjør en full scan.

     

    Kilde: https://www.diskusjon.no/index.php?showtopic=894817

     

     

    Dette synes jeg dere enten burde legge ut i VG, eller informere Microsoft om dette.

     

    Fredrik!

     

     

    All æren går til Norbat, går rundt å hjelper mange nettstedet med dette Norbat! Takker :)

     

    Jeg vil også anbefale dette virusprogrammet: Avast 4: Home Edition

    Ntmngr.exe combofix rapport log!

    i IKT-drift og sikkerhet

    Skrevet

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 14:57:48, on 12.01.2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

    C:\Programfiler\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\system32\PnkBstrA.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Programfiler\LOS tilkobling\WrOS.EXE

    C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

    C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

    C:\WINDOWS\vsnpstd.exe

    C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

    C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Programfiler\Analog Devices\Core\smax4pnp.exe

    C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

    C:\Programfiler\LogMeIn\x86\LogMeIn.exe

    C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe

    C:\Programfiler\LogMeIn\x86\RaMaint.exe

    C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe

    C:\WINDOWS\explorer.exe

    C:\Programfiler\firefox.exe

    C:\Documents and Settings\Fredrik\Skrivebord\Systemscan\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by132w.bay132.mail.live.com/mail/ma...=d2609&mf=0

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response.asp?MT...;prov=&utf8

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

    O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Spill\BitComet\tools\BitCometBHO_1.1.7.4.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe"

    O4 - HKLM\..\Run: [DU Meter] C:\Programfiler\DU Meter\DUMeter.exe

    O4 - HKLM\..\Run: [a-winpoet-service] "C:\Programfiler\LOS tilkobling\winpppoverethernet.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [steam] D:\Spill\\Steam.exe -silent

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [Veoh] "C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Spill\BitComet\BitComet.exe/AddLink.htm

    O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Spill\BitComet\BitComet.exe/AddVideo.htm

    O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Spill\BitComet\BitComet.exe/AddAllLink.htm

    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Spill\BitComet\tools\BitCometBHO_1.1.7.4.dll

    O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

    O16 - DPF: {11FAB11B-4792-4B59-85DF-23C6688B07B3} (XTSAC Control) - https://luniboy69.dyndns.org/XTSAC.cab

    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab

    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160082057546

    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183136944156

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab

    O16 - DPF: {DD5E6739-FDD6-4542-8940-4A4B8AB5276E} (NGVPLaunch Class) - https://luniboy69.dyndns.org/NGVPNTunnel.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe

    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Programfiler\LOS tilkobling\WrOS.EXE

     

    --

    End of file - 10602 bytes

    Ntmngr.exe combofix rapport log!

    i IKT-drift og sikkerhet

    Skrevet · Endret av NorwegianAssassin

    Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

    Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

    File::

    C:\WINDOWS\ntmngr.exe

     

    Den der skjønte jeg ikke helt

     

    jeg slettet den fila .......

    Ntmngr.exe combofix rapport log!

    i IKT-drift og sikkerhet

    Skrevet

    ComboFix 08-01-11.3 - Fredrik 2008-01-12 13:53:29.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.578 [GMT 1:00]

    Running from: C:\Documents and Settings\Fredrik\Lokale innstillinger\Temporary Internet Files\Content.IE5\58MRFZQ6\ComboFix[1].exe

    * Created a new restore point

    .

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    C:\WINDOWS\images.zip

     

    .

    ((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

    .

     

    2008-01-12 13:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

    2008-01-12 13:16 . 2008-01-12 13:16 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe

    2008-01-11 20:14 . 2008-01-11 20:14 274,432 --------- C:\WINDOWS\Setup1.exe

    2008-01-11 20:14 . 2008-01-11 20:14 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

    2008-01-11 14:50 . 2008-01-11 14:50 0 --ah----- C:\WINDOWS\SwSys2.bmp

    2008-01-11 14:50 . 2008-01-11 14:50 0 --ah----- C:\WINDOWS\SwSys1.bmp

    2008-01-04 19:24 . 2008-01-11 21:08 23 --a------ C:\WINDOWS\popcinfot.dat

    2008-01-01 15:15 . 2008-01-01 15:15 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\PC Suite

    2007-12-30 18:51 . 2007-12-30 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Suite

    2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite

    2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia

    2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\DIFX

    2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Documents and Settings\Rikke\Programdata\Nokia

    2007-12-30 18:49 . 2007-12-30 18:49 <DIR> d-------- C:\Programfiler\PC Connectivity Solution

    2007-12-30 18:49 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\Nokia

    2007-12-30 18:49 . 2007-12-30 18:49 <DIR> d-------- C:\Documents and Settings\Rikke\Programdata\PC Suite

    2007-12-30 18:49 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

    2007-12-30 18:47 . 2007-12-30 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Installations

    2007-12-30 16:50 . 2008-01-11 15:06 <DIR> d-------- C:\Documents and Settings\Fredrik\.gimp-2.4

    2007-12-27 12:12 . 2007-12-27 12:12 <DIR> d-------- C:\Programfiler\GIMP-2.0

    2007-12-26 15:46 . 2007-12-26 15:46 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

    2007-12-26 14:04 . 2007-12-26 14:04 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\Leadertech

    2007-12-22 15:30 . 2007-12-22 15:30 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\Sony

    2007-12-22 15:30 . 2007-12-22 15:30 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\Publish Providers

    2007-12-22 15:27 . 2007-12-22 15:27 <DIR> d-------- C:\Programfiler\Vstplugins

    2007-12-22 15:27 . 2007-12-22 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sony

    2007-12-22 15:26 . 2007-12-22 15:26 <DIR> d-------- C:\Programfiler\Sony Setup

    2007-12-20 12:03 . 2007-12-20 12:03 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

    2007-12-20 12:03 . 2007-12-20 12:03 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-01-12 12:18 --------- d-----w C:\Programfiler\LOS tilkobling

    2008-01-12 09:37 --------- d-----w C:\Programfiler\LogMeIn

    2008-01-11 14:05 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\gtk-2.0

    2008-01-10 18:23 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

    2008-01-08 15:30 --------- d-----w C:\Documents and Settings\Øyvind\Programdata\Xfire

    2007-12-27 11:29 --------- d--h--w C:\Programfiler\InstallShield Installation Information

    2007-12-26 15:09 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

    2007-12-26 13:01 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\AdobeUM

    2007-12-21 19:33 --------- d-s---w C:\Programfiler\Xfire

    2007-12-20 08:52 --------- d-----w C:\Programfiler\THQ

    2007-12-15 12:54 --------- d-----w C:\Programfiler\World of Warcraft

    2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

    2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

    2007-12-08 20:43 --------- d-----w C:\Documents and Settings\Anita.FIGO\Programdata\Talkback

    2007-12-05 19:20 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

    2007-11-28 18:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\Media Center Programs

    2007-11-28 17:43 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\InstallShield

    2007-11-24 17:58 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

    2007-11-24 17:58 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

    2007-11-22 19:51 --------- d-----w C:\Programfiler\Fellesfiler\Real

    2007-11-22 19:38 --------- d-----w C:\Programfiler\Real

    2007-11-22 17:16 --------- d-----w C:\Programfiler\Java

    2007-11-22 15:52 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll

    2007-11-22 15:52 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll

    2007-11-22 15:52 23,736 ----a-w C:\WINDOWS\system32\LMImirr.dll

    2007-11-22 15:52 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll

    2007-11-22 15:52 10,040 ----a-w C:\WINDOWS\system32\LMImirr2.dll

    2007-11-18 18:42 --------- d-----w C:\Documents and Settings\Øyvind\Programdata\Ventrilo

    2007-11-18 13:13 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\Earthsim

    2007-11-16 09:05 --------- d-----w C:\Programfiler\Ventrilo

    2007-11-15 09:15 22,328 ----a-w C:\Documents and Settings\Fredrik\Programdata\PnkBstrK.sys

    2007-11-15 09:14 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe

    2007-11-15 09:14 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

    2007-11-13 16:56 --------- d-----w C:\Programfiler\Electronic Arts

    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

    2007-11-13 09:54 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll

    2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

    2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

    2007-04-11 17:58 6,108 ----a-w C:\Programfiler\gp.info

    2007-04-03 19:35 15,314 ----a-w C:\Programfiler\bf2142Patch.log

    2006-12-27 10:01 2,328,144 ----a-w C:\Programfiler\xfire_installer_23928.exe

    2004-07-22 08:51 3,432,656 ----a-w C:\Programfiler\ManagedDX.CAB

    2004-07-19 20:58 1,156,363 ----a-w C:\Programfiler\BDANT.cab

    2004-07-19 20:53 976,020 ----a-w C:\Programfiler\BDAXP.cab

    2004-07-09 12:17 13,265,040 ----a-w C:\Programfiler\dxnt.cab

    2004-07-09 07:13 703,080 ----a-w C:\Programfiler\BDA.cab

    2004-07-09 07:13 15,493,481 ----a-w C:\Programfiler\DirectX.cab

    2004-07-09 02:08 472,576 ----a-w C:\Programfiler\dxsetup.exe

    2004-07-09 02:08 2,242,560 ----a-w C:\Programfiler\dsetup32.dll

    2004-07-09 01:03 62,976 ----a-w C:\Programfiler\DSETUP.dll

    .

     

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

    "Steam"="D:\Spill\\Steam.exe" [2007-12-15 13:58 1266936]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-08 10:06 94208]

    "msnmsgr"="~C:\Programfiler\MSN Messenger\msnmsgr.exe" [ ]

    "Veoh"="C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe" [ ]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NWEReboot"="" []

    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

    "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-06 21:26 282624]

    "LogMeIn GUI"="C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 13:03 63048]

    "DU Meter"="C:\Programfiler\DU Meter\DUMeter.exe" [2005-02-01 18:28 1469952]

    "a-winpoet-service"="C:\Programfiler\LOS tilkobling\winpppoverethernet.exe" [2004-08-12 18:44 405504]

    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 05:42 176128]

    "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]

    "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]

    "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

    "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-14 15:50 73840]

    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]

    "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]

    "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2004-10-14 13:42 1404928]

    "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]

    "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

     

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

    "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

     

    C:\Documents and Settings\yvind\Start-meny\Programmer\Oppstart\

    Xfire.lnk - C:\Programfiler\Xfire\xfire.exe [2007-12-05 03:25:52]

     

    C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

    HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

    LMIinit.dll 2007-11-22 16:52 87352 C:\WINDOWS\system32\LMIinit.dll

     

    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys [2007-04-17 13:00]

    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]

    R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2003-05-22 16:00]

    R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2003-04-04 15:07]

    R3 WrKPoET2000;WrKPoET2000;C:\Programfiler\LOS tilkobling\WrKPoET2000.sys [2003-05-22 16:00]

    R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 17:42]

    S3 8n00ba6f;8n00ba6f;C:\DOCUME~1\Fredrik\LOKALE~1\Temp\n4WMu29 []

    S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\YVIND~1\LOKALE~1\Temp\DMSKSSRh.sys []

    S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys []

    S3 XDva026;XDva026;C:\WINDOWS\system32\XDva026.sys []

    S3 XDva028;XDva028;C:\WINDOWS\system32\XDva028.sys []

    S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2007-08-02 12:46]

    S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2007-08-02 12:46]

    S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2007-08-02 12:46]

    S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2007-08-02 12:46]

    S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2007-08-02 12:46]

     

    *Newly Created Service* - PROCEXP90

    .

    Contents of the 'Scheduled Tasks' folder

    "2007-10-09 08:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

    .

    **************************************************************************

     

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-01-12 13:56:59

    Windows 5.1.2600 Service Pack 2 NTFS

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

    scan completed successfully

    hidden files: 0

     

    **************************************************************************

    .

    Completion time: 2008-01-12 13:57:28

    ComboFix-quarantined-files.txt 2008-01-12 12:57:26

    .

    2008-01-09 11:02:36 --- E O F ---

     

     

    Fant også en liten Quarantine log:

     

    2008-01-12 13:16 36986 --a------ C:\Qoobox\Quarantine\C\WINDOWS\images.zip.vir

    Msn virus fra "photobucket"-link

    i IKT-drift og sikkerhet

    Skrevet

    Har fått et virus fra en youtube fil, jeg sletta den ntmngr.exe fila.

     

    Jeg tror det er bra men hver gang jeg starter opp maskinen så kommer vil du kjøre ntmngr.exe filen?

     

    hva skal jeg gjøre? er 11 år og er på gråten her (drit redd) :(

     

    Edit:

     

    Kjører avast på grundig skanning nå!

     

    Ikke noe å begynne å gråte for. I første omgang kan du kjøre en scan med Combofix. Den lager en logg som du poster. Du kan godt opprette en egen tråd (klikk Nytt emne-knappen) der du legger loggen.

     

    Hent Combofix, og legg det på skrivebordet

     

    Kjør combofix.exe, og følg veiledningen.

    Du må ikke klikke på vinduet mens programmet kjører.

     

    Post loggfilen fra combofix (c:\combofix.txt)

     

    har gjort det, vær så snill se på den

    Ntmngr.exe combofix rapport log!

    i IKT-drift og sikkerhet

    Skrevet

    ComboFix 08-01-11.3 - Fredrik 2008-01-12 13:53:29.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.578 [GMT 1:00]

    Running from: C:\Documents and Settings\Fredrik\Lokale innstillinger\Temporary Internet Files\Content.IE5\58MRFZQ6\ComboFix[1].exe

    * Created a new restore point

    .

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    C:\WINDOWS\images.zip

     

    .

    ((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

    .

     

    2008-01-12 13:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

    2008-01-12 13:16 . 2008-01-12 13:16 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe

    2008-01-11 20:14 . 2008-01-11 20:14 274,432 --------- C:\WINDOWS\Setup1.exe

    2008-01-11 20:14 . 2008-01-11 20:14 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

    2008-01-11 14:50 . 2008-01-11 14:50 0 --ah----- C:\WINDOWS\SwSys2.bmp

    2008-01-11 14:50 . 2008-01-11 14:50 0 --ah----- C:\WINDOWS\SwSys1.bmp

    2008-01-04 19:24 . 2008-01-11 21:08 23 --a------ C:\WINDOWS\popcinfot.dat

    2008-01-01 15:15 . 2008-01-01 15:15 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\PC Suite

    2007-12-30 18:51 . 2007-12-30 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Suite

    2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite

    2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia

    2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\DIFX

    2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Documents and Settings\Rikke\Programdata\Nokia

    2007-12-30 18:49 . 2007-12-30 18:49 <DIR> d-------- C:\Programfiler\PC Connectivity Solution

    2007-12-30 18:49 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\Nokia

    2007-12-30 18:49 . 2007-12-30 18:49 <DIR> d-------- C:\Documents and Settings\Rikke\Programdata\PC Suite

    2007-12-30 18:49 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

    2007-12-30 18:47 . 2007-12-30 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Installations

    2007-12-30 16:50 . 2008-01-11 15:06 <DIR> d-------- C:\Documents and Settings\Fredrik\.gimp-2.4

    2007-12-27 12:12 . 2007-12-27 12:12 <DIR> d-------- C:\Programfiler\GIMP-2.0

    2007-12-26 15:46 . 2007-12-26 15:46 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

    2007-12-26 14:04 . 2007-12-26 14:04 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\Leadertech

    2007-12-22 15:30 . 2007-12-22 15:30 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\Sony

    2007-12-22 15:30 . 2007-12-22 15:30 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\Publish Providers

    2007-12-22 15:27 . 2007-12-22 15:27 <DIR> d-------- C:\Programfiler\Vstplugins

    2007-12-22 15:27 . 2007-12-22 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sony

    2007-12-22 15:26 . 2007-12-22 15:26 <DIR> d-------- C:\Programfiler\Sony Setup

    2007-12-20 12:03 . 2007-12-20 12:03 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

    2007-12-20 12:03 . 2007-12-20 12:03 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-01-12 12:18 --------- d-----w C:\Programfiler\LOS tilkobling

    2008-01-12 09:37 --------- d-----w C:\Programfiler\LogMeIn

    2008-01-11 14:05 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\gtk-2.0

    2008-01-10 18:23 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

    2008-01-08 15:30 --------- d-----w C:\Documents and Settings\Øyvind\Programdata\Xfire

    2007-12-27 11:29 --------- d--h--w C:\Programfiler\InstallShield Installation Information

    2007-12-26 15:09 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

    2007-12-26 13:01 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\AdobeUM

    2007-12-21 19:33 --------- d-s---w C:\Programfiler\Xfire

    2007-12-20 08:52 --------- d-----w C:\Programfiler\THQ

    2007-12-15 12:54 --------- d-----w C:\Programfiler\World of Warcraft

    2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

    2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

    2007-12-08 20:43 --------- d-----w C:\Documents and Settings\Anita.FIGO\Programdata\Talkback

    2007-12-05 19:20 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

    2007-11-28 18:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\Media Center Programs

    2007-11-28 17:43 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\InstallShield

    2007-11-24 17:58 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

    2007-11-24 17:58 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

    2007-11-22 19:51 --------- d-----w C:\Programfiler\Fellesfiler\Real

    2007-11-22 19:38 --------- d-----w C:\Programfiler\Real

    2007-11-22 17:16 --------- d-----w C:\Programfiler\Java

    2007-11-22 15:52 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll

    2007-11-22 15:52 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll

    2007-11-22 15:52 23,736 ----a-w C:\WINDOWS\system32\LMImirr.dll

    2007-11-22 15:52 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll

    2007-11-22 15:52 10,040 ----a-w C:\WINDOWS\system32\LMImirr2.dll

    2007-11-18 18:42 --------- d-----w C:\Documents and Settings\Øyvind\Programdata\Ventrilo

    2007-11-18 13:13 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\Earthsim

    2007-11-16 09:05 --------- d-----w C:\Programfiler\Ventrilo

    2007-11-15 09:15 22,328 ----a-w C:\Documents and Settings\Fredrik\Programdata\PnkBstrK.sys

    2007-11-15 09:14 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe

    2007-11-15 09:14 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

    2007-11-13 16:56 --------- d-----w C:\Programfiler\Electronic Arts

    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

    2007-11-13 09:54 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll

    2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

    2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

    2007-04-11 17:58 6,108 ----a-w C:\Programfiler\gp.info

    2007-04-03 19:35 15,314 ----a-w C:\Programfiler\bf2142Patch.log

    2006-12-27 10:01 2,328,144 ----a-w C:\Programfiler\xfire_installer_23928.exe

    2004-07-22 08:51 3,432,656 ----a-w C:\Programfiler\ManagedDX.CAB

    2004-07-19 20:58 1,156,363 ----a-w C:\Programfiler\BDANT.cab

    2004-07-19 20:53 976,020 ----a-w C:\Programfiler\BDAXP.cab

    2004-07-09 12:17 13,265,040 ----a-w C:\Programfiler\dxnt.cab

    2004-07-09 07:13 703,080 ----a-w C:\Programfiler\BDA.cab

    2004-07-09 07:13 15,493,481 ----a-w C:\Programfiler\DirectX.cab

    2004-07-09 02:08 472,576 ----a-w C:\Programfiler\dxsetup.exe

    2004-07-09 02:08 2,242,560 ----a-w C:\Programfiler\dsetup32.dll

    2004-07-09 01:03 62,976 ----a-w C:\Programfiler\DSETUP.dll

    .

     

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

    "Steam"="D:\Spill\\Steam.exe" [2007-12-15 13:58 1266936]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-08 10:06 94208]

    "msnmsgr"="~C:\Programfiler\MSN Messenger\msnmsgr.exe" [ ]

    "Veoh"="C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe" [ ]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NWEReboot"="" []

    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

    "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-06 21:26 282624]

    "LogMeIn GUI"="C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 13:03 63048]

    "DU Meter"="C:\Programfiler\DU Meter\DUMeter.exe" [2005-02-01 18:28 1469952]

    "a-winpoet-service"="C:\Programfiler\LOS tilkobling\winpppoverethernet.exe" [2004-08-12 18:44 405504]

    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 05:42 176128]

    "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]

    "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]

    "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

    "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-14 15:50 73840]

    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]

    "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]

    "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2004-10-14 13:42 1404928]

    "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]

    "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

     

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

    "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

     

    C:\Documents and Settings\yvind\Start-meny\Programmer\Oppstart\

    Xfire.lnk - C:\Programfiler\Xfire\xfire.exe [2007-12-05 03:25:52]

     

    C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

    HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

    LMIinit.dll 2007-11-22 16:52 87352 C:\WINDOWS\system32\LMIinit.dll

     

    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys [2007-04-17 13:00]

    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]

    R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2003-05-22 16:00]

    R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2003-04-04 15:07]

    R3 WrKPoET2000;WrKPoET2000;C:\Programfiler\LOS tilkobling\WrKPoET2000.sys [2003-05-22 16:00]

    R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 17:42]

    S3 8n00ba6f;8n00ba6f;C:\DOCUME~1\Fredrik\LOKALE~1\Temp\n4WMu29 []

    S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\YVIND~1\LOKALE~1\Temp\DMSKSSRh.sys []

    S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys []

    S3 XDva026;XDva026;C:\WINDOWS\system32\XDva026.sys []

    S3 XDva028;XDva028;C:\WINDOWS\system32\XDva028.sys []

    S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2007-08-02 12:46]

    S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2007-08-02 12:46]

    S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2007-08-02 12:46]

    S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2007-08-02 12:46]

    S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2007-08-02 12:46]

     

    *Newly Created Service* - PROCEXP90

    .

    Contents of the 'Scheduled Tasks' folder

    "2007-10-09 08:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

    .

    **************************************************************************

     

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-01-12 13:56:59

    Windows 5.1.2600 Service Pack 2 NTFS

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

    scan completed successfully

    hidden files: 0

     

    **************************************************************************

    .

    Completion time: 2008-01-12 13:57:28

    ComboFix-quarantined-files.txt 2008-01-12 12:57:26

    .

    2008-01-09 11:02:36 --- E O F ---

    Msn virus fra "photobucket"-link

    i IKT-drift og sikkerhet

    Skrevet · Endret av NorwegianAssassin

    Har fått et virus fra en youtube fil, jeg sletta den ntmngr.exe fila.

     

    Jeg tror det er bra men hver gang jeg starter opp maskinen så kommer vil du kjøre ntmngr.exe filen?

     

    hva skal jeg gjøre? er 11 år og er på gråten her (drit redd) :(

     

    Edit:

     

    Kjører avast på grundig skanning nå!

    Css clan -|Twi|- (ikke norsk og ny) Vil ha Members!

    i Lag/guilddiskusjon og rekruttering

    Skrevet · Endret av NorwegianAssassin

    cooltext75194302.jpg

     

    Hei, jeg er lederen av The Walking Immortals, også kalt -|Twi|-, Jeg startet denne clanen i går og har lyst på kamp villige members!

     

    Denne klanen er for alle aldere, du trenger ikke å være pro!

    Jeg lagde denne fordi jeg synes det hadde vært gøy om det fantes en klan eller flere som har lyst på klan mot klan og sånt!

     

    Hadde gjerne tenkt meg noen video editere/bilde editere til denne klanen!

     

    For de som syntes dette høres bra ut kan gå til: http://twi.aowc.net/ Og regitrere seg!

     

    Mitt steam friends id er: DeadlyAssassin

     

    Cya out there!

×
×
  • Opprett ny...